cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1186905 [4/6] - in /cxf/trunk: rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/ rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/ rt/transports/jms/src/test/java/org/apache/cxf/transport/jms/ rt/ws/policy/src/mai...
Date Thu, 20 Oct 2011 16:38:03 GMT
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java Thu Oct 20 16:37:54 2011
@@ -1,210 +1,210 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.sts.token.validator;
-
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Properties;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.request.ReceivedToken;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.token.realm.CertConstraintsParser;
-import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.ws.security.SAMLTokenPrincipal;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
-import org.apache.ws.security.validate.Validator;
-
-/**
- * Validate a SAML Assertion. It is valid if it was issued and signed by this STS.
- */
-public class SAMLTokenValidator implements TokenValidator {
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenValidator.class);
-    
-    private Validator validator = new SignatureTrustValidator();
-    
-    private CertConstraintsParser certConstraints = new CertConstraintsParser();
-    
-    private SAMLRealmCodec samlRealmCodec;
-    
-    /**
-     * Set a list of Strings corresponding to regular expression constraints on the subject DN
-     * of a certificate that was used to sign a received Assertion
-     */
-    public void setSubjectConstraints(List<String> subjectConstraints) {
-        certConstraints.setSubjectConstraints(subjectConstraints);
-    }
-    
-    /**
-     * Set the WSS4J Validator instance to use to validate the token.
-     * @param validator the WSS4J Validator instance to use to validate the token
-     */
-    public void setValidator(Validator validator) {
-        this.validator = validator;
-    }
-    
-    /**
-     * Set the SAMLRealmCodec instance to use to return a realm from a validated token
-     * @param samlRealmCodec the SAMLRealmCodec instance to use to return a realm from a validated token
-     */
-    public void setSamlRealmCodec(SAMLRealmCodec samlRealmCodec) {
-        this.samlRealmCodec = samlRealmCodec;
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget) {
-        return canHandleToken(validateTarget, null);
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument. The realm is ignored in this Validator.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
-        Object token = validateTarget.getToken();
-        if (token instanceof Element) {
-            Element tokenElement = (Element)token;
-            String namespace = tokenElement.getNamespaceURI();
-            String localname = tokenElement.getLocalName();
-            if ((WSConstants.SAML_NS.equals(namespace) || WSConstants.SAML2_NS.equals(namespace))
-                && "Assertion".equals(localname)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    
-    /**
-     * Validate a Token using the given TokenValidatorParameters.
-     */
-    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
-        LOG.fine("Validating SAML Token");
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
-        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-        Crypto sigCrypto = stsProperties.getSignatureCrypto();
-        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
-        
-        TokenValidatorResponse response = new TokenValidatorResponse();
-        response.setValid(false);
-        
-        if (validateTarget == null || !validateTarget.isDOMElement()) {
-            return response;
-        }
-        
-        try {
-            Element validateTargetElement = (Element)validateTarget.getToken();
-            AssertionWrapper assertion = new AssertionWrapper(validateTargetElement);
-            
-            SecurityToken secToken = null;
-            if (tokenParameters.getTokenStore() != null) {
-                int hash = 0;
-                byte[] signatureValue = assertion.getSignatureValue();
-                if (signatureValue != null && signatureValue.length > 0) {
-                    hash = Arrays.hashCode(signatureValue);
-                    secToken = tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
-                }
-            }
-            if (secToken == null) {
-                if (!assertion.isSigned()) {
-                    LOG.log(Level.WARNING, "The received assertion is not signed, and therefore not trusted");
-                    return response;
-                }
-                
-                RequestData requestData = new RequestData();
-                requestData.setSigCrypto(sigCrypto);
-                WSSConfig wssConfig = WSSConfig.getNewInstance();
-                requestData.setWssConfig(wssConfig);
-                requestData.setCallbackHandler(callbackHandler);
-                
-                // Verify the signature
-                assertion.verifySignature(
-                    requestData, new WSDocInfo(validateTargetElement.getOwnerDocument())
-                );
-
-                // Now verify trust on the signature
-                Credential trustCredential = new Credential();
-                SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
-                trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
-                trustCredential.setCertificates(samlKeyInfo.getCerts());
-    
-                validator.validate(trustCredential, requestData);
-
-                // Finally check that subject DN of the signing certificate matches a known constraint
-                X509Certificate cert = null;
-                if (trustCredential.getCertificates() != null) {
-                    cert = trustCredential.getCertificates()[0];
-                }
-                
-                if (!certConstraints.matches(cert)) {
-                    return response;
-                }
-            }
-            
-            // Get the realm of the SAML token
-            String tokenRealm = null;
-            if (samlRealmCodec != null) {
-                tokenRealm = samlRealmCodec.getRealmFromToken(assertion);
-                // verify the realm against the cached token
-                if (secToken != null) {
-                    Properties props = secToken.getProperties();
-                    if (props != null) {
-                        String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
-                        if (!tokenRealm.equals(cachedRealm)) {
-                            return response;
-                        }
-                    }
-                }
-            }
-            
-            response.setValid(true);
-            SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipal(assertion);
-            response.setPrincipal(samlPrincipal);
-            response.setTokenRealm(tokenRealm);
-        } catch (WSSecurityException ex) {
-            LOG.log(Level.WARNING, "", ex);
-        }
-
-        return response;
-    }
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.CertConstraintsParser;
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.SAMLTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SignatureTrustValidator;
+import org.apache.ws.security.validate.Validator;
+
+/**
+ * Validate a SAML Assertion. It is valid if it was issued and signed by this STS.
