cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1230194 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/claims/ main/java/org/apache/cxf/sts/operation/ test/java/org/apache/cxf/sts/operation/
Date Wed, 11 Jan 2012 19:11:51 GMT
Author: owulff
Date: Wed Jan 11 19:11:51 2012
New Revision: 1230194

URL: http://svn.apache.org/viewvc?rev=1230194&view=rev
Log:
[CXF-4021] Claims element support in RST for validate binding

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java?rev=1230194&r1=1230193&r2=1230194&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
Wed Jan 11 19:11:51 2012
@@ -46,14 +46,17 @@ public class ClaimsAttributeStatementPro
                     providerParameters.getRealm()
                 );
         }
-                
-        List<AttributeBean> attributeList = new ArrayList<AttributeBean>();
-        String tokenType = providerParameters.getTokenRequirements().getTokenType();
+        if (retrievedClaims == null) {
+            return null;
+        }
         
         Iterator<Claim> claimIterator = retrievedClaims.iterator();
         if (!claimIterator.hasNext()) {
             return null;
         }
+                
+        List<AttributeBean> attributeList = new ArrayList<AttributeBean>();
+        String tokenType = providerParameters.getTokenRequirements().getTokenType();
         
         AttributeStatementBean attrBean = new AttributeStatementBean();
         while (claimIterator.hasNext()) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java?rev=1230194&r1=1230193&r2=1230194&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
Wed Jan 11 19:11:51 2012
@@ -55,7 +55,7 @@ public class ClaimsManager {
 
     public ClaimCollection retrieveClaimValues(
             Principal principal, RequestClaimCollection claims, WebServiceContext context,
String realm) {
-        if (claimHandlers != null && claimHandlers.size() > 0) {
+        if (claimHandlers != null && claimHandlers.size() > 0 && claims
!= null && claims.size() > 0) {
             ClaimCollection returnCollection = new ClaimCollection();
             for (ClaimsHandler handler : claimHandlers) {
                 ClaimCollection claimCollection = handler.retrieveClaimValues(

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1230194&r1=1230193&r2=1230194&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
Wed Jan 11 19:11:51 2012
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.sts.operation;
 
+import java.net.URI;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -42,6 +43,8 @@ import org.apache.cxf.sts.RealmParser;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.cache.STSTokenStore;
+import org.apache.cxf.sts.claims.ClaimsManager;
+import org.apache.cxf.sts.claims.RequestClaim;
 import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
@@ -95,6 +98,7 @@ public abstract class AbstractOperation 
     protected List<TokenValidator> tokenValidators = new ArrayList<TokenValidator>();
     protected boolean returnReferences = true;
     protected STSTokenStore tokenStore;
+    protected ClaimsManager claimsManager;
     
     public boolean isReturnReferences() {
         return returnReferences;
@@ -138,7 +142,15 @@ public abstract class AbstractOperation 
 
     public List<TokenValidator> getTokenValidators() {
         return tokenValidators;
-    }  
+    }
+    
+    public ClaimsManager getClaimsManager() {
+        return claimsManager;
+    }
+
+    public void setClaimsManager(ClaimsManager claimsManager) {
+        this.claimsManager = claimsManager;
+    }
     
     /**
      * Check the arguments from the STSProvider and parse the request.
@@ -548,5 +560,25 @@ public abstract class AbstractOperation 
         return tokenResponse;
     }
     
+    protected void checkClaimsSupport(RequestClaimCollection requestedClaims) {
+        if (requestedClaims != null) {
+            List<URI> unhandledClaimTypes = new ArrayList<URI>();
+            for (RequestClaim requestedClaim : requestedClaims) {
+                if (!claimsManager.getSupportedClaimTypes().contains(requestedClaim.getClaimType())

+                        && !requestedClaim.isOptional()) {
+                    unhandledClaimTypes.add(requestedClaim.getClaimType());
+                }
+            }
+
+            if (unhandledClaimTypes.size() > 0) {
+                LOG.log(Level.WARNING, "The requested claim " + unhandledClaimTypes.toString()

+                        + " cannot be fulfilled by the STS.");
+                throw new STSException(
+                        "The requested claim " + unhandledClaimTypes.toString() 
+                        + " cannot be fulfilled by the STS."
+                );
+            }
+        }
+    }
     
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1230194&r1=1230193&r2=1230194&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
Wed Jan 11 19:11:51 2012
@@ -19,10 +19,7 @@
 
 package org.apache.cxf.sts.operation;
 
