cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1082240 - in /cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j: CustomSamlValidator.java SamlTokenTest.java
Date Wed, 16 Mar 2011 18:09:28 GMT
Author: coheigea
Date: Wed Mar 16 18:09:27 2011
New Revision: 1082240

URL: http://svn.apache.org/viewvc?rev=1082240&view=rev
Log:
Added a custom validator to the SAML unit tests.

Added:
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomSamlValidator.java
Modified:
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomSamlValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomSamlValidator.java?rev=1082240&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomSamlValidator.java
(added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomSamlValidator.java
Wed Mar 16 18:09:27 2011
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SamlAssertionValidator;
+
+/**
+ * A trivial custom Validator for a SAML Assertion. It makes sure that the issuer is 
+ * "www.example.com", checks the version of the assertion, and checks the subject confirmation
+ * method.
+ */
+public class CustomSamlValidator extends SamlAssertionValidator {
+    
+    private boolean requireSAML1Assertion = true;
+    private boolean requireSenderVouches = true;
+    
+    public void setRequireSAML1Assertion(boolean requireSAML1Assertion) {
+        this.requireSAML1Assertion = requireSAML1Assertion;
+    }
+    
+    public void setRequireSenderVouches(boolean requireSenderVouches) {
+        this.requireSenderVouches = requireSenderVouches;
+    }
+    
+    @Override
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException
{
+        Credential returnedCredential = super.validate(credential, data);
+        
+        //
+        // Do some custom validation on the assertion
+        //
+        AssertionWrapper assertion = credential.getAssertion();
+        if (!"www.example.com".equals(assertion.getIssuerString())) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        if (requireSAML1Assertion && assertion.getSaml1() == null) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        } else if (!requireSAML1Assertion && assertion.getSaml2() == null) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+
+        String confirmationMethod = assertion.getConfirmationMethods().get(0);
+        if (confirmationMethod == null) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod))
{
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        } else if (!requireSenderVouches 
+            && !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        return returnedCredential;
+    }
+    
+}
\ No newline at end of file

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java?rev=1082240&r1=1082239&r2=1082240&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
Wed Mar 16 18:09:27 2011
@@ -25,6 +25,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.soap.MessageFactory;
@@ -40,12 +41,14 @@ import org.apache.cxf.binding.soap.SoapM
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils.NullResolver;
 import org.apache.cxf.helpers.XMLUtils;
+import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.ExchangeImpl;
 import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
@@ -77,8 +80,13 @@ public class SamlTokenTest extends Abstr
             "org.apache.cxf.ws.security.wss4j.SAML1CallbackHandler"
         );
         
-        Map<String, String> inProperties = new HashMap<String, String>();
+        Map<String, Object> inProperties = new HashMap<String, Object>();
         inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        final Map<QName, Object> customMap = new HashMap<QName, Object>();
+        CustomSamlValidator validator = new CustomSamlValidator();
+        customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+        customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+        inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
         
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
@@ -108,8 +116,14 @@ public class SamlTokenTest extends Abstr
             "org.apache.cxf.ws.security.wss4j.SAML2CallbackHandler"
         );
         
-        Map<String, String> inProperties = new HashMap<String, String>();
+        Map<String, Object> inProperties = new HashMap<String, Object>();
         inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        final Map<QName, Object> customMap = new HashMap<QName, Object>();
+        CustomSamlValidator validator = new CustomSamlValidator();
+        validator.setRequireSAML1Assertion(false);
+        customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+        customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+        inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
         
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
@@ -142,12 +156,17 @@ public class SamlTokenTest extends Abstr
             WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()
         );
         
-        Map<String, String> inProperties = new HashMap<String, String>();
+        Map<String, Object> inProperties = new HashMap<String, Object>();
         inProperties.put(
             WSHandlerConstants.ACTION, 
             WSHandlerConstants.SAML_TOKEN_UNSIGNED + " " + WSHandlerConstants.SIGNATURE
         );
         inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        final Map<QName, Object> customMap = new HashMap<QName, Object>();
+        CustomSamlValidator validator = new CustomSamlValidator();
+        customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+        customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+        inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
         