+ */
+public class SAMLTokenValidator implements TokenValidator {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenValidator.class);
+    
+    private Validator validator = new SignatureTrustValidator();
+    
+    private CertConstraintsParser certConstraints = new CertConstraintsParser();
+    
+    private SAMLRealmCodec samlRealmCodec;
+    
+    /**
+     * Set a list of Strings corresponding to regular expression constraints on the subject DN
+     * of a certificate that was used to sign a received Assertion
+     */
+    public void setSubjectConstraints(List<String> subjectConstraints) {
+        certConstraints.setSubjectConstraints(subjectConstraints);
+    }
+    
+    /**
+     * Set the WSS4J Validator instance to use to validate the token.
+     * @param validator the WSS4J Validator instance to use to validate the token
+     */
+    public void setValidator(Validator validator) {
+        this.validator = validator;
+    }
+    
+    /**
+     * Set the SAMLRealmCodec instance to use to return a realm from a validated token
+     * @param samlRealmCodec the SAMLRealmCodec instance to use to return a realm from a validated token
+     */
+    public void setSamlRealmCodec(SAMLRealmCodec samlRealmCodec) {
+        this.samlRealmCodec = samlRealmCodec;
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        Object token = validateTarget.getToken();
+        if (token instanceof Element) {
+            Element tokenElement = (Element)token;
+            String namespace = tokenElement.getNamespaceURI();
+            String localname = tokenElement.getLocalName();
+            if ((WSConstants.SAML_NS.equals(namespace) || WSConstants.SAML2_NS.equals(namespace))
+                && "Assertion".equals(localname)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    /**
+     * Validate a Token using the given TokenValidatorParameters.
+     */
+    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+        LOG.fine("Validating SAML Token");
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+        Crypto sigCrypto = stsProperties.getSignatureCrypto();
+        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
+        
+        TokenValidatorResponse response = new TokenValidatorResponse();
+        response.setValid(false);
+        
+        if (validateTarget == null || !validateTarget.isDOMElement()) {
+            return response;
+        }
+        
+        try {
+            Element validateTargetElement = (Element)validateTarget.getToken();
+            AssertionWrapper assertion = new AssertionWrapper(validateTargetElement);
+            
+            SecurityToken secToken = null;
+            if (tokenParameters.getTokenStore() != null) {
+                int hash = 0;
+                byte[] signatureValue = assertion.getSignatureValue();
+                if (signatureValue != null && signatureValue.length > 0) {
+                    hash = Arrays.hashCode(signatureValue);
+                    secToken = tokenParameters.getTokenStore().getTokenByAssociatedHash(hash);
+                }
+            }
+            if (secToken == null) {
+                if (!assertion.isSigned()) {
+                    LOG.log(Level.WARNING, "The received assertion is not signed, and therefore not trusted");
+                    return response;
+                }
+                
+                RequestData requestData = new RequestData();
+                requestData.setSigCrypto(sigCrypto);
+                WSSConfig wssConfig = WSSConfig.getNewInstance();
+                requestData.setWssConfig(wssConfig);
+                requestData.setCallbackHandler(callbackHandler);
+                
+                // Verify the signature
+                assertion.verifySignature(
+                    requestData, new WSDocInfo(validateTargetElement.getOwnerDocument())
+                );
+
+                // Now verify trust on the signature
+                Credential trustCredential = new Credential();
+                SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
+                trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
+                trustCredential.setCertificates(samlKeyInfo.getCerts());
+    
+                validator.validate(trustCredential, requestData);
+
+                // Finally check that subject DN of the signing certificate matches a known constraint
+                X509Certificate cert = null;
+                if (trustCredential.getCertificates() != null) {
+                    cert = trustCredential.getCertificates()[0];
+                }
+                
+                if (!certConstraints.matches(cert)) {
+                    return response;
+                }
+            }
+            
+            // Get the realm of the SAML token
+            String tokenRealm = null;
+            if (samlRealmCodec != null) {
+                tokenRealm = samlRealmCodec.getRealmFromToken(assertion);
+                // verify the realm against the cached token
+                if (secToken != null) {
+                    Properties props = secToken.getProperties();
+                    if (props != null) {
+                        String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
+                        if (!tokenRealm.equals(cachedRealm)) {
+                            return response;
+                        }
+                    }
+                }
+            }
+            
+            response.setValid(true);
+            SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipal(assertion);
+            response.setPrincipal(samlPrincipal);
+            response.setTokenRealm(tokenRealm);
+        } catch (WSSecurityException ex) {
+            LOG.log(Level.WARNING, "", ex);
+        }
+
+        return response;
+    }
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java Thu Oct 20 16:37:54 2011
@@ -1,121 +1,121 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.sts.token.validator;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.sts.request.ReceivedToken;
-import org.apache.cxf.sts.request.TokenRequirements;
-
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.trust.STSUtils;
-
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.message.token.SecurityContextToken;
-
-/**
- * This class validates a SecurityContextToken.