-import java.net.URI;
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -33,8 +30,6 @@ import javax.xml.ws.WebServiceContext;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.sts.IdentityMapper;
 import org.apache.cxf.sts.QNameConstants;
-import org.apache.cxf.sts.claims.ClaimsManager;
-import org.apache.cxf.sts.claims.RequestClaim;
 import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
@@ -68,16 +63,6 @@ public class TokenIssueOperation extends
 
     private static final Logger LOG = LogUtils.getL7dLogger(TokenIssueOperation.class);
 
-    private ClaimsManager claimsManager; 
-
-    public ClaimsManager getClaimsManager() {
-        return claimsManager;
-    }
-
-    public void setClaimsManager(ClaimsManager claimsManager) {
-        this.claimsManager = claimsManager;
-    }
-
 
     public RequestSecurityTokenResponseCollectionType issue(
             RequestSecurityTokenType request,
@@ -100,26 +85,9 @@ public class TokenIssueOperation extends
 
         // Check if the requested claims can be handled by the configured claim handlers
         RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
-        if (requestedClaims != null) {
-            List<URI> unhandledClaimTypes = new ArrayList<URI>();
-            for (RequestClaim requestedClaim : requestedClaims) {
-                if (!claimsManager.getSupportedClaimTypes().contains(requestedClaim.getClaimType())

-                        && !requestedClaim.isOptional()) {
-                    unhandledClaimTypes.add(requestedClaim.getClaimType());
-                }
-            }
-
-            if (unhandledClaimTypes.size() > 0) {
-                LOG.log(Level.WARNING, "The requested claim " + unhandledClaimTypes.toString()

-                        + " cannot be fulfilled by the STS.");
-                throw new STSException(
-                        "The requested claim " + unhandledClaimTypes.toString() 
-                        + " cannot be fulfilled by the STS."
-                );
-            }
-        }
-
+        checkClaimsSupport(requestedClaims);
         providerParameters.setClaimsManager(claimsManager);
+        
         String realm = providerParameters.getRealm();
 
         TokenRequirements tokenRequirements = requestParser.getTokenRequirements();

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java?rev=1230194&r1=1230193&r2=1230194&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
Wed Jan 11 19:11:51 2012
@@ -32,6 +32,7 @@ import org.apache.cxf.sts.IdentityMapper
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.RealmParser;
 import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.RequestParser;
 import org.apache.cxf.sts.request.TokenRequirements;
@@ -118,6 +119,11 @@ public class TokenValidateOperation exte
                 }
             }
             
+            // Check if the requested claims can be handled by the configured claim handlers
+            RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
+            checkClaimsSupport(requestedClaims);
+            providerParameters.setClaimsManager(claimsManager);
+            
             Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
             if (additionalProperties != null) {
                 providerParameters.setAdditionalProperties(additionalProperties);

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java?rev=1230194&r1=1230193&r2=1230194&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
Wed Jan 11 19:11:51 2012
@@ -20,6 +20,7 @@ package org.apache.cxf.sts.operation;
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -28,8 +29,10 @@ import java.util.Properties;
 import javax.xml.bind.JAXBElement;
 import javax.xml.namespace.QName;
 
