cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1346338 - in /cxf/fediz/trunk/plugins/core/src: main/java/org/apache/cxf/fediz/core/config/ main/resources/schemas/ test/java/org/apache/cxf/fediz/core/ test/java/org/apache/cxf/fediz/core/config/ test/resources/
Date Tue, 05 Jun 2012 10:56:57 GMT
Author: owulff
Date: Tue Jun  5 10:56:56 2012
New Revision: 1346338

URL: http://svn.apache.org/viewvc?rev=1346338&view=rev
Log:
CustomTokenValidator support added

Added:
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
    cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
Tue Jun  5 10:56:56 2012
@@ -46,9 +46,30 @@ public class FederationProtocol extends 
     
     public FederationProtocol(ProtocolType protocolType) {
         super(protocolType);
-        // [TODO] Flexible tokenvalidator selection, based on class list
+        
+        FederationProtocolType fp = (FederationProtocolType)protocolType;
+        if (fp.getTokenValidators() != null && fp.getTokenValidators().getValidator()
!= null) {
+            for (String validatorClassname : fp.getTokenValidators().getValidator()) {
+                Object obj = null;
+                try {
+                    obj = Thread.currentThread().getContextClassLoader().loadClass(validatorClassname).newInstance();
+                } catch (Exception ex) {
+                    LOG.error("Failed to instantiate TokenValidator implementation class:
'"
+                              + validatorClassname + "'", ex);
+                }
+                if (obj instanceof TokenValidator) {
+                    validators.add((TokenValidator)obj);
+                } else if (obj != null) {
+                    LOG.error("Invalid TokenValidator implementation class: '" + validatorClassname
+ "'");
+                }
+            }
+        }
+        
+        // add SAMLTokenValidator as the last one
+        // Fediz chooses the first validator in the list if its
+        // canHandleToken or canHandleTokenType method return true
         SAMLTokenValidator validator = new SAMLTokenValidator();
-        validators.add(validator);
+        validators.add(validators.size(), validator);
     }
 
     protected FederationProtocolType getFederationProtocol() {

Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue Jun  5 10:56:56
2012
@@ -99,9 +99,7 @@
 					<xs:element ref="reply" />
 					<xs:element ref="request" />
 					<xs:element ref="claimTypesRequested" />
-					<xs:sequence minOccurs="1" maxOccurs="unbounded">
 					<xs:element ref="tokenValidators" />
-					</xs:sequence>
 				</xs:sequence>
 				<!-- <xs:attribute name="roleDelimiter" type="xs:string"/> -->
 				<!--<xs:attribute name="roleURI" use="required" type="xs:string"/> -->
@@ -158,7 +156,13 @@
 		</xs:complexType>
 	</xs:element>
 
-	<xs:element name="tokenValidators" type="xs:string" />
+    <xs:element name="tokenValidators">
+		<xs:complexType>
+			<xs:sequence minOccurs="1" maxOccurs="unbounded">
+				<xs:element name="validator" type="xs:string" />
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
 
 	<xs:simpleType name="optionalType">
 		<xs:restriction base="xs:boolean" />

Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java?rev=1346338&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
Tue Jun  5 10:56:56 2012
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.config.FederationContext;
+
+
+public class CustomValidator implements TokenValidator {
+
+    @Override
+    public boolean canHandleTokenType(String tokenType) {
+        return true;
+    }
+
+    @Override
+    public boolean canHandleToken(Element token) {
+        return true;
+    }
+
+    @Override
+    public TokenValidatorResponse validateAndProcessToken(Element token, FederationContext
config) {
+        return new TokenValidatorResponse(null,
+                                          FederationProcessorTest.TEST_USER,
+                                          FederationProcessorTest.TEST_RSTR_ISSUER,
+                                          null,
+                                          null,
+                                          FederationProcessorTest.TEST_AUDIENCE);
+    }
+
+}

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
Tue Jun  5 10:56:56 2012
@@ -23,6 +23,7 @@ import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.net.URL;
+import java.util.List;
 
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -56,9 +57,9 @@ import org.junit.BeforeClass;
 import static org.junit.Assert.fail;
 
 public class FederationProcessorTest {
-    private static final String TEST_USER = "alice";
-    private static