- */
-public class SCTValidator implements TokenValidator {
-    
-    /**
-     * This tag refers to the secret key (byte[]) associated with a SecurityContextToken that has been
-     * validated. It is inserted into the additional properties map of the response, so that it can be
-     * retrieved and inserted into a generated token by a TokenProvider instance.
-     */
-    public static final String SCT_VALIDATOR_SECRET = "sct-validator-secret";
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(SCTValidator.class);
-
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument. The realm is ignored in this token Validator.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget) {
-        return canHandleToken(validateTarget, null);
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument. The realm is ignored in this token Validator.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
-        Object token = validateTarget.getToken();
-        if (token instanceof Element) {
-            Element tokenElement = (Element)token;
-            String namespace = tokenElement.getNamespaceURI();
-            String localname = tokenElement.getLocalName();
-            if ((STSUtils.SCT_NS_05_02.equals(namespace) 
-                || STSUtils.SCT_NS_05_12.equals(namespace))
-                && "SecurityContextToken".equals(localname)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    
-    /**
-     * Validate a Token using the given TokenValidatorParameters.
-     */
-    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
-        LOG.fine("Validating SecurityContextToken");
-        
-        if (tokenParameters.getTokenStore() == null) {
-            LOG.log(Level.FINE, "A cache must be configured to use the SCTValidator");
-            TokenValidatorResponse response = new TokenValidatorResponse();
-            response.setValid(false);
-            return response;
-        }
-        
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
-
-        TokenValidatorResponse response = new TokenValidatorResponse();
-        response.setValid(false);
-        
-        if (validateTarget != null && validateTarget.isDOMElement()) {
-            try {
-                Element validateTargetElement = (Element)validateTarget.getToken();
-                SecurityContextToken sct = new SecurityContextToken(validateTargetElement);
-                String identifier = sct.getIdentifier();
-                SecurityToken token = tokenParameters.getTokenStore().getToken(identifier);
-                if (token == null) {
-                    LOG.fine("Identifier: " + identifier + " is not found in the cache");
-                    return response;
-                }
-                byte[] secret = (byte[])token.getSecret();
-                response.setValid(true);
-                Map<String, Object> properties = new HashMap<String, Object>();
-                properties.put(SCT_VALIDATOR_SECRET, secret);
-                response.setAdditionalProperties(properties);
-                response.setPrincipal(token.getPrincipal());
-            } catch (WSSecurityException ex) {
-                LOG.log(Level.WARNING, "", ex);
-            }
-        }
-        return response;
-    }
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSUtils;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.message.token.SecurityContextToken;
+
+/**
+ * This class validates a SecurityContextToken.
+ */
+public class SCTValidator implements TokenValidator {
+    
+    /**
+     * This tag refers to the secret key (byte[]) associated with a SecurityContextToken that has been
+     * validated. It is inserted into the additional properties map of the response, so that it can be
+     * retrieved and inserted into a generated token by a TokenProvider instance.
+     */
+    public static final String SCT_VALIDATOR_SECRET = "sct-validator-secret";
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(SCTValidator.class);
+
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        Object token = validateTarget.getToken();
+        if (token instanceof Element) {
+            Element tokenElement = (Element)token;
+            String namespace = tokenElement.getNamespaceURI();
+            String localname = tokenElement.getLocalName();
+            if ((STSUtils.SCT_NS_05_02.equals(namespace) 
+                || STSUtils.SCT_NS_05_12.equals(namespace))
+                && "SecurityContextToken".equals(localname)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    /**
+     * Validate a Token using the given TokenValidatorParameters.
+     */
+    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+        LOG.fine("Validating SecurityContextToken");
+        
+        if (tokenParameters.getTokenStore() == null) {
+            LOG.log(Level.FINE, "A cache must be configured to use the SCTValidator");
+            TokenValidatorResponse response = new TokenValidatorResponse();
+            response.setValid(false);
+            return response;
+        }
+        
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+
+        TokenValidatorResponse response = new TokenValidatorResponse();
+        response.setValid(false);
+        
+        if (validateTarget != null && validateTarget.isDOMElement()) {
+            try {
+                Element validateTargetElement = (Element)validateTarget.getToken();
+                SecurityContextToken sct = new SecurityContextToken(validateTargetElement);
+                String identifier = sct.getIdentifier();
+                SecurityToken token = tokenParameters.getTokenStore().getToken(identifier);
+                if (token == null) {
+                    LOG.fine("Identifier: " + identifier + " is not found in the cache");
+                    return response;
+                }
+                byte[] secret = (byte[])token.getSecret();
+                response.setValid(true);
+                Map<String, Object> properties = new HashMap<String, Object>();
+                properties.put(SCT_VALIDATOR_SECRET, secret);
+                response.setAdditionalProperties(properties);
+                response.setPrincipal(token.getPrincipal());
+            } catch (WSSecurityException ex) {
+                LOG.log(Level.WARNING, "", ex);
+            }
+        }
+        return response;
+    }
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java Thu Oct 20 16:37:54 2011
@@ -1,45 +1,45 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.sts.token.validator;
-
-import org.apache.cxf.sts.request.ReceivedToken;
-
-/**
- * An interface that can validate a security token.
