cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1176937 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/ main/java/org/apache/cxf/sts/operation/ main/java/org/apache/cxf/sts/token/provider/ main/java/org/apache/cxf/sts/token/realm/ test/java/org/apache/cxf/sts/op...
Date Wed, 28 Sep 2011 16:07:46 GMT
Author: coheigea
Date: Wed Sep 28 16:07:45 2011
New Revision: 1176937

URL: http://svn.apache.org/viewvc?rev=1176937&view=rev
Log:
Adding support for issuing tokens in specific realms.

Added:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/IdentityMapper.java
      - copied, changed from r1176804, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/RealmParser.java
      - copied, changed from r1176804, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomIdentityMapper.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomRealmParser.java
      - copied, changed from r1176804, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java

Copied: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/IdentityMapper.java (from r1176804, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/IdentityMapper.java?p2=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/IdentityMapper.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java&r1=1176804&r2=1176937&rev=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/IdentityMapper.java Wed Sep 28 16:07:45 2011
@@ -1,38 +1,39 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * An interface that can provide a security token.
- */
-public interface TokenProvider {
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType.
-     */
-    boolean canHandleToken(String tokenType);
-
-    /**
-     * Create a token given a TokenProviderParameters
-     */
-    TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts;
+
+import java.security.Principal;
+
+/**
+ * This interface defines a pluggable way of mapping an identity from a source realm to a target
+ * realm.
+ */
+public interface IdentityMapper {
+    
+    /**
+     * Map a principal in the source realm to the target realm
+     * @param sourceRealm the source realm of the Principal
+     * @param sourcePrincipal the principal in the source realm
+     * @param targetRealm the target realm of the Principal
+     * @return the principal in the target realm
+     */
+    Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm);
+
+}

Copied: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/RealmParser.java (from r1176804, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/RealmParser.java?p2=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/RealmParser.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java&r1=1176804&r2=1176937&rev=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/RealmParser.java Wed Sep 28 16:07:45 2011
@@ -1,38 +1,35 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * An interface that can provide a security token.
- */
-public interface TokenProvider {
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType.
-     */
-    boolean canHandleToken(String tokenType);
-
-    /**
-     * Create a token given a TokenProviderParameters
-     */
-    TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * This interface defines a pluggable way of defining a realm for the current request.  
+ */
+public interface RealmParser {
+    
+    /**
+     * Return the realm of the current request given a WebServiceContext object
+     */
+    String parseRealm(WebServiceContext context) throws STSException;
+    
+}

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java Wed Sep 28 16:07:45 2011
@@ -26,7 +26,7 @@ import org.apache.ws.security.components
 
 /**
  * This MBean represents the properties associated with the STS. It contains a single operation
- * "loadProperties()" which allows subclasses to perform any custom loading/processing of the 
+ * "configureProperties()" which allows subclasses to perform any custom loading/processing of the 
  * properties.
  */
 public interface STSPropertiesMBean {
@@ -122,5 +122,28 @@ public interface STSPropertiesMBean {
      */
     SignatureProperties getSignatureProperties();
     
+    /**
+     * Set the RealmParser object to use.
+     * @param realmParser the RealmParser object to use.
+     */
+    void setRealmParser(RealmParser realmParser);
+
+    /**
+     * Get the RealmParser object to use.
+     * @return the RealmParser object to use.
+     */
+    RealmParser getRealmParser();
+
+    /**
+     * Set the IdentityMapper object to use.
+     * @param identityMapper the IdentityMapper object to use.
+     */
+    void setIdentityMapper(IdentityMapper identityMapper);
+
+    /**
+     * Get the IdentityMapper object to use.
+     * @return the IdentityMapper object to use.
+     */
+    IdentityMapper getIdentityMapper();
     
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java Wed Sep 28 16:07:45 2011
@@ -54,6 +54,8 @@ public class StaticSTSProperties impleme
     private String encryptionUsername;
     private String issuer;
     private SignatureProperties signatureProperties = new SignatureProperties();
+    private RealmParser realmParser;
+    private IdentityMapper identityMapper;
 
     /**
      * Load the CallbackHandler, Crypto objects, if necessary.
@@ -242,6 +244,38 @@ public class StaticSTSProperties impleme
         return signatureProperties;
     }
     
