cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1145168 - /cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/
Date Mon, 11 Jul 2011 13:28:25 GMT
Author: sergeyb
Date: Mon Jul 11 13:28:24 2011
New Revision: 1145168

URL: http://svn.apache.org/viewvc?rev=1145168&view=rev
Log:
[CXF-3588] Some initial refactoring to do with generalizing deflate/inflate handling and the
way saml tokens can be created/validated

Added:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
      - copied, changed from r1144894, cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
      - copied, changed from r1144965, cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
  (with props)
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
  (with props)
Removed:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java
Modified:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java

Copied: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
(from r1144894, cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java?p2=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java&p1=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java&r1=1144894&r2=1145168&rev=1145168&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
Mon Jul 11 13:28:24 2011
@@ -19,33 +19,24 @@
 
 package org.apache.cxf.systest.jaxrs.security.saml;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.URL;
 import java.security.cert.Certificate;
-import java.util.List;
 import java.util.Properties;
 import java.util.logging.Logger;
-import java.util.zip.DataFormatException;
-import java.util.zip.Inflater;
 
 import javax.security.auth.callback.CallbackHandler;
 import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 
 import org.w3c.dom.Document;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
-import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.resource.ResourceManager;
@@ -62,14 +53,10 @@ import org.apache.ws.security.validate.C
 import org.apache.ws.security.validate.SamlAssertionValidator;
 import org.apache.ws.security.validate.Validator;
 
-public class SamlInRequestHandler implements RequestHandler {
+public abstract class AbstractSamlInHandler implements RequestHandler {
 
     private static final Logger LOG = 
-        LogUtils.getL7dLogger(SamlInRequestHandler.class);
-    private static final String SAML_AUTH = "SAML";
-    
-    @Context
-    private HttpHeaders headers;
+        LogUtils.getL7dLogger(AbstractSamlInHandler.class);
     
     private Validator samlValidator = new SamlAssertionValidator();
     
@@ -77,32 +64,11 @@ public class SamlInRequestHandler implem
         samlValidator = validator;
     }
     
-    public Response handleRequest(Message message, ClassResourceInfo resourceClass) {
-        
-        List<String> values = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
-        if (values == null || values.size() != 1 || !values.get(0).startsWith(SAML_AUTH))
{
-            throwFault("Authorization header must be available and use SAML profile", null);
   
-        }
-        
-        String[] parts = values.get(0).split(" ");
-        if (parts.length != 2) {
-            throwFault("Authorization header is malformed", null);
-        }
+    public void validateToken(Message message, InputStream tokenStream) {
         
         Document doc = null;
         try {
-            byte[] deflatedToken = Base64Utility.decode(parts[1]);
-            Inflater inflater = new Inflater();
-            inflater.setInput(deflatedToken);
-            byte[] input = new byte[4096];
-            int length = inflater.inflate(input);
-            
-            ByteArrayInputStream bis = new ByteArrayInputStream(input, 0, length); 
-            doc = DOMUtils.readXml(new InputStreamReader(bis, "UTF-8"));
-        } catch (Base64Exception ex) {
-            throwFault("Base64 decoding has failed", ex);
-        } catch (DataFormatException ex) {
-            throwFault("Encoded assertion can not be inflated", ex);
+            doc = DOMUtils.readXml(new InputStreamReader(tokenStream, "UTF-8"));
         } catch (Exception ex) {
             throwFault("Assertion can not be read as XML document", ex);
         }
@@ -140,18 +106,16 @@ public class SamlInRequestHandler implem
                 //    return Response.status(401).build();
                 //}
                 if (!checkSenderVouches(assertion, tlsCerts)) {
-                    return Response.status(401).build();
+                    throwFault("Sender vouchers claim fails", null);
                 }
                 
             }
         } catch (Exception ex) {
             throwFault("Assertion can not be validated", ex);
         }
-        
-        return null;
     }
 