- */
-public interface TokenValidator {
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument.
-     */
-    boolean canHandleToken(ReceivedToken validateTarget);
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument in the given realm.
-     */
-    boolean canHandleToken(ReceivedToken validateTarget, String realm);
-
-    /**
-     * Validate a Token using the given TokenValidatorParameters.
-     */
-    TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters);
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+
+/**
+ * An interface that can validate a security token.
+ */
+public interface TokenValidator {
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument.
+     */
+    boolean canHandleToken(ReceivedToken validateTarget);
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument in the given realm.
+     */
+    boolean canHandleToken(ReceivedToken validateTarget, String realm);
+
+    /**
+     * Validate a Token using the given TokenValidatorParameters.
+     */
+    TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters);
+
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java Thu Oct 20 16:37:54 2011
@@ -1,231 +1,231 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.sts.token.validator;
-
-import java.security.Principal;
-import java.util.Properties;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.QNameConstants;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.request.ReceivedToken;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.token.realm.UsernameTokenRealmCodec;
-
-import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.WSUsernameTokenPrincipal;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.message.token.UsernameToken;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.Validator;
-
-/**
- * This class validates a wsse UsernameToken.
- */
-public class UsernameTokenValidator implements TokenValidator {
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(UsernameTokenValidator.class);
-    
-    private Validator validator = new org.apache.ws.security.validate.UsernameTokenValidator();
-    
-    private UsernameTokenRealmCodec usernameTokenRealmCodec;
-    
-    /**
-     * Set the WSS4J Validator instance to use to validate the token.
-     * @param validator the WSS4J Validator instance to use to validate the token
-     */
-    public void setValidator(Validator validator) {
-        this.validator = validator;
-    }
-    
-    /**
-     * Set the UsernameTokenRealmCodec instance to use to return a realm from a validated token
-     * @param usernameTokenRealmCodec the UsernameTokenRealmCodec instance to use to return a 
-     *                                realm from a validated token
-     */
-    public void setUsernameTokenRealmCodec(UsernameTokenRealmCodec usernameTokenRealmCodec) {
-        this.usernameTokenRealmCodec = usernameTokenRealmCodec;
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget) {
-        return canHandleToken(validateTarget, null);
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument. The realm is ignored in this token Validator.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
-        if (validateTarget.getToken() instanceof UsernameTokenType) {
-            return true;
-        }
-        return false;
-    }
-    
-    /**
-     * Validate a Token using the given TokenValidatorParameters.
-     */
-    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
-        LOG.fine("Validating UsernameToken");
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
-        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-        Crypto sigCrypto = stsProperties.getSignatureCrypto();
-        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
-
-        RequestData requestData = new RequestData();
-        requestData.setSigCrypto(sigCrypto);
-        WSSConfig wssConfig = WSSConfig.getNewInstance();
-        requestData.setWssConfig(wssConfig);
-        requestData.setCallbackHandler(callbackHandler);
-
-        TokenValidatorResponse response = new TokenValidatorResponse();
-        response.setValid(false);
-        
-        if (validateTarget == null || !validateTarget.isUsernameToken()) {
-            return response;
-        }
-        
-        //
-        // Turn the JAXB UsernameTokenType into a DOM Element for validation
-        //
-        UsernameTokenType usernameTokenType = (UsernameTokenType)validateTarget.getToken();
-        
-        SecurityToken secToken = null;
-        if (tokenParameters.getTokenStore() != null) {
-            secToken = tokenParameters.getTokenStore().getToken(usernameTokenType.getId());
-        }
-        
-        Element rootElement = null;
-        Element usernameTokenElement = null;
-        if (secToken == null) {
-            try {
-                JAXBContext jaxbContext = 
-                    JAXBContext.newInstance("org.apache.cxf.ws.security.sts.provider.model");
-                Marshaller marshaller = jaxbContext.createMarshaller();
-                Document doc = DOMUtils.createDocument();
-                rootElement = doc.createElement("root-element");
-                JAXBElement<UsernameTokenType> tokenType = 
-                    new JAXBElement<UsernameTokenType>(
-                        QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType
-                    );
-                marshaller.marshal(tokenType, rootElement);
-            } catch (JAXBException ex) {
-                LOG.log(Level.WARNING, "", ex);
-                return response;
-            }
-            usernameTokenElement = (Element)rootElement.getFirstChild();
-        } else {
-            usernameTokenElement = secToken.getToken();
-        }
-        
-        //
-        // Validate the token
-        //
-        try {
-            boolean allowNamespaceQualifiedPasswordTypes = 
-                wssConfig.getAllowNamespaceQualifiedPasswordTypes();
-            boolean bspCompliant = wssConfig.isWsiBSPCompliant();
-            UsernameToken ut = 
-                new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, bspCompliant);
-            if (ut.getPassword() == null) {
-                return response;
-            }
-            if (secToken == null || (secToken.getAssociatedHash() != ut.hashCode())) {
-                Credential credential = new Credential();
-                credential.setUsernametoken(ut);
-                validator.validate(credential, requestData);
-            }
-            Principal principal = 
-                createPrincipal(
-                    ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
-                );
-            
-            // Get the realm of the UsernameToken
-            String tokenRealm = null;
-            if (usernameTokenRealmCodec != null) {
-                tokenRealm = usernameTokenRealmCodec.getRealmFromToken(ut);
-                // verify the realm against the cached token
-                if (secToken != null) {
-                    Properties props = secToken.getProperties();
-                    if (props != null) {
-                        String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
-                        if (!tokenRealm.equals(cachedRealm)) {
-                            return response;
-                        }
-                    }
-                }
-            }
-            
-            response.setPrincipal(principal);
-            response.setTokenRealm(tokenRealm);
-            response.setValid(true);
-        } catch (WSSecurityException ex) {
-            LOG.log(Level.WARNING, "", ex);
-        }
-        
-        return response;
-    }
-    
-    /**
-     * Create a principal based on the authenticated UsernameToken.