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxws.context.WebServiceContextImpl;
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
 import org.apache.cxf.message.MessageImpl;
@@ -38,13 +41,20 @@ import org.apache.cxf.sts.QNameConstants
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.ClaimsManager; 
+import org.apache.cxf.sts.common.CustomAttributeProvider;
+import org.apache.cxf.sts.common.CustomClaimsHandler;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
 import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProvider;
 import org.apache.cxf.sts.token.realm.SAMLRealm;
 import org.apache.cxf.sts.token.validator.TokenValidator;
 import org.apache.cxf.sts.token.validator.UsernameTokenValidator;
 import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
@@ -243,6 +253,120 @@ public class ValidateTokenTransformation
         assertTrue(tokenString.contains("ALICE"));
         assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
     }
+
+    /**
+     * Test to successfully validate a UsernameToken and transform it into a SAML Assertion.
+     * Required claims are a child of RST element
+     */
+    @org.junit.Test
+    public void testUsernameTokenTransformationClaims() throws Exception {
+        runUsernameTokenTransformationClaims(false);
+    }
+    
+    /**
+     * Test to successfully validate a UsernameToken and transform it into a SAML Assertion.
+     * Required claims are a child of SecondaryParameters element
+     */
+    @org.junit.Test
+    public void testUsernameTokenTransformationClaimsSecondaryParameters() throws Exception
{
+        runUsernameTokenTransformationClaims(true);
+    }
+    
+    /**
+     * Test to successfully validate a UsernameToken and transform it into a SAML Assertion
with claims.
+     */
+    private void runUsernameTokenTransformationClaims(boolean useSecondaryParameters) throws
Exception {
+        TokenValidateOperation validateOperation = new TokenValidateOperation();
+        
+        // Add Token Validator
+        List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
+        validatorList.add(new UsernameTokenValidator());
+        validateOperation.setTokenValidators(validatorList);
+
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+       
+        List<AttributeStatementProvider> customProviderList = 
+            new ArrayList<AttributeStatementProvider>();
+        customProviderList.add(new CustomAttributeProvider());
+        SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
+        samlTokenProvider.setAttributeStatementProviders(customProviderList);
+        providerList.add(samlTokenProvider);
+        validateOperation.setTokenProviders(providerList);
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        validateOperation.setStsProperties(stsProperties);
+        
+        // Set the ClaimsManager
+        ClaimsManager claimsManager = new ClaimsManager();
+        ClaimsHandler claimsHandler = new CustomClaimsHandler();
+        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+        validateOperation.setClaimsManager(claimsManager);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML2_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        Object claims = 
+            useSecondaryParameters ? createClaimsElementInSecondaryParameters() : createClaimsElement();
+            
+        request.getAny().add(claims);
+        
+        // Create a UsernameToken
+        JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice",
"clarinet");
+        ValidateTargetType validateTarget = new ValidateTargetType();
+        validateTarget.setAny(usernameTokenType);
+        
+        JAXBElement<ValidateTargetType> validateTargetType = 
+            new JAXBElement<ValidateTargetType>(
+                QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
+            );
+        request.getAny().add(validateTargetType);
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Validate a token
+        RequestSecurityTokenResponseType response = 
+            validateOperation.validate(request, webServiceContext);
+        assertTrue(validateResponse(response));
+        
+        // Test the generated token.
+        Element assertion = null;
+        for (Object tokenObject : response.getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName()))
{
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                assertion = (Element)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(assertion);
+        String tokenString = DOM2Writer.nodeToString(assertion);
+        assertTrue(tokenString.contains("AttributeStatement"));
+        assertTrue(tokenString.contains("alice"));
+        assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+        assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
+    }
     
     /*
      * Create a security context object
@@ -325,4 +449,53 @@ public class ValidateTokenTransformation
         return tokenType;
     }
     
+    /*
+     * Mock up a DOM Element containing some claims
+     */
+    private JAXBElement<ClaimsType> createClaimsElement() {
+        Document doc = DOMUtils.createDocument();
+        
+        Element claimType = createClaimsType(doc);        
+       
+        ClaimsType claims = new ClaimsType();
+        claims.setDialect(STSConstants.IDT_NS_05_05);
+        claims.getAny().add(claimType);
+        
+        JAXBElement<ClaimsType> claimsType =
+            new JAXBElement<ClaimsType>(
+                    QNameConstants.CLAIMS, ClaimsType.class, claims
+            );
+        
+        return claimsType;
+    }
+    
+    /*
+     * Mock up a SecondaryParameters DOM Element containing some claims
+     */
+    private Element createClaimsElementInSecondaryParameters() {
+        Document doc = DOMUtils.createDocument();
+        Element secondary = doc.createElementNS(STSConstants.WST_NS_05_12, "SecondaryParameters");
+        secondary.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", STSConstants.WST_NS_05_12);
+        
+        Element claims = doc.createElementNS(STSConstants.WST_NS_05_12, "Claims");
+        claims.setAttributeNS(null, "Dialect", STSConstants.IDT_NS_05_05);
+        
+        Element claimType = createClaimsType(doc);
+        
+        claims.appendChild(claimType);
+        secondary.appendChild(claims);
+
+        return secondary;
+    }
+    
+    private Element createClaimsType(Document doc) {
+        Element claimType = doc.createElementNS(STSConstants.IDT_NS_05_05, "ClaimType");
+        claimType.setAttributeNS(
+            null, "Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+        );
+        claimType.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", STSConstants.IDT_NS_05_05);
+        
+        return claimType;
+    }
+    
 }



Mime
View raw message