+    /**
+     * Set the RealmParser object to use.
+     * @param realmParser the RealmParser object to use.
+     */
+    public void setRealmParser(RealmParser realmParser) {
+        this.realmParser = realmParser;
+    }
+    
+    /**
+     * Get the RealmParser object to use.
+     * @return the RealmParser object to use.
+     */
+    public RealmParser getRealmParser() {
+        return realmParser;
+    }
+    
+    /**
+     * Set the IdentityMapper object to use.
+     * @param identityMapper the IdentityMapper object to use.
+     */
+    public void setIdentityMapper(IdentityMapper identityMapper) {
+        this.identityMapper = identityMapper;
+    }
+    
+    /**
+     * Get the IdentityMapper object to use.
+     * @return the IdentityMapper object to use.
+     */
+    public IdentityMapper getIdentityMapper() {
+        return identityMapper;
+    }
+    
     private static Properties getProps(Object o) {
         Properties properties = null;
         if (o instanceof Properties) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java Wed Sep 28 16:07:45 2011
@@ -39,6 +39,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.helpers.DOMUtils;
 
 import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.RealmParser;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.cache.STSTokenStore;
@@ -412,6 +413,13 @@ public abstract class AbstractOperation 
         LOG.fine("The AppliesTo address that has been received is: " + address);
         providerParameters.setAppliesToAddress(address);
         
+        // Get the realm of the request
+        if (stsProperties.getRealmParser() != null) {
+            RealmParser realmParser = stsProperties.getRealmParser();
+            String realm = realmParser.parseRealm(context);
+            providerParameters.setRealm(realm);
+        }
+        
         // Set the requested Claims
         RequestClaimCollection claims = tokenRequirements.getClaims();
         providerParameters.setRequestedClaims(claims);

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Wed Sep 28 16:07:45 2011
@@ -119,8 +119,9 @@ public class TokenIssueOperation extends
         TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
         String tokenType = tokenRequirements.getTokenType();
         TokenProviderResponse tokenResponse = null;
+        String realm = providerParameters.getRealm();
         for (TokenProvider tokenProvider : tokenProviders) {
-            if (tokenProvider.canHandleToken(tokenType)) {
+            if (tokenProvider.canHandleToken(tokenType, realm)) {
                 try {
                     tokenResponse = tokenProvider.createToken(providerParameters);
                 } catch (STSException ex) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java Wed Sep 28 16:07:45 2011
@@ -138,8 +138,9 @@ public class TokenValidateOperation exte
             if (additionalProperties != null) {
                 providerParameters.setAdditionalProperties(additionalProperties);
             }
+            String realm = providerParameters.getRealm();
             for (TokenProvider tokenProvider : tokenProviders) {
-                if (tokenProvider.canHandleToken(tokenType)) {
+                if (tokenProvider.canHandleToken(tokenType, realm)) {
                     try {
                         tokenProviderResponse = tokenProvider.createToken(providerParameters);
                     } catch (STSException ex) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java Wed Sep 28 16:07:45 2011
@@ -20,7 +20,9 @@
 package org.apache.cxf.sts.token.provider;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -33,6 +35,7 @@ import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 
 import org.apache.ws.security.WSConstants;
@@ -59,12 +62,24 @@ public class SAMLTokenProvider implement
     private SubjectProvider subjectProvider = new DefaultSubjectProvider();
     private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
     private boolean signToken = true;
+    private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
     
     /**
      * Return true if this TokenProvider implementation is capable of providing a token
      * that corresponds to the given TokenType.
      */
     public boolean canHandleToken(String tokenType) {
+        return canHandleToken(tokenType, null);
+    }
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm.
+     */
+    public boolean canHandleToken(String tokenType, String realm) {
+        if (realm != null && !realmMap.containsKey(realm)) {
+            return false;
+        }
         if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)
             || WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
             return true;
@@ -211,11 +226,33 @@ public class SAMLTokenProvider implement
     public void setSignToken(boolean signToken) {
         this.signToken = signToken;
     }
+    
+    /**
+     * Set the map of realm->SAMLRealm for this token provider
+     * @param realms the map of realm->SAMLRealm for this token provider
+     */
+    public void setRealmMap(Map<String, SAMLRealm> realms) {
+        this.realmMap = realms;
+    }
+    
+    /**
+     * Get the map of realm->SAMLRealm for this token provider
+     * @return the map of realm->SAMLRealm for this token provider
+     */
+    public Map<String, SAMLRealm> getRealmMap() {
+        return realmMap;
+    }
 
     private AssertionWrapper createSamlToken(
         TokenProviderParameters tokenParameters, byte[] secret, Document doc
     ) throws Exception {
-        SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, doc);
+        String realm = tokenParameters.getRealm();
+        SAMLRealm samlRealm = null;
+        if (realm != null && realmMap.containsKey(realm)) {
+            samlRealm = realmMap.get(realm);
+        }
+        
+        SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
         