-     */
-    private Principal createPrincipal(
-        String username,
-        String passwordValue,
-        String passwordType,
-        String nonce,
-        String createdTime
-    ) {
-        boolean hashed = false;
-        if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
-            hashed = true;
-        }
-        WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(username, hashed);
-        principal.setNonce(nonce);
-        principal.setPassword(passwordValue);
-        principal.setCreatedTime(createdTime);
-        principal.setPasswordType(passwordType);
-        return principal;
-    }
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.security.Principal;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.UsernameTokenRealmCodec;
+
+import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.token.UsernameToken;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.Validator;
+
+/**
+ * This class validates a wsse UsernameToken.
+ */
+public class UsernameTokenValidator implements TokenValidator {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(UsernameTokenValidator.class);
+    
+    private Validator validator = new org.apache.ws.security.validate.UsernameTokenValidator();
+    
+    private UsernameTokenRealmCodec usernameTokenRealmCodec;
+    
+    /**
+     * Set the WSS4J Validator instance to use to validate the token.
+     * @param validator the WSS4J Validator instance to use to validate the token
+     */
+    public void setValidator(Validator validator) {
+        this.validator = validator;
+    }
+    
+    /**
+     * Set the UsernameTokenRealmCodec instance to use to return a realm from a validated token
+     * @param usernameTokenRealmCodec the UsernameTokenRealmCodec instance to use to return a 
+     *                                realm from a validated token
+     */
+    public void setUsernameTokenRealmCodec(UsernameTokenRealmCodec usernameTokenRealmCodec) {
+        this.usernameTokenRealmCodec = usernameTokenRealmCodec;
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        if (validateTarget.getToken() instanceof UsernameTokenType) {
+            return true;
+        }
+        return false;
+    }
+    
+    /**
+     * Validate a Token using the given TokenValidatorParameters.
+     */
+    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+        LOG.fine("Validating UsernameToken");
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+        Crypto sigCrypto = stsProperties.getSignatureCrypto();
+        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
+
+        RequestData requestData = new RequestData();
+        requestData.setSigCrypto(sigCrypto);
+        WSSConfig wssConfig = WSSConfig.getNewInstance();
+        requestData.setWssConfig(wssConfig);
+        requestData.setCallbackHandler(callbackHandler);
+
+        TokenValidatorResponse response = new TokenValidatorResponse();
+        response.setValid(false);
+        
+        if (validateTarget == null || !validateTarget.isUsernameToken()) {
+            return response;
+        }
+        
+        //
+        // Turn the JAXB UsernameTokenType into a DOM Element for validation
+        //
+        UsernameTokenType usernameTokenType = (UsernameTokenType)validateTarget.getToken();
+        
+        SecurityToken secToken = null;
+        if (tokenParameters.getTokenStore() != null) {
+            secToken = tokenParameters.getTokenStore().getToken(usernameTokenType.getId());
+        }
+        
+        Element rootElement = null;
+        Element usernameTokenElement = null;
+        if (secToken == null) {
+            try {
+                JAXBContext jaxbContext = 
+                    JAXBContext.newInstance("org.apache.cxf.ws.security.sts.provider.model");
+                Marshaller marshaller = jaxbContext.createMarshaller();
+                Document doc = DOMUtils.createDocument();
+                rootElement = doc.createElement("root-element");
+                JAXBElement<UsernameTokenType> tokenType = 
+                    new JAXBElement<UsernameTokenType>(
+                        QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType
+                    );
+                marshaller.marshal(tokenType, rootElement);
+            } catch (JAXBException ex) {
+                LOG.log(Level.WARNING, "", ex);
+                return response;
+            }
+            usernameTokenElement = (Element)rootElement.getFirstChild();
+        } else {
+            usernameTokenElement = secToken.getToken();
+        }
+        
+        //
+        // Validate the token
+        //
+        try {
+            boolean allowNamespaceQualifiedPasswordTypes = 
+                wssConfig.getAllowNamespaceQualifiedPasswordTypes();
+            boolean bspCompliant = wssConfig.isWsiBSPCompliant();
+            UsernameToken ut = 
+                new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, bspCompliant);
+            if (ut.getPassword() == null) {
+                return response;
+            }
+            if (secToken == null || (secToken.getAssociatedHash() != ut.hashCode())) {
+                Credential credential = new Credential();
+                credential.setUsernametoken(ut);
+                validator.validate(credential, requestData);
+            }
+            Principal principal = 
+                createPrincipal(
+                    ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
+                );
+            
+            // Get the realm of the UsernameToken
+            String tokenRealm = null;
+            if (usernameTokenRealmCodec != null) {
+                tokenRealm = usernameTokenRealmCodec.getRealmFromToken(ut);
+                // verify the realm against the cached token
+                if (secToken != null) {
+                    Properties props = secToken.getProperties();
+                    if (props != null) {
+                        String cachedRealm = props.getProperty(STSConstants.TOKEN_REALM);
+                        if (!tokenRealm.equals(cachedRealm)) {
+                            return response;