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
@@ -184,12 +203,18 @@ public class SamlTokenTest extends Abstr
             WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()
         );
         
-        Map<String, String> inProperties = new HashMap<String, String>();
+        Map<String, Object> inProperties = new HashMap<String, Object>();
         inProperties.put(
             WSHandlerConstants.ACTION, 
             WSHandlerConstants.SAML_TOKEN_UNSIGNED + " " + WSHandlerConstants.SIGNATURE
         );
         inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        final Map<QName, Object> customMap = new HashMap<QName, Object>();
+        CustomSamlValidator validator = new CustomSamlValidator();
+        validator.setRequireSAML1Assertion(false);
+        customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+        customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+        inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
         
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
@@ -230,16 +255,29 @@ public class SamlTokenTest extends Abstr
             WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
         );
         
-        Map<String, String> inProperties = new HashMap<String, String>();
+        Map<String, Object> inProperties = new HashMap<String, Object>();
         inProperties.put(
             WSHandlerConstants.ACTION, 
             WSHandlerConstants.SAML_TOKEN_SIGNED + " " + WSHandlerConstants.SIGNATURE
         );
         inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        final Map<QName, Object> customMap = new HashMap<QName, Object>();
+        CustomSamlValidator validator = new CustomSamlValidator();
+        customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+        customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+        inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
         
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
         xpaths.add("//wsse:Security/saml1:Assertion");
+        
+        try {
+            makeInvocation(outProperties, xpaths, inProperties);
+            fail("Failure expected in SAML Validator");
+        } catch (Fault ex) {
+            // expected
+        }
+        validator.setRequireSenderVouches(false);
 
         List<WSHandlerResult> handlerResults = 
             makeInvocation(outProperties, xpaths, inProperties);
@@ -275,16 +313,37 @@ public class SamlTokenTest extends Abstr
             WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
         );
         
-        Map<String, String> inProperties = new HashMap<String, String>();
+        Map<String, Object> inProperties = new HashMap<String, Object>();
         inProperties.put(
             WSHandlerConstants.ACTION, 
             WSHandlerConstants.SAML_TOKEN_SIGNED + " " + WSHandlerConstants.SIGNATURE
         );
         inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        final Map<QName, Object> customMap = new HashMap<QName, Object>();
+        CustomSamlValidator validator = new CustomSamlValidator();
+        customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+        customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+        inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
         
         List<String> xpaths = new ArrayList<String>();
         xpaths.add("//wsse:Security");
         xpaths.add("//wsse:Security/saml2:Assertion");
+        
+        try {
+            makeInvocation(outProperties, xpaths, inProperties);
+            fail("Failure expected in SAML Validator");
+        } catch (Fault ex) {
+            // expected
+        }
+        validator.setRequireSenderVouches(false);
+        
+        try {
+            makeInvocation(outProperties, xpaths, inProperties);
+            fail("Failure expected in SAML Validator");
+        } catch (Fault ex) {
+            // expected
+        }
+        validator.setRequireSAML1Assertion(false);
 
         List<WSHandlerResult> handlerResults = 
             makeInvocation(outProperties, xpaths, inProperties);
@@ -304,7 +363,7 @@ public class SamlTokenTest extends Abstr
     private List<WSHandlerResult> makeInvocation(
         Map<String, Object> outProperties,
         List<String> xpaths,
-        Map<String, String> inProperties
+        Map<String, Object> inProperties
     ) throws Exception {
         Document doc = readDocument("wsse-request-clean.xml");
 
@@ -348,16 +407,12 @@ public class SamlTokenTest extends Abstr
         db.setEntityResolver(new NullResolver());
         doc = StaxUtils.read(db, reader, false);
 
-        WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
+        WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties);
 
         SoapMessage inmsg = new SoapMessage(new MessageImpl());
         ex.setInMessage(inmsg);
         inmsg.setContent(SOAPMessage.class, saajMsg);
 
-        for (String key : inProperties.keySet()) {
-            inHandler.setProperty(key, inProperties.get(key));
-        }
-
         inHandler.handleMessage(inmsg);
 
         final List<WSHandlerResult> handlerResults = 



Mime
View raw message