         SAMLParms samlParms = new SAMLParms();
         samlParms.setCallbackHandler(handler);
@@ -224,7 +261,13 @@ public class SAMLTokenProvider implement
         if (signToken) {
             STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
             
-            String alias = stsProperties.getSignatureUsername();
+            String alias = null;
+            if (samlRealm != null) {
+                alias = samlRealm.getSignatureAlias();
+            }
+            if (alias == null || "".equals(alias)) {
+                alias = stsProperties.getSignatureUsername();
+            }
             if (alias == null || "".equals(alias)) {
                 Crypto signatureCrypto = stsProperties.getSignatureCrypto();
                 if (signatureCrypto != null) {
@@ -247,7 +290,7 @@ public class SAMLTokenProvider implement
     }
     
     public SamlCallbackHandler createCallbackHandler(
-        TokenProviderParameters tokenParameters, byte[] secret, Document doc
+        TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc
     ) throws Exception {
         // Parse the AttributeStatements
         List<AttributeStatementBean> attrBeanList = null;
@@ -327,6 +370,10 @@ public class SAMLTokenProvider implement
         handler.setAuthenticationBeans(authBeanList);
         handler.setAuthDecisionStatementBeans(authDecisionBeanList);
         
+        if (samlRealm != null) {
+            handler.setIssuer(samlRealm.getIssuer());
+        }
+        
         return handler;
     }
     

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java Wed Sep 28 16:07:45 2011
@@ -65,6 +65,15 @@ public class SCTProvider implements Toke
      * that corresponds to the given TokenType.
      */
     public boolean canHandleToken(String tokenType) {
+        return canHandleToken(tokenType, null);
+    }
+
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm. The realm is ignored in this 
+     * token provider.
+     */
+    public boolean canHandleToken(String tokenType, String realm) {
         if (STSUtils.TOKEN_TYPE_SCT_05_02.equals(tokenType) 
             || STSUtils.TOKEN_TYPE_SCT_05_12.equals(tokenType)) {
             return true;

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java Wed Sep 28 16:07:45 2011
@@ -48,6 +48,7 @@ public class SamlCallbackHandler impleme
     private List<AuthDecisionStatementBean> authDecisionBeans;
     private ConditionsBean conditionsBean;
     private SubjectBean subjectBean;
+    private String issuer;
     
     /**
      * Set the list of AttributeStatementBeans.
@@ -91,6 +92,13 @@ public class SamlCallbackHandler impleme
         this.tokenParameters = tokenProviderParameters;
     }
     
+    /**
+     * Set the issuer name
+     */
+    public void setIssuer(String issuerName) {
+        this.issuer = issuerName;
+    }
+    
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
@@ -113,8 +121,12 @@ public class SamlCallbackHandler impleme
                 }
                 
                 // Set the issuer
-                STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-                callback.setIssuer(stsProperties.getIssuer());
+                if (issuer == null) {
+                    STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+                    callback.setIssuer(stsProperties.getIssuer());
+                } else {
+                    callback.setIssuer(issuer);
+                }
 
                 // Set the statements
                 if (attributeBeans != null && !attributeBeans.isEmpty()) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java Wed Sep 28 16:07:45 2011
@@ -26,9 +26,15 @@ public interface TokenProvider {
     
     /**
      * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType.
+     * that corresponds to the given TokenType
      */
     boolean canHandleToken(String tokenType);
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm
+     */
+    boolean canHandleToken(String tokenType, String realm);
 
     /**
      * Create a token given a TokenProviderParameters

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java Wed Sep 28 16:07:45 2011
@@ -50,6 +50,7 @@ public class TokenProviderParameters {
     private ClaimsManager claimsManager;
     private Map<String, Object> additionalProperties;
     private STSTokenStore tokenStore;
+    private String realm;
     
     public STSTokenStore getTokenStore() {
         return tokenStore;
@@ -139,4 +140,12 @@ public class TokenProviderParameters {
         return additionalProperties;
     }
     