+                        }
+                    }
+                }
+            }
+            
+            response.setPrincipal(principal);
+            response.setTokenRealm(tokenRealm);
+            response.setValid(true);
+        } catch (WSSecurityException ex) {
+            LOG.log(Level.WARNING, "", ex);
+        }
+        
+        return response;
+    }
+    
+    /**
+     * Create a principal based on the authenticated UsernameToken.
+     */
+    private Principal createPrincipal(
+        String username,
+        String passwordValue,
+        String passwordType,
+        String nonce,
+        String createdTime
+    ) {
+        boolean hashed = false;
+        if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
+            hashed = true;
+        }
+        WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(username, hashed);
+        principal.setNonce(nonce);
+        principal.setPassword(passwordValue);
+        principal.setCreatedTime(createdTime);
+        principal.setPasswordType(passwordType);
+        return principal;
+    }
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java Thu Oct 20 16:37:54 2011
@@ -1,155 +1,155 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.sts.token.validator;
-
-import java.security.cert.X509Certificate;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Text;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.request.ReceivedToken;
-import org.apache.cxf.sts.request.TokenRequirements;
-
-import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
-
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.message.token.BinarySecurity;
-import org.apache.ws.security.message.token.X509Security;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
-import org.apache.ws.security.validate.Validator;
-
-/**
- * This class validates an X.509 V.3 certificate (received as a BinarySecurityToken). The cert must
- * be known (or trusted) by the STS crypto object.
- */
-public class X509TokenValidator implements TokenValidator {
-    
-    public static final String X509_V3_TYPE = WSConstants.X509TOKEN_NS + "#X509v3";
-    
-    public static final String BASE64_ENCODING = WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(X509TokenValidator.class);
-    
-    private Validator validator = new SignatureTrustValidator();
-
-    /**
-     * Set the WSS4J Validator instance to use to validate the token.
-     * @param validator the WSS4J Validator instance to use to validate the token
-     */
-    public void setValidator(Validator validator) {
-        this.validator = validator;
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget) {
-        return canHandleToken(validateTarget, null);
-    }
-    
-    /**
-     * Return true if this TokenValidator implementation is capable of validating the
-     * ReceivedToken argument. The realm is ignored in this token Validator.
-     */
-    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
-        Object token = validateTarget.getToken();
-        if ((token instanceof BinarySecurityTokenType)
-            && X509_V3_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
-            return true;
-        }
-        return false;
-    }
-    
-    /**
-     * Validate a Token using the given TokenValidatorParameters.
-     */
-    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
-        LOG.fine("Validating X.509 Token");
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
-
-        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-        Crypto sigCrypto = stsProperties.getSignatureCrypto();
-        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
-
-        RequestData requestData = new RequestData();
-        requestData.setSigCrypto(sigCrypto);
-        requestData.setWssConfig(WSSConfig.getNewInstance());
-        requestData.setCallbackHandler(callbackHandler);
-
-        TokenValidatorResponse response = new TokenValidatorResponse();
-        response.setValid(false);
-        
-        if (validateTarget == null || !validateTarget.isBinarySecurityToken()) {
-            return response;
-        }
-
-        BinarySecurityTokenType binarySecurityType = (BinarySecurityTokenType)validateTarget.getToken();
-
-        // Test the encoding type
-        String encodingType = binarySecurityType.getEncodingType();
-        if (!BASE64_ENCODING.equals(encodingType)) {
-            LOG.fine("Bad encoding type attribute specified: " + encodingType);
-            return response;
-        }
-
-        //
-        // Turn the received JAXB object into a DOM element
-        //
-        Document doc = DOMUtils.createDocument();
-        BinarySecurity binarySecurity = new X509Security(doc);
-        binarySecurity.setEncodingType(encodingType);
-        binarySecurity.setValueType(binarySecurityType.getValueType());
-        String data = binarySecurityType.getValue();
-        ((Text)binarySecurity.getElement().getFirstChild()).setData(data);
-
-        //
-        // Validate the token
-        //
-        try {
-            Credential credential = new Credential();
-            credential.setBinarySecurityToken(binarySecurity);
-            if (sigCrypto != null) {
-                X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(sigCrypto);
-                credential.setCertificates(new X509Certificate[]{cert});
-            }
-
-            Credential returnedCredential = validator.validate(credential, requestData);
-            response.setPrincipal(returnedCredential.getCertificates()[0].getSubjectX500Principal());
-            response.setValid(true);
-        } catch (WSSecurityException ex) {
-            LOG.log(Level.WARNING, "", ex);
-        }
-        return response;
-    }
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Text;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+
+import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SignatureTrustValidator;
+import org.apache.ws.security.validate.Validator;
+
+/**
+ * This class validates an X.509 V.3 certificate (received as a BinarySecurityToken). The cert must
+ * be known (or trusted) by the STS crypto object.
