cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1339239 - in /cxf/trunk/rt/rs/security/sso/saml/src: main/java/org/apache/cxf/rs/security/saml/sso/ test/java/org/apache/cxf/rs/security/saml/sso/
Date Wed, 16 May 2012 15:50:49 GMT
Author: coheigea
Date: Wed May 16 15:50:48 2012
New Revision: 1339239

URL: http://svn.apache.org/viewvc?rev=1339239&view=rev
Log:
Adding an interface and default implementation to create AuthnRequests for SAML SSO

Added:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
Modified:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
    cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java?rev=1339239&r1=1339238&r2=1339239&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
Wed May 16 15:50:48 2012
@@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.saml.
 import java.io.IOException;
 import java.net.URI;
 import java.net.URLEncoder;
-import java.util.Collections;
 import java.util.Map;
 import java.util.ResourceBundle;
 import java.util.UUID;
@@ -48,14 +47,8 @@ import org.apache.cxf.rs.security.saml.s
 import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.apache.ws.security.util.DOM2Writer;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+
 import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.xml.io.MarshallingException;
 
 public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler 
     implements RequestHandler {
@@ -69,6 +62,11 @@ public abstract class AbstractServicePro
     private String issuerId;
     private String assertionConsumerServiceAddress;
     private String webAppDomain;
+    private AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder();
+    
+    public void setAuthnRequestBuilder(AuthnRequestBuilder authnRequestBuilder) {
+        this.authnRequestBuilder = authnRequestBuilder;
+    }
     
     public void setAssertionConsumerServiceAddress(
             String assertionConsumerServiceAddress) {
@@ -130,40 +128,8 @@ public abstract class AbstractServicePro
         return true;
     }
     
-    protected AuthnRequest createAuthnRequest(Message m, Document doc) throws Exception {
-        Issuer issuer =
-            SamlpRequestComponentBuilder.createIssuer(getIssuerId(m));
-        NameIDPolicy nameIDPolicy =
-            SamlpRequestComponentBuilder.createNameIDPolicy(
-                true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", getIssuerId(m)
-            );
-        
-        AuthnContextClassRef authnCtxClassRef =
-            SamlpRequestComponentBuilder.createAuthnCtxClassRef(
-                "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
-            );
-        RequestedAuthnContext authnCtx =
-            SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
-                AuthnContextComparisonTypeEnumeration.EXACT,
-                Collections.singletonList(authnCtxClassRef), null
-            );
-        
-        //CHECKSTYLE:OFF
-        return SamlpRequestComponentBuilder.createAuthnRequest(
-                getAbsoluteAssertionServiceAddress(m), 
-                false, 
-                false,
-                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", 
-                SAMLVersion.VERSION_20,
-                issuer, 
-                nameIDPolicy, 
-                authnCtx
-        );
-      //CHECKSTYLE:ON
-    }
-    
     protected String encodeAuthnRequest(Element authnRequestElement)
-        throws MarshallingException, IOException {
+        throws IOException {
         String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
         
         DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
@@ -177,7 +143,11 @@ public abstract class AbstractServicePro
         Document doc = DOMUtils.createDocument();
         doc.appendChild(doc.createElement("root"));
  
-        AuthnRequest authnRequest = createAuthnRequest(m, doc);
+        // Create the AuthnRequest
+        AuthnRequest authnRequest = 
+            authnRequestBuilder.createAuthnRequest(
+                m, getIssuerId(m), getAbsoluteAssertionServiceAddress(m)
+            );
         Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
         String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
         

Added: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java?rev=1339239&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
(added)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
Wed May 16 15:50:48 2012
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.sso;
+
+import org.apache.cxf.message.Message;
+import org.opensaml.saml2.core.AuthnRequest;
+
+/**
+ * This interface defines a method to create a SAML 2.0 Protocol AuthnRequest.
+ */
+public interface AuthnRequestBuilder {
+    
+    /**
+     * Create a SAML 2.0 Protocol AuthnRequest
+     */
+    AuthnRequest createAuthnRequest(
+        Message message, 
+        String issuerId,
+        String assertionConsumerServiceAddress
+    ) throws Exception;
+}