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+    
+    public String getRealm() {
+        return realm;
+    }
+    
 }

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java?rev=1176937&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java Wed Sep 28 16:07:45 2011
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.realm;
+
+
+/**
+ * This class defines some properties that are associated with a realm for the SAMLTokenProvider and
+ * SAMLTokenValidator.
+ */
+public class SAMLRealm {
+    private String issuer;
+    private String signatureAlias;
+
+    /**
+     * Get the issuer of this SAML realm
+     * @return the issuer of this SAML realm
+     */
+    public String getIssuer() {
+        return issuer;
+    }
+    
+    /**
+     * Set the issuer of this SAML realm
+     * @param issuer the issuer of this SAML realm
+     */
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
+    /**
+     * Get the signature alias to use for this SAML realm
+     * @return the signature alias to use for this SAML realm
+     */
+    public String getSignatureAlias() {
+        return signatureAlias;
+    }
+    
+    /**
+     * Set the signature alias to use for this SAML realm
+     * @param signatureAlias the signature alias to use for this SAML realm
+     */
+    public void setSignatureAlias(String signatureAlias) {
+        this.signatureAlias = signatureAlias;
+    }
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomIdentityMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomIdentityMapper.java?rev=1176937&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomIdentityMapper.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomIdentityMapper.java Wed Sep 28 16:07:45 2011
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.operation;
+
+import java.security.Principal;
+
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+/**
+ * A test implementation of RealmParser.
+ */
+public class CustomIdentityMapper implements IdentityMapper {
+
+    /**
+     * Map a principal in the source realm to the target realm
+     * @param sourceRealm the source realm of the Principal
+     * @param sourcePrincipal the principal in the source realm
+     * @param targetRealm the target realm of the Principal
+     * @return the principal in the target realm
+     */
+    public Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm) {
+        if ("A".equals(sourceRealm)) {
+            String name = sourcePrincipal.getName().toLowerCase();
+            return new CustomTokenPrincipal(name);
+        } else if ("B".equals(sourceRealm)) {
+            String name = sourcePrincipal.getName().toUpperCase();
+            return new CustomTokenPrincipal(name);
+        }
+        return null;
+    }
+
+}

Copied: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomRealmParser.java (from r1176804, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomRealmParser.java?p2=cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomRealmParser.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java&r1=1176804&r2=1176937&rev=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomRealmParser.java Wed Sep 28 16:07:45 2011
@@ -1,38 +1,44 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * An interface that can provide a security token.
- */
-public interface TokenProvider {
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType.
-     */
-    boolean canHandleToken(String tokenType);
-
-    /**
-     * Create a token given a TokenProviderParameters
-     */
-    TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.operation;
+
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+
+import org.apache.cxf.sts.RealmParser;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * A test implementation of RealmParser.
+ */
+public class CustomRealmParser implements RealmParser {
+
+    public String parseRealm(WebServiceContext context) throws STSException {
+        MessageContext messageContext = context.getMessageContext();
+        String endpoint = (String)messageContext.get("url");
+        if (endpoint.contains("ldap")) {
+            return "A";
+        } else if (endpoint.contains("https")) {
+            return "B";
+        }
+        
+        return null;
+    }
+    
+}

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java?rev=1176937&r1=1176936&r2=1176937&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java Wed Sep 28 16:07:45 2011
@@ -46,6 +46,10 @@ public class DummyTokenProvider implemen
         return false;
     }
     
+    public boolean canHandleToken(String tokenType, String realm) {
+        return canHandleToken(tokenType);
+    }
+    
     public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
         try {
             Document doc = DOMUtils.createDocument();