+ */
+public class X509TokenValidator implements TokenValidator {
+    
+    public static final String X509_V3_TYPE = WSConstants.X509TOKEN_NS + "#X509v3";
+    
+    public static final String BASE64_ENCODING = WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(X509TokenValidator.class);
+    
+    private Validator validator = new SignatureTrustValidator();
+
+    /**
+     * Set the WSS4J Validator instance to use to validate the token.
+     * @param validator the WSS4J Validator instance to use to validate the token
+     */
+    public void setValidator(Validator validator) {
+        this.validator = validator;
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget) {
+        return canHandleToken(validateTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenValidator implementation is capable of validating the
+     * ReceivedToken argument. The realm is ignored in this token Validator.
+     */
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        Object token = validateTarget.getToken();
+        if ((token instanceof BinarySecurityTokenType)
+            && X509_V3_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
+            return true;
+        }
+        return false;
+    }
+    
+    /**
+     * Validate a Token using the given TokenValidatorParameters.
+     */
+    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+        LOG.fine("Validating X.509 Token");
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+
+        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+        Crypto sigCrypto = stsProperties.getSignatureCrypto();
+        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
+
+        RequestData requestData = new RequestData();
+        requestData.setSigCrypto(sigCrypto);
+        requestData.setWssConfig(WSSConfig.getNewInstance());
+        requestData.setCallbackHandler(callbackHandler);
+
+        TokenValidatorResponse response = new TokenValidatorResponse();
+        response.setValid(false);
+        
+        if (validateTarget == null || !validateTarget.isBinarySecurityToken()) {
+            return response;
+        }
+
+        BinarySecurityTokenType binarySecurityType = (BinarySecurityTokenType)validateTarget.getToken();
+
+        // Test the encoding type
+        String encodingType = binarySecurityType.getEncodingType();
+        if (!BASE64_ENCODING.equals(encodingType)) {
+            LOG.fine("Bad encoding type attribute specified: " + encodingType);
+            return response;
+        }
+
+        //
+        // Turn the received JAXB object into a DOM element
+        //
+        Document doc = DOMUtils.createDocument();
+        BinarySecurity binarySecurity = new X509Security(doc);
+        binarySecurity.setEncodingType(encodingType);
+        binarySecurity.setValueType(binarySecurityType.getValueType());
+        String data = binarySecurityType.getValue();
+        ((Text)binarySecurity.getElement().getFirstChild()).setData(data);
+
+        //
+        // Validate the token
+        //
+        try {
+            Credential credential = new Credential();
+            credential.setBinarySecurityToken(binarySecurity);
+            if (sigCrypto != null) {
+                X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(sigCrypto);
+                credential.setCertificates(new X509Certificate[]{cert});
+            }
+
+            Credential returnedCredential = validator.validate(credential, requestData);
+            response.setPrincipal(returnedCredential.getCertificates()[0].getSubjectX500Principal());
+            response.setValid(true);
+        } catch (WSSecurityException ex) {
+            LOG.log(Level.WARNING, "", ex);
+        }
+        return response;
+    }
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/DefaultInMemoryTokenStoreTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/PasswordCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/TestUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CancelSCTUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomIdentityMapper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomRealmParser.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomUsernameTokenRealmCodec.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java Thu Oct 20 16:37:54 2011
@@ -1,77 +1,77 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.operation;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.token.provider.TokenProvider;
-import org.apache.cxf.sts.token.provider.TokenProviderParameters;
-import org.apache.cxf.sts.token.provider.TokenProviderResponse;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.token.BinarySecurity;
-
-/**
- * A Dummy TokenProvider for use in the unit tests. It mocks up a dummy BinarySecurityToken.
