cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1176938 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/token/validator/ test/java/org/apache/cxf/sts/operation/
Date Wed, 28 Sep 2011 16:08:13 GMT
Author: coheigea
Date: Wed Sep 28 16:08:12 2011
New Revision: 1176938

URL: http://svn.apache.org/viewvc?rev=1176938&view=rev
Log:
Adding support for SAML realms when validating tokens.

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.sts.token.validator;
 
+import java.util.HashMap;
+import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -29,6 +31,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
 
 import org.apache.ws.security.SAMLTokenPrincipal;
 import org.apache.ws.security.WSConstants;
@@ -52,6 +55,8 @@ public class SAMLTokenValidator implemen
     
     private Validator validator = new SignatureTrustValidator();
     
+    private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
+    
     /**
      * Set the WSS4J Validator instance to use to validate the token.
      * @param validator the WSS4J Validator instance to use to validate the token
@@ -65,6 +70,18 @@ public class SAMLTokenValidator implemen
      * ReceivedToken argument.
      */
     public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        if (realm != null && !realmMap.containsKey(realm)) {
+            return false;
+        }
+        
         Object token = validateTarget.getToken();
         if (token instanceof Element) {
             Element tokenElement = (Element)token;
@@ -88,7 +105,6 @@ public class SAMLTokenValidator implemen
         STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
         Crypto sigCrypto = stsProperties.getSignatureCrypto();
         CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
-        String issuer = stsProperties.getIssuer();
 
         RequestData requestData = new RequestData();
         requestData.setSigCrypto(sigCrypto);
@@ -123,13 +139,24 @@ public class SAMLTokenValidator implemen
 
             validator.validate(trustCredential, requestData);
 
-            // Finally check the issuer
+            // Finally check that the issuer is trusted
+            String trustedIssuer = null;
             String assertionIssuer = assertion.getIssuerString();
-
-            if (issuer.equals(assertionIssuer)) {
+            for (String realm : realmMap.keySet()) {
+                SAMLRealm samlRealm = realmMap.get(realm);
+                if (samlRealm.getIssuer().equals(assertionIssuer)) {
+                    trustedIssuer = realm;
+                    break;
+                }
+            }
+            if (trustedIssuer == null && assertionIssuer.equals(stsProperties.getIssuer()))
{
+                trustedIssuer = stsProperties.getIssuer();
+            }
+            if (trustedIssuer != null) {
                 response.setValid(true);
                 SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipal(assertion);
                 response.setPrincipal(samlPrincipal);
+                response.setTokenRealm(trustedIssuer);
             }
         } catch (WSSecurityException ex) {
             LOG.log(Level.WARNING, "", ex);
@@ -138,5 +165,20 @@ public class SAMLTokenValidator implemen
         return response;
     }
     
+    /**
+     * Set the map of realm->SAMLRealm for this token provider
+     * @param realms the map of realm->SAMLRealm for this token provider
+     */
+    public void setRealmMap(Map<String, SAMLRealm> realms) {
+        this.realmMap = realms;
+    }
+    
+    /**
+     * Get the map of realm->SAMLRealm for this token provider
+     * @return the map of realm->SAMLRealm for this token provider
+     */
+    public Map<String, SAMLRealm> getRealmMap() {
+        return realmMap;
+    }
     
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Wed Sep 28 16:08:12 2011
@@ -51,9 +51,17 @@ public class SCTValidator implements Tok
 
     /**
      * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument.
+     * ReceivedToken argument. The realm is ignored in this token Validator.
      */
     public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
         Object token = validateTarget.getToken();
         if (token instanceof Element) {
             Element tokenElement = (Element)token;

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -30,6 +30,12 @@ public interface TokenValidator {
      * ReceivedToken argument.
      */
     boolean canHandleToken(ReceivedToken validateTarget);
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument in the given realm.
+     */
+    boolean canHandleToken(ReceivedToken validateTarget, String realm);
 
     /**
      * Validate a Token using the given TokenValidatorParameters.

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
Wed Sep 28 16:08:12 2011
@@ -41,6 +41,7 @@ public class TokenValidatorParameters {
     private KeyRequirements keyRequirements;
     private TokenRequirements tokenRequirements;
     private STSTokenStore tokenStore;
+    private String realm;
     
     public STSTokenStore getTokenStore() {
         return tokenStore;
@@ -90,4 +91,12 @@ public class TokenValidatorParameters {
         return principal;
     }
     
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+    
+    public String getRealm() {
+        return realm;
+    }
+    
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
Wed Sep 28 16:08:12 2011
@@ -29,6 +29,7 @@ public class TokenValidatorResponse {
     private boolean valid;
     private Principal principal;
     private Map<String, Object> additionalProperties;
+    private String realm;
     
     public void setValid(boolean valid) {
         this.valid = valid;
@@ -54,4 +55,12 @@ public class TokenValidatorResponse {
         return additionalProperties;
     }
     
+    public void setTokenRealm(String tokenRealm) {
+        this.realm = tokenRealm;
+    }
+    
+    public String getTokenRealm() {
+        return realm;
+    }
+    
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -72,6 +72,14 @@ public class UsernameTokenValidator impl
      * ReceivedToken argument.
      */
     public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
         if (validateTarget.getToken() instanceof UsernameTokenType) {
             return true;
         }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -73,6 +73,14 @@ public class X509TokenValidator implemen
      * ReceivedToken argument.
      */
     public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
         Object token = validateTarget.getToken();
         if ((token instanceof BinarySecurityTokenType)
             && X509_V3_TYPE.equals(((BinarySecurityTokenType)token).getValueType()))
{

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -44,6 +44,9 @@ public class DummyTokenValidator impleme
         return false;
     }
     
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        return canHandleToken(validateTarget);
+    }
 
     public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters)
{
         TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();



Mime
View raw message