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java?rev=1176937&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java Wed Sep 28 16:07:45 2011
@@ -0,0 +1,358 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.operation;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.util.DOM2Writer;
+
+/**
+ * Some unit tests for the issue operation to issue SAML tokens in a specific realm.
+ */
+public class IssueSamlRealmUnitTest extends org.junit.Assert {
+    
+    public static final QName REQUESTED_SECURITY_TOKEN = 
+        QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(null).getName();
+    public static final QName ATTACHED_REFERENCE = 
+        QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(null).getName();
+    public static final QName UNATTACHED_REFERENCE = 
+        QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(null).getName();
+    
+    /**
+     * Test to successfully issue a Saml 1.1 token in realm "A".
+     */
+    @org.junit.Test
+    public void testIssueSaml1TokenRealmA() throws Exception {
+        TokenIssueOperation issueOperation = new TokenIssueOperation();
+        
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+        SAMLTokenProvider provider = new SAMLTokenProvider();
+        provider.setRealmMap(createRealms());
+        providerList.add(provider);
+        issueOperation.setTokenProviders(providerList);
+        
+        // Add Service
+        ServiceMBean service = new StaticService();
+        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+        issueOperation.setServices(Collections.singletonList(service));
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        stsProperties.setRealmParser(new CustomRealmParser());
+        issueOperation.setStsProperties(stsProperties);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put("url", "ldap");
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Issue a token
+        RequestSecurityTokenResponseCollectionType response = 
+            issueOperation.issue(request, webServiceContext);
+        List<RequestSecurityTokenResponseType> securityTokenResponse = 
+            response.getRequestSecurityTokenResponse();
+        assertTrue(!securityTokenResponse.isEmpty());
+        
+        // Test the generated token.
+        Element assertion = null;
+        for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName())) {
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                assertion = (Element)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(assertion);
+        String tokenString = DOM2Writer.nodeToString(assertion);
+        assertTrue(tokenString.contains("A-Issuer"));
+        assertFalse(tokenString.contains("B-Issuer"));
+        assertFalse(tokenString.contains("STS"));
+    }
+    
+    /**
+     * Test to successfully issue a Saml 1.1 token in realm "B".
+     */
+    @org.junit.Test
+    public void testIssueSaml1TokenRealmB() throws Exception {
+        TokenIssueOperation issueOperation = new TokenIssueOperation();
+        
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+        SAMLTokenProvider provider = new SAMLTokenProvider();
+        provider.setRealmMap(createRealms());
+        providerList.add(provider);
+        issueOperation.setTokenProviders(providerList);
+        
+        // Add Service
+        ServiceMBean service = new StaticService();
+        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+        issueOperation.setServices(Collections.singletonList(service));
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        stsProperties.setRealmParser(new CustomRealmParser());
+        issueOperation.setStsProperties(stsProperties);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put("url", "https");
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Issue a token
+        RequestSecurityTokenResponseCollectionType response = 
+            issueOperation.issue(request, webServiceContext);
+        List<RequestSecurityTokenResponseType> securityTokenResponse = 
+            response.getRequestSecurityTokenResponse();
+        assertTrue(!securityTokenResponse.isEmpty());
+        
+        // Test the generated token.
+        Element assertion = null;
+        for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName())) {
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                assertion = (Element)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(assertion);
+        String tokenString = DOM2Writer.nodeToString(assertion);
+        assertFalse(tokenString.contains("A-Issuer"));
+        assertTrue(tokenString.contains("B-Issuer"));
+        assertFalse(tokenString.contains("STS"));
+    }
+    
+    /**
+     * Test to successfully issue a Saml 1.1 token in the default realm.
+     */
+    @org.junit.Test
+    public void testIssueSaml1TokenDefaultRealm() throws Exception {
+        TokenIssueOperation issueOperation = new TokenIssueOperation();
+        
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+        SAMLTokenProvider provider = new SAMLTokenProvider();
+        provider.setRealmMap(createRealms());
+        providerList.add(provider);
+        issueOperation.setTokenProviders(providerList);
+        
+        // Add Service
+        ServiceMBean service = new StaticService();
+        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+        issueOperation.setServices(Collections.singletonList(service));
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        stsProperties.setRealmParser(new CustomRealmParser());
+        issueOperation.setStsProperties(stsProperties);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put("url", "unknown");
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Issue a token
+        RequestSecurityTokenResponseCollectionType response = 