Added: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java?rev=1339239&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
(added)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
Wed May 16 15:50:48 2012
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.sso;
+
+import java.util.Collections;
+
+import org.apache.cxf.message.Message;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+
+/**
+ * A default implementation of the AuthnRequestBuilder interface to create a SAML 2.0
+ * Protocol AuthnRequest.
+ */
+public class DefaultAuthnRequestBuilder implements AuthnRequestBuilder {
+    
+    private boolean forceAuthn;
+    private boolean isPassive;
+    private String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+    
+    /**
+     * Create a SAML 2.0 Protocol AuthnRequest
+     */
+    public AuthnRequest createAuthnRequest(
+        Message message, 
+        String issuerId,
+        String assertionConsumerServiceAddress
+    ) throws Exception {
+        Issuer issuer =
+            SamlpRequestComponentBuilder.createIssuer(issuerId);
+        
+        NameIDPolicy nameIDPolicy =
+            SamlpRequestComponentBuilder.createNameIDPolicy(
+                true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", issuerId
+            );
+        
+        AuthnContextClassRef authnCtxClassRef =
+            SamlpRequestComponentBuilder.createAuthnCtxClassRef(
+                "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+            );
+        RequestedAuthnContext authnCtx =
+            SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
+                AuthnContextComparisonTypeEnumeration.EXACT,
+                Collections.singletonList(authnCtxClassRef), null
+            );
+        
+        //CHECKSTYLE:OFF
+        return SamlpRequestComponentBuilder.createAuthnRequest(
+                assertionConsumerServiceAddress, 
+                forceAuthn, 
+                isPassive,
+                protocolBinding, 
+                SAMLVersion.VERSION_20,
+                issuer, 
+                nameIDPolicy, 
+                authnCtx
+        );
+        
+    }
+
+    public boolean isForceAuthn() {
+        return forceAuthn;
+    }
+
+    public void setForceAuthn(boolean forceAuthn) {
+        this.forceAuthn = forceAuthn;
+    }
+
+    public boolean isPassive() {
+        return isPassive;
+    }
+
+    public void setPassive(boolean isPassive) {
+        this.isPassive = isPassive;
+    }
+
+    public String getProtocolBinding() {
+        return protocolBinding;
+    }
+
+    public void setProtocolBinding(String protocolBinding) {
+        this.protocolBinding = protocolBinding;
+    }
+    
+}

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java?rev=1339239&r1=1339238&r2=1339239&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
Wed May 16 15:50:48 2012
@@ -27,6 +27,8 @@ import javax.xml.parsers.DocumentBuilder
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.saml2.core.AuthnContextClassRef;
@@ -37,7 +39,7 @@ import org.opensaml.saml2.core.NameIDPol
 import org.opensaml.saml2.core.RequestedAuthnContext;
 
 /**
- * Some unit tests for the SamlpRequestComponentBuilder.
+ * Some unit tests for the SamlpRequestComponentBuilder and AuthnRequestBuilder
  */
 public class AuthnRequestBuilderTest extends org.junit.Assert {
     
@@ -53,7 +55,7 @@ public class AuthnRequestBuilderTest ext
         Document doc = docBuilder.newDocument();
         
         Issuer issuer = 
-            SamlpRequestComponentBuilder.createIssuer("http://localhost:8888/saml2-demo/simple");
+            SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app");
         NameIDPolicy nameIDPolicy = 
             SamlpRequestComponentBuilder.createNameIDPolicy(
                 true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer"
@@ -71,7 +73,7 @@ public class AuthnRequestBuilderTest ext
         
         AuthnRequest authnRequest = 
             SamlpRequestComponentBuilder.createAuthnRequest(
-                "http://localhost:8888/saml2-demo/simple", false, false, 
+                "http://localhost:9001/sso", false, false, 
                 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", SAMLVersion.VERSION_20,
                 issuer, nameIDPolicy, authnCtx
             );
@@ -82,5 +84,24 @@ public class AuthnRequestBuilderTest ext
         assertNotNull(policyElement);
     }
     
+    @org.junit.Test
+    public void testAuthnRequestBuilder() throws Exception {
+        DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+        docBuilderFactory.setNamespaceAware(true);
+        DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+        Document doc = docBuilder.newDocument();
+        
+        AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder();
+        Message message = new MessageImpl();
+        
+        AuthnRequest authnRequest = 
+            authnRequestBuilder.createAuthnRequest(
+                message, "http://localhost:9001/app", "http://localhost:9001/sso"
+            );
+        Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
+        doc.appendChild(policyElement);
+        // String outputString = DOM2Writer.nodeToString(policyElement);
+        assertNotNull(policyElement);
+    }
     
 }



Mime
View raw message