cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1099071 - in /cxf/trunk/systests/ws-security/src/test: java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java resources/org/apache/cxf/systest/ws/saml/server/server.xml
Date Tue, 03 May 2011 14:23:21 GMT
Author: coheigea
Date: Tue May  3 14:23:20 2011
New Revision: 1099071

URL: http://svn.apache.org/viewvc?rev=1099071&view=rev
Log:
Added a (trivial) example of a SAML Validator to the system tests.

Added:
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
Modified:
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1099071&r1=1099070&r2=1099071&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Tue May  3 14:23:20 2011
@@ -32,6 +32,7 @@ import org.apache.cxf.bus.spring.SpringB
 import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
 import org.apache.cxf.systest.ws.saml.server.Server;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 
 import org.junit.BeforeClass;
 
@@ -132,6 +133,19 @@ public class SamlTokenTest extends Abstr
         );
         BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
         assert result.equals(BigInteger.valueOf(50));
+        
+        try {
+            SamlCallbackHandler callbackHandler = 
+                new SamlCallbackHandler();
+            callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+            ((BindingProvider)saml2Port).getRequestContext().put(
+                "ws-security.saml-callback-handler", callbackHandler
+            );
+            saml2Port.doubleIt(BigInteger.valueOf(25));
+            fail("Expected failure on an invocation with a invalid SAML2 Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            assert ex.getMessage().contains("SAML token security failure");
+        }
     }
     
     /**

Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java?rev=1099071&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
(added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
Tue May  3 14:23:20 2011
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.saml.server;
+
+import java.util.List;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SamlAssertionValidator;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AttributeStatement;
+
+/**
+ * This class does some trivial validation of a received SAML Assertion. It checks that it
is
+ * a SAML 2 Assertion, and checks the issuer name and confirmation method, and that it has
+ * an Attribute Statement. 
+ */
+public class CustomSaml2Validator extends SamlAssertionValidator {
+    
+    @Override
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException
{
+        Credential validatedCredential = super.validate(credential, data);
+        AssertionWrapper assertion = validatedCredential.getAssertion();
+        
+        if (!"sts".equals(assertion.getIssuerString())) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        String confirmationMethod = assertion.getConfirmationMethods().get(0);
+        if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        Assertion saml2Assertion = assertion.getSaml2();
+        if (saml2Assertion == null) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
+        if (attributeStatements == null || attributeStatements.isEmpty()) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        return validatedCredential;
+    }
+
+}

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?rev=1099071&r1=1099070&r2=1099071&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
Tue May  3 14:23:20 2011
@@ -100,6 +100,8 @@
                   value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
            <entry key="ws-security.signature.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.saml2.validator" 
+                  value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
        </jaxws:properties> 
      
     </jaxws:endpoint> 
@@ -122,6 +124,8 @@
            <entry key="ws-security.encryption.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>

            <entry key="ws-security.encryption.username" value="alice"/>
+           <entry key="ws-security.saml2.validator" 
+                  value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
        </jaxws:properties> 
      
     </jaxws:endpoint> 
@@ -158,6 +162,8 @@
                   value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
            <entry key="ws-security.signature.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.saml2.validator" 
+                  value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
        </jaxws:properties> 
      
     </jaxws:endpoint> 



Mime
View raw message