- */
-public class DummyTokenProvider implements TokenProvider {
-    
-    public static final String TOKEN_TYPE = 
-        "http://dummy-token-type.com/dummy";
-    public static final String BASE64_NS = 
-        WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
-    
-    public boolean canHandleToken(String tokenType) {
-        if (TOKEN_TYPE.equals(tokenType)) {
-            return true;
-        }
-        return false;
-    }
-    
-    public boolean canHandleToken(String tokenType, String realm) {
-        return canHandleToken(tokenType);
-    }
-    
-    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
-        try {
-            Document doc = DOMUtils.createDocument();
-            
-            // Mock up a dummy BinarySecurityToken
-            String id = "BST-1234";
-            BinarySecurity bst = new BinarySecurity(doc);
-            bst.addWSSENamespace();
-            bst.addWSUNamespace();
-            bst.setID(id);
-            bst.setValueType(TOKEN_TYPE);
-            bst.setEncodingType(BASE64_NS);
-            bst.setToken("12345678".getBytes());
-            
-            TokenProviderResponse response = new TokenProviderResponse();
-            response.setToken(bst.getElement());
-            response.setTokenId(id);
-            
-            return response;
-        } catch (Exception e) {
-            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
-        }
-    }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.operation;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.BinarySecurity;
+
+/**
+ * A Dummy TokenProvider for use in the unit tests. It mocks up a dummy BinarySecurityToken.
+ */
+public class DummyTokenProvider implements TokenProvider {
+    
+    public static final String TOKEN_TYPE = 
+        "http://dummy-token-type.com/dummy";
+    public static final String BASE64_NS = 
+        WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
+    
+    public boolean canHandleToken(String tokenType) {
+        if (TOKEN_TYPE.equals(tokenType)) {
+            return true;
+        }
+        return false;
+    }
+    
+    public boolean canHandleToken(String tokenType, String realm) {
+        return canHandleToken(tokenType);
+    }
+    
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        try {
+            Document doc = DOMUtils.createDocument();
+            
+            // Mock up a dummy BinarySecurityToken
+            String id = "BST-1234";
+            BinarySecurity bst = new BinarySecurity(doc);
+            bst.addWSSENamespace();
+            bst.addWSUNamespace();
+            bst.setID(id);
+            bst.setValueType(TOKEN_TYPE);
+            bst.setEncodingType(BASE64_NS);
+            bst.setToken("12345678".getBytes());
+            
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(bst.getElement());
+            response.setTokenId(id);
+            
+            return response;
+        } catch (Exception e) {
+            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+        }
+    }
+
+}

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java Thu Oct 20 16:37:54 2011
@@ -1,70 +1,70 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.operation;
-
-import org.apache.cxf.sts.request.ReceivedToken;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.token.validator.TokenValidator;
-import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
-import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
-import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
-
-/**
- * A Dummy TokenValidator for use in the unit tests. It validates the status of a
- * dummy BinarySecurityToken by checking the token value.
- */
-public class DummyTokenValidator implements TokenValidator {
-    
-    public static final String TOKEN_TYPE = 
-        "http://dummy-token-type.com/dummy";
-    
-    public boolean canHandleToken(ReceivedToken validateTarget) {
-        Object token = validateTarget.getToken();
-        if ((token instanceof BinarySecurityTokenType)
-            && TOKEN_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
-            return true;
-        }
-        return false;
-    }
-    
-    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
-        return canHandleToken(validateTarget);
-    }
-
-    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
-        
-        TokenValidatorResponse response = new TokenValidatorResponse();
-        response.setValid(false);
-        
-        if (validateTarget != null && validateTarget.isBinarySecurityToken()) {
-            BinarySecurityTokenType binarySecurity = 
-                (BinarySecurityTokenType)validateTarget.getToken();
-            if ("12345678".equals(binarySecurity.getValue())) {
-                response.setValid(true);
-            }
-        }
-        
-        return response;
-    }
-    
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.operation;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
+import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
+
+/**
+ * A Dummy TokenValidator for use in the unit tests. It validates the status of a
+ * dummy BinarySecurityToken by checking the token value.
+ */
+public class DummyTokenValidator implements TokenValidator {
+    
+    public static final String TOKEN_TYPE = 
+        "http://dummy-token-type.com/dummy";
+    
+    public boolean canHandleToken(ReceivedToken validateTarget) {
+        Object token = validateTarget.getToken();
+        if ((token instanceof BinarySecurityTokenType)
+            && TOKEN_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
+            return true;
+        }
+        return false;
+    }
+    
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        return canHandleToken(validateTarget);
+    }
+
+    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+        
+        TokenValidatorResponse response = new TokenValidatorResponse();
+        response.setValid(false);
+        
+        if (validateTarget != null && validateTarget.isBinarySecurityToken()) {
+            BinarySecurityTokenType binarySecurity = 
+                (BinarySecurityTokenType)validateTarget.getToken();
+            if ("12345678".equals(binarySecurity.getValue())) {
+                response.setValid(true);
+            }
+        }
+        
+        return response;
+    }
+    
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueEncryptedUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSCTUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSamlUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateUsernameTokenUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateX509TokenUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/canceller/SCTCancellerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomAuthDecisionProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomAuthenticationProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomSubjectProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderCustomTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/CacheSAMLRealmCodec.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/IssuerSAMLRealmCodec.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message