cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1080304 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust: Messages.properties STSClient.java STSTokenValidator.java TrustException.java
Date Thu, 10 Mar 2011 18:19:16 GMT
Author: dkulp
Date: Thu Mar 10 18:19:16 2011
New Revision: 1080304

URL: http://svn.apache.org/viewvc?rev=1080304&view=rev
Log:
Change validate method to allow returning security tokens and to throw
an exception if the token is invalid

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
Thu Mar 10 18:19:16 2011
@@ -23,4 +23,4 @@ NO_ID=Could not determine Token ID from 
 NO_ENTROPY=Could not find Entropy in RequestSecurityTokenResponse
 DERIVED_KEY_ERROR=Exception while trying to create secret key from RequestSecurityTokenResponse
 ENCRYPTED_KEY_ERROR=Exception while trying to decrypt key from RequestSecurityTokenResponse
-
+VALIDATION_FAILED=Validation of security token failed: {0}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Thu Mar 10 18:19:16 2011
@@ -28,6 +28,7 @@ import java.security.cert.X509Certificat
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -613,14 +614,21 @@ public class STSClient implements Config
         return new PrimitiveAssertion(new QName(ns, local), true);
     }
     
-    public boolean validateSecurityToken(SecurityToken tok) throws Exception {
+    public List<SecurityToken> validateSecurityToken(SecurityToken tok) throws Exception
{
         return validateSecurityToken(tok,
                                      namespace + "/RSTR/Status");
     }
     
-    private boolean validateSecurityToken(SecurityToken tok, String string) 
+    private List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype)

         throws Exception {
         createClient();
+        
+        if (tokentype == null) {
+            tokentype = tokenType;
+        }
+        if (tokentype == null) {
+            tokentype = namespace + "/RSTR/Status";
+        }
 
         if (addressingNamespace == null) {
             addressingNamespace = "http://www.w3.org/2005/08/addressing";
@@ -654,7 +662,7 @@ public class STSClient implements Config
         writer.writeEndElement();
 
         writer.writeStartElement("wst", "TokenType", namespace);
-        writer.writeCharacters(namespace + "/RSTR/Status");
+        writer.writeCharacters(tokentype);
         writer.writeEndElement();
 
         writer.writeStartElement("wst", "ValidateTarget", namespace);
@@ -674,15 +682,32 @@ public class STSClient implements Config
             throw new Fault("Unexpected element " + el.getLocalName(), LOG);
         }
         el = DOMUtils.getFirstElement(el);
+        String reason = null;
+        boolean valid = false;
+        List<SecurityToken> tokens = new LinkedList<SecurityToken>();
         while (el != null) {
             if ("Status".equals(el.getLocalName())) {
                 Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
                 String s = DOMUtils.getContent(e2);
-                return s.endsWith("/status/valid");
+                valid =  s.endsWith("/status/valid");
+                
+                e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
+                if (e2 != null) {
+                    reason = DOMUtils.getContent(e2);
+                }
+            } else if ("RequestedSecurityToken".equals(el.getLocalName())) {
+                //TODO: get the token out of it.  Need to find an STS that actually
+                //suports this first to test it
             }
             el = DOMUtils.getNextElement(el);
         }
-        return false;
+        if (!valid) {
+            throw new TrustException(LOG, "VALIDATION_FAILED", reason);
+        }
+        if (tokens.isEmpty()) {
+            tokens.add(tok);
+        }
+        return tokens;
     }
 
     public void cancelSecurityToken(SecurityToken token) throws Exception {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
Thu Mar 10 18:19:16 2011
@@ -52,15 +52,14 @@ public class STSTokenValidator implement
             STSClient c = STSUtils.getClient(m);
             synchronized (c) {
                 System.setProperty("noprint", "true");
-                if (c.validateSecurityToken(token)) {
-                    return credential;
-                } 
-                System.clearProperty("noprint");
+                c.validateSecurityToken(token);
+                return credential;
             }
+        } catch (RuntimeException e) {
+            throw e;
         } catch (Exception e) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity",
null, e);
         }
-        throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
     }
 
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
Thu Mar 10 18:19:16 2011
@@ -43,7 +43,13 @@ public class TrustException extends Unch
     public TrustException(Message msg, Throwable t) {
         super(msg, t);
     }
-
+    /**
+     * @param msg
+     * @param t
+     */
+    public TrustException(Logger log, String msg, Object ... params) {
+        super(log, msg, params);
+    }
     /**
      * @param cause
      */



Mime
View raw message