+            issueOperation.issue(request, webServiceContext);
+        List<RequestSecurityTokenResponseType> securityTokenResponse = 
+            response.getRequestSecurityTokenResponse();
+        assertTrue(!securityTokenResponse.isEmpty());
+        
+        // Test the generated token.
+        Element assertion = null;
+        for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName())) {
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                assertion = (Element)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(assertion);
+        String tokenString = DOM2Writer.nodeToString(assertion);
+        assertFalse(tokenString.contains("A-Issuer"));
+        assertFalse(tokenString.contains("B-Issuer"));
+        assertTrue(tokenString.contains("STS"));
+    }
+    
+    /**
+     * Create some SAML Realms
+     */
+    private Map<String, SAMLRealm> createRealms() {
+        Map<String, SAMLRealm> samlRealms = new HashMap<String, SAMLRealm>();
+        SAMLRealm samlRealm = new SAMLRealm();
+        samlRealm.setIssuer("A-Issuer");
+        samlRealms.put("A", samlRealm);
+        samlRealm = new SAMLRealm();
+        samlRealm.setIssuer("B-Issuer");
+        samlRealms.put("B", samlRealm);
+        
+        return samlRealms;
+    }
+    
+    /*
+     * Create a security context object
+     */
+    private SecurityContext createSecurityContext(final Principal p) {
+        return new SecurityContext() {
+            public Principal getUserPrincipal() {
+                return p;
+            }
+            public boolean isUserInRole(String role) {
+                return false;
+            }
+        };
+    }
+    
+    /*
+     * Mock up an AppliesTo element using the supplied address
+     */
+    private Element createAppliesToElement(String addressUrl) {
+        Document doc = DOMUtils.createDocument();
+        Element appliesTo = doc.createElementNS(STSConstants.WSP_NS, "wsp:AppliesTo");
+        appliesTo.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsp", STSConstants.WSP_NS);
+        Element endpointRef = doc.createElementNS(STSConstants.WSA_NS_05, "wsa:EndpointReference");
+        endpointRef.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsa", STSConstants.WSA_NS_05);
+        Element address = doc.createElementNS(STSConstants.WSA_NS_05, "wsa:Address");
+        address.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsa", STSConstants.WSA_NS_05);
+        address.setTextContent(addressUrl);
+        endpointRef.appendChild(address);
+        appliesTo.appendChild(endpointRef);
+        return appliesTo;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java?rev=1176937&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java Wed Sep 28 16:07:45 2011
@@ -0,0 +1,160 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.util.DOM2Writer;
+
+/**
+ * Some unit tests for creating SAML Tokens via the SAMLTokenProvider in different realms
+ */
+public class SAMLProviderRealmTest extends org.junit.Assert {
+    
+    /**
+     * Test that a SAML 1.1 Bearer Assertion is created in specific realms.
+     */
+    @org.junit.Test
+    public void testRealms() throws Exception {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(WSConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
+        providerParameters.setRealm("A");
+        
+        // Create Realms
+        Map<String, SAMLRealm> samlRealms = new HashMap<String, SAMLRealm>();
+        SAMLRealm samlRealm = new SAMLRealm();
+        samlRealm.setIssuer("A-Issuer");
+        samlRealms.put("A", samlRealm);
+        samlRealm = new SAMLRealm();
+        samlRealm.setIssuer("B-Issuer");
+        samlRealms.put("B", samlRealm);
+        ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms);
+        
+        // Realm "A"
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE, "A"));
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        
+        Element token = providerResponse.getToken();
+        String tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(providerResponse.getTokenId()));
+        assertTrue(tokenString.contains("A-Issuer"));
+        assertFalse(tokenString.contains("B-Issuer"));
+        assertFalse(tokenString.contains("STS"));
+        
+        // Realm "B"
+        providerParameters.setRealm("B");
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE, "B"));
+        providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        
+        token = providerResponse.getToken();
+        tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(providerResponse.getTokenId()));
+        assertFalse(tokenString.contains("A-Issuer"));
+        assertTrue(tokenString.contains("B-Issuer"));
+        assertFalse(tokenString.contains("STS"));
+        
+        // Default Realm
+        providerParameters.setRealm(null);
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE, null));
+        providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        
+        token = providerResponse.getToken();
+        tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(providerResponse.getTokenId()));
+        assertFalse(tokenString.contains("A-Issuer"));
+        assertFalse(tokenString.contains("B-Issuer"));
+        assertTrue(tokenString.contains("STS"));
+    }
+    
+    private TokenProviderParameters createProviderParameters(
+        String tokenType, String keyType
+    ) throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(tokenType);
+        parameters.setTokenRequirements(tokenRequirements);
+
+        KeyRequirements keyRequirements = new KeyRequirements();
+        keyRequirements.setKeyType(keyType);
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        parameters.setEncryptionProperties(new EncryptionProperties());
+
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+}



Mime
View raw message