cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1133038 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Date Tue, 07 Jun 2011 15:06:20 GMT
Author: coheigea
Date: Tue Jun  7 15:06:20 2011
New Revision: 1133038

URL: http://svn.apache.org/viewvc?rev=1133038&view=rev
Log:
Add support for the case of specifying an IssuedToken as a SignedSupportingToken.
 - This is for the use-case of getting a Bearer SAML Assertion from an STS, and signing it
before sending it to the service provider.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1133038&r1=1133037&r2=1133038&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Tue Jun  7 15:06:20 2011
@@ -496,8 +496,7 @@ public abstract class AbstractBindingBui
                     this.encryptedTokensIdList.add(secToken.getId());
                 }
         
-                if (secToken.getX509Certificate() == null) {   
-                    //Add the extracted token
+                if (secToken.getX509Certificate() == null) {  
                     ret.put(token, new WSSecurityTokenHolder(wssConfig, secToken));
                 } else {
                     WSSecSignature sig = new WSSecSignature(wssConfig);                 
  
@@ -627,14 +626,41 @@ public abstract class AbstractBindingBui
                 if (!selfSignAssertion) {
                     AssertionWrapper assertionWrapper = (AssertionWrapper)tempTok;
                     
+                    Document doc = assertionWrapper.getElement().getOwnerDocument();
+                    boolean saml1 = assertionWrapper.getSaml1() != null;
                     // TODO We only support using a KeyIdentifier for the moment
                     SecurityTokenReference secRef = 
-                        createSTRForSamlAssertion(assertionWrapper, false);
+                        createSTRForSamlAssertion(doc, assertionWrapper.getId(), saml1, false);
                     addSupportingElement(secRef.getElement());
                     part = new WSEncryptionPart("STRTransform", null, "Element");
                     part.setId(secRef.getID());
                     part.setElement(secRef.getElement());
                 }
+            } else if (tempTok instanceof WSSecurityTokenHolder) {
+                SecurityToken token = ((WSSecurityTokenHolder)tempTok).getToken();
+                String tokenType = token.getTokenType();
+                if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML_NS.equals(tokenType)
+                    || WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML2_NS.equals(tokenType)) {
+                    Document doc = token.getToken().getOwnerDocument();
+                    boolean saml1 = WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML_NS.equals(tokenType);
+                    String id = null;
+                    if (saml1) {
+                        id = token.getToken().getAttributeNS(null, "AssertionID");
+                    } else {
+                        id = token.getToken().getAttributeNS(null, "ID");
+                    }
+                    SecurityTokenReference secRef = 
+                        createSTRForSamlAssertion(doc, id, saml1, false);
+                    addSupportingElement(cloneElement(secRef.getElement()));
+                    part = new WSEncryptionPart("STRTransform", null, "Element");
+                    part.setId(secRef.getID());
+                    part.setElement(secRef.getElement());
+                } else {
+                    policyNotAsserted(entry.getKey(), "UnsupportedTokenInSupportingToken:
" + tempTok);  
+                }
             } else {
                 policyNotAsserted(entry.getKey(), "UnsupportedTokenInSupportingToken: " +
tempTok);  
             }
@@ -646,44 +672,47 @@ public abstract class AbstractBindingBui
     
     /**
      * Create a SecurityTokenReference to point to a SAML Assertion
-     * @param assertion the SAML AssertionWrapper
+     * @param doc The owner Document instance
+     * @param id The Assertion ID
+     * @param saml1 Whether the Assertion is a SAML1 or SAML2 Assertion
      * @param useDirectReferenceToAssertion whether to refer directly to the assertion or
not
      * @return a SecurityTokenReference to a SAML Assertion
      */
     private SecurityTokenReference createSTRForSamlAssertion(
-        AssertionWrapper assertion,
+        Document doc,
+        String id,
+        boolean saml1,
         boolean useDirectReferenceToAssertion
     ) {
-        Document doc = assertion.getElement().getOwnerDocument();
         SecurityTokenReference secRefSaml = new SecurityTokenReference(doc);
-        String secRefID = wssConfig.getIdAllocator().createSecureId("STRSAMLId-", secRefSaml);
+        String secRefID = wssConfig.getIdAllocator().createSecureId("STR-", secRefSaml);
         secRefSaml.setID(secRefID);
 
         if (useDirectReferenceToAssertion) {
             org.apache.ws.security.message.token.Reference ref = 
                 new org.apache.ws.security.message.token.Reference(doc);
-            ref.setURI("#" + assertion.getId());
-            if (assertion.getSaml1() != null) {
+            ref.setURI("#" + id);
+            if (saml1) {
                 ref.setValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
                 secRefSaml.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
-            } else if (assertion.getSaml2() != null) {
+            } else {
                 secRefSaml.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
             }
             secRefSaml.setReference(ref);
         } else {
             Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
             String valueType = null;
-            if (assertion.getSaml1() != null) {
+            if (saml1) {
                 valueType = WSConstants.WSS_SAML_KI_VALUE_TYPE;
                 secRefSaml.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
-            } else if (assertion.getSaml2() != null) {
+            } else {
                 valueType = WSConstants.WSS_SAML2_KI_VALUE_TYPE;
                 secRefSaml.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
             }
             keyId.setAttributeNS(
                 null, "ValueType", valueType
             );
-            keyId.appendChild(doc.createTextNode(assertion.getId()));
+            keyId.appendChild(doc.createTextNode(id));
             Element elem = secRefSaml.getElement();
             elem.appendChild(keyId);
         }
@@ -1573,7 +1602,7 @@ public abstract class AbstractBindingBui
                                         boolean isSigProtect) {
         
         for (Map.Entry<Token, Object> ent : tokenMap.entrySet()) {
-            WSSecBase tempTok = (WSSecBase)ent.getValue();
+            Object tempTok = ent.getValue();
             
             List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
             WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId);



Mime
View raw message