-    private void throwFault(String error, Exception ex) {
+    protected void throwFault(String error, Exception ex) {
         // TODO: get bundle resource message once this filter is moved 
         // to rt/rs/security
         LOG.warning(error);
@@ -241,4 +205,5 @@ public class SamlInRequestHandler implem
 //        }
 //        return true;
     }
+    
 }

Copied: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
(from r1144965, cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java?p2=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java&p1=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java&r1=1144965&r2=1145168&rev=1145168&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
Mon Jul 11 13:28:24 2011
@@ -23,21 +23,16 @@ import java.io.InputStream;
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.net.URL;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
-import java.util.zip.Deflater;
 
 import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
@@ -56,16 +51,17 @@ import org.apache.ws.security.components
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.SAMLParms;
 
-public class SamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
+public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message>
{
     private static final Logger LOG = 
-        LogUtils.getL7dLogger(SamlOutInterceptor.class);
+        LogUtils.getL7dLogger(AbstractSamlOutInterceptor.class);
     private static final String CRYPTO_CACHE = "ws-security.crypto.cache";
     
-    public SamlOutInterceptor() {
+    protected AbstractSamlOutInterceptor() {
         super(Phase.PRE_MARSHAL);
     } 
 
-    public void handleMessage(Message message) throws Fault {
+    
+    protected AssertionWrapper createAssertion(Message message) throws Fault {
         SAMLParms samlParms = new SAMLParms();
         samlParms.setCallbackHandler(new SamlCallbackHandler());
         try {
@@ -89,7 +85,7 @@ public class SamlOutInterceptor extends 
                     }
                 }
                 if (StringUtils.isEmpty(user)) {
-                    return;
+                    return assertion;
                 }
         
                 CallbackHandler handler = getCallbackHandler(message);
@@ -100,30 +96,8 @@ public class SamlOutInterceptor extends 
              
                 // TODO configure using a KeyValue here
                 assertion.signAssertion(user, password, crypto, false);
-                
-                String assertionValue = assertion.assertionToString();
-                
-                Deflater compresser = new Deflater();
-                compresser.setInput(assertionValue.getBytes("UTF-8"));
-                compresser.finish();
-                
-                byte[] output = new byte[4096];
-                int compressedDataLength = compresser.deflate(output);
-                
-                StringWriter writer = new StringWriter();
-                Base64Utility.encode(output, 0, compressedDataLength, writer);
-                
-                Map<String, List<String>> headers = 
-                    CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
-                if (headers == null) {
-                    headers = new HashMap<String, List<String>>();
-                }
-                
-                StringBuilder builder = new StringBuilder();
-                builder.append("SAML").append(" ").append(writer.toString());
-                headers.put("Authorization", 
-                    CastUtils.cast(Collections.singletonList(builder.toString()), String.class));
             }
+            return assertion;
         } catch (Exception ex) {
             StringWriter sw = new StringWriter();
             ex.printStackTrace(new PrintWriter(sw));

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java?rev=1145168&r1=1145167&r2=1145168&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
Mon Jul 11 13:28:24 2011
@@ -45,7 +45,7 @@ public class BookServerSaml extends Abst
         
         sf.setResourceClasses(BookStore.class);
         
-        sf.setProvider(new SamlInRequestHandler());
+        sf.setProvider(new SamlHeaderInHandler());
         
         sf.setResourceProvider(BookStore.class,
                                new SingletonResourceProvider(new BookStore(), true));

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1145168&r1=1145167&r2=1145168&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Mon Jul 11 13:28:24 2011
@@ -63,7 +63,8 @@ public class JAXRSSamlTest extends Abstr
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
         properties.put("ws-security.self-sign-saml-assertion", "true");
         bean.setProperties(properties);
-        bean.getOutInterceptors().add(new SamlOutInterceptor());
+        bean.getOutInterceptors().add(new SamlHeaderOutInterceptor());
+        
         
