[CXF-8236] add support of signature challenges in the STSClient #651
Conversation
| } else if ("SignChallenge".equals(ln)) { | ||
| el = DOMUtils.getFirstElement(el); | ||
| if ("Challenge".equals(el.getLocalName())) { | ||
| // maybe another implementation of the return object is more useful. | ||
| // We need to transport only two values: | ||
| // challengeValue and a marker for the kind of response (SignChallenge response) | ||
| SecurityToken token = new SecurityToken(DOMUtils.getContent(el)); | ||
| token.setTokenType("SignChallenge"); | ||
| return token; | ||
| } |
There was a problem hiding this comment.
I think we could have a new Challenge class which is referenced in SecurityToken. Challenge could have an enum describing the type, maybe just SIGNATURE for now.
| * @return SecurityToken | ||
| * @throws Exception | ||
| */ | ||
| public SecurityToken requestSecurityTokenResponse(String action, String challengeValue) throws Exception { |
There was a problem hiding this comment.
I think I'd prefer to remove this method altogether. Instead, refactor "issue" so that it can work for both cases. The only difference should be "RequestSecurityTokenResponse" instead of "RequestSecurityToken" for the normal issue case. Maybe the writing out of the Challenge itself could be delegated to the Challenge class itself.
Then in SecurityToken.requestSecurityToken, I think we could handle the SignChallenge case automatically. If the SecurityToken that is returned from the STS contains a SignChallenge then invoke again on the STS with the challenge.
No description provided.