cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1163649 - in /cxf/trunk: rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/ rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/ systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/ syst...
Date Wed, 31 Aug 2011 14:42:09 GMT
Author: sergeyb
Date: Wed Aug 31 14:42:09 2011
New Revision: 1163649

URL: http://svn.apache.org/viewvc?rev=1163649&view=rev
Log:
Some minor updates to the way an enveloped SAML token can be signed

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
Wed Aug 31 14:42:09 2011
@@ -45,7 +45,17 @@ public class SamlEnvelopedOutInterceptor
         super.addAfter(XmlSigOutInterceptor.class.getName());
         
         super.addBefore(XmlEncOutInterceptor.class.getName());
-    } 
+    }
+    
+    public SamlEnvelopedOutInterceptor(boolean signLater) {
+        if (signLater) {
+            super.addAfter(XmlSigOutInterceptor.class.getName());
+        } else {
+            super.addAfter(XmlSigOutInterceptor.class.getName());
+        }
+        
+        super.addBefore(XmlEncOutInterceptor.class.getName());
+    }
 
     
     protected Document processDocument(Message message, Document doc) 

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
Wed Aug 31 14:42:09 2011
@@ -20,6 +20,9 @@ package org.apache.cxf.rs.security.xml;
 
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.UUID;
 import java.util.logging.Logger;
 
@@ -47,23 +50,35 @@ import org.opensaml.xml.signature.Signat
 
 
 public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
+    public static final String ENVELOPED_SIG = "enveloped";
+    public static final String ENVELOPING_SIG = "enveloping";
+    public static final String DETACHED_SIG = "detached";
+    
     public static final String DEFAULT_ENV_PREFIX = "env";
     public static final QName DEFAULT_ENV_QNAME = 
         new QName("http://org.apache.cxf/rs/env", "Envelope", DEFAULT_ENV_PREFIX);
     
     private static final Logger LOG = 
         LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
+    private static final Set<String> SUPPORTED_STYLES = 
+        new HashSet<String>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
     
     private QName envelopeQName;
-    private boolean enveloping;
+    private String sigStyle = ENVELOPED_SIG;
     private String defaultSigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
     private String digestAlgo = Constants.ALGO_ID_DIGEST_SHA1;
     
     public XmlSigOutInterceptor() {
     } 
 
-    public void setEnveloping(boolean env) {
-        this.enveloping = env;
+    public void setStyle(String style) {
+        if (!SUPPORTED_STYLES.contains(style)) {
+            throw new IllegalArgumentException("Unsupported XML Signature style");
+        }
+        if (DETACHED_SIG.equals(style)) {
+            envelopeQName = DEFAULT_ENV_QNAME;
+        }
+        sigStyle = style;    
     }
     
     public void setSignatureAlgorithm(String algo) {
@@ -84,6 +99,7 @@ public class XmlSigOutInterceptor extend
     private Document createSignature(Message message, Document doc) 
         throws Exception {
         
+        boolean enveloping = ENVELOPING_SIG.equals(sigStyle);
         if (enveloping && envelopeQName != null) {
             throw new IllegalStateException("Enveloping XMLSignature can not have custom
envelope names");
         }

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Wed Aug 31 14:42:09 2011
@@ -57,7 +57,7 @@ public class JAXRSSamlTest extends Abstr
     public void testGetBookSAMLTokenAsHeader() throws Exception {
         String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
         
-        WebClient wc = createWebClient(address, new SamlHeaderOutInterceptor(), null);
+        WebClient wc = createWebClient(address, new SamlHeaderOutInterceptor(), null, true);
         
         try {
             Book book = wc.get(Book.class);
@@ -80,7 +80,7 @@ public class JAXRSSamlTest extends Abstr
         FormEncodingProvider formProvider = new FormEncodingProvider();
         formProvider.setExpectedEncoded(true);
         WebClient wc = createWebClient(address, new SamlFormOutInterceptor(),
-                                       formProvider);
+                                       formProvider, true);
         
         wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_XML);
         try {
@@ -100,13 +100,22 @@ public class JAXRSSamlTest extends Abstr
     }
     
     @Test
-    public void testEnvelopedSAMLToken() throws Exception {
+    public void testEnvelopedSelfSignedSAMLToken() throws Exception {
+        doTestEnvelopedSAMLToken(true);
+    }
+    
+    @Test
+    public void testEnvelopedUnsignedSAMLToken() throws Exception {
+        doTestEnvelopedSAMLToken(false);
+    }
+    
+    public void doTestEnvelopedSAMLToken(boolean signed) throws Exception {
         String address = "https://localhost:" + PORT + "/samlxml/bookstore/books";
-        WebClient wc = createWebClient(address, new SamlEnvelopedOutInterceptor(),
-                                       null);
+        WebClient wc = createWebClient(address, new SamlEnvelopedOutInterceptor(!signed),
+                                       null, signed);
         XmlSigOutInterceptor xmlSig = new XmlSigOutInterceptor();
-        xmlSig.setEnvelopeQName(XmlSigOutInterceptor.DEFAULT_ENV_QNAME);
-        
+        xmlSig.setStyle(XmlSigOutInterceptor.DETACHED_SIG);
+                
         WebClient.getConfig(wc).getOutInterceptors().add(xmlSig);
         wc.type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
         try {
@@ -126,7 +135,8 @@ public class JAXRSSamlTest extends Abstr
     
     private WebClient createWebClient(String address, 
                                       Interceptor<Message> outInterceptor,
-                                      Object provider) {
+                                      Object provider,
+                                      boolean selfSign) {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         bean.setAddress(address);
         
@@ -143,7 +153,9 @@ public class JAXRSSamlTest extends Abstr
         properties.put("ws-security.signature.username", "alice");
         properties.put("ws-security.signature.properties", 
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
-        properties.put("ws-security.self-sign-saml-assertion", "true");
+        if (selfSign) {
+            properties.put("ws-security.self-sign-saml-assertion", "true");
+        }
         bean.setProperties(properties);
         
         bean.getOutInterceptors().add(outInterceptor);

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Wed Aug 31 14:42:09 2011
@@ -72,7 +72,7 @@ public class JAXRSXmlSecTest extends Abs
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
         bean.setProperties(properties);
         XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
-        sigInterceptor.setEnveloping(enveloping);
+        sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
         bean.getOutInterceptors().add(sigInterceptor);
         bean.setServiceClass(BookStore.class);
         
@@ -120,7 +120,7 @@ public class JAXRSXmlSecTest extends Abs
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
         bean.setProperties(properties);
         XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
-        sigInterceptor.setEnveloping(enveloping);
+        sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
         bean.getOutInterceptors().add(sigInterceptor);
         
         



Mime
View raw message