         WebClient wc = bean.createWebClient();
         try {

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java?rev=1145168&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
(added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
Mon Jul 11 13:28:24 2011
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.saml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.SequenceInputStream;
+import java.util.List;
+import java.util.zip.DataFormatException;
+import java.util.zip.Inflater;
+
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.message.Message;
+
+public class SamlHeaderInHandler extends AbstractSamlInHandler {
+
+    private static final String SAML_AUTH = "SAML";
+    
+    @Context
+    private HttpHeaders headers;
+    
+    public Response handleRequest(Message message, ClassResourceInfo resourceClass) {
+        
+        List<String> values = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
+        if (values == null || values.size() != 1 || !values.get(0).startsWith(SAML_AUTH))
{
+            throwFault("Authorization header must be available and use SAML profile", null);
   
+        }
+        
+        String[] parts = values.get(0).split(" ");
+        if (parts.length != 2) {
+            throwFault("Authorization header is malformed", null);
+        }
+        
+        try {
+            validateToken(message, decodeAndInflateToken(parts[1])); 
+        } catch (Base64Exception ex) {
+            throwFault("Base64 decoding has failed", ex);
+        } catch (DataFormatException ex) {
+            throwFault("Encoded assertion can not be inflated", ex);
+        }         
+        return null;
+    }
+
+    
+    private InputStream decodeAndInflateToken(String encodedToken) 
+        throws DataFormatException, Base64Exception {
+        byte[] deflatedToken = Base64Utility.decode(encodedToken);
+        Inflater inflater = new Inflater();
+        inflater.setInput(deflatedToken);
+        
+        byte[] input = new byte[deflatedToken.length * 2];
+        
+        int inflatedLen = 0;
+        int inputLen = 0;
+        byte[] inflatedToken = input;
+        while (!inflater.finished()) {
+            inputLen = inflater.inflate(input);
+            if (!inflater.finished()) {
+                inflatedToken = new byte[input.length + inflatedLen];
+                System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
+                inflatedLen += inputLen;
+            }
+        }
+        InputStream is = new ByteArrayInputStream(input, 0, inputLen);
+        if (inflatedToken != input) {
+            is = new SequenceInputStream(new ByteArrayInputStream(inflatedToken, 0, inflatedLen),
+                                         is);
+        }
+        return is;
+    }
+}

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java?rev=1145168&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
(added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
Mon Jul 11 13:28:24 2011
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.saml;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+import java.util.zip.Deflater;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+
+public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
+    private static final Logger LOG = 
+        LogUtils.getL7dLogger(SamlHeaderOutInterceptor.class);
+    
+    public SamlHeaderOutInterceptor() {
+    } 
+
+    public void handleMessage(Message message) throws Fault {
+        AssertionWrapper assertion = createAssertion(message);
+        try {
+            String encodedToken = deflateAndEncodeToken(assertion.assertionToString());
+            
+            Map<String, List<String>> headers = 
+                CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
+            if (headers == null) {
+                headers = new HashMap<String, List<String>>();
+            }
+            
+            StringBuilder builder = new StringBuilder();
+            builder.append("SAML").append(" ").append(encodedToken);
+            headers.put("Authorization", 
+                CastUtils.cast(Collections.singletonList(builder.toString()), String.class));
+            
+        } catch (Exception ex) {
+            StringWriter sw = new StringWriter();
+            ex.printStackTrace(new PrintWriter(sw));
+            LOG.warning(sw.toString());
+            throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+        }
+        
+    }
+        
+    
+    private String deflateAndEncodeToken(String token) throws Base64Exception {
+        Deflater compresser = new Deflater();
+        byte[] tokenBytes = null;
+        try {
+            tokenBytes = token.getBytes("UTF-8");
+            compresser.setInput(tokenBytes);
+        } catch (UnsupportedEncodingException ex) {
+            // won't happen
+        }
+        compresser.finish();
+        
+        byte[] output = new byte[tokenBytes.length];
+        
+        int compressedDataLength = compresser.deflate(output);
+        
+        StringWriter writer = new StringWriter();
+        Base64Utility.encode(output, 0, compressedDataLength, writer);
+        return writer.toString();
+    }
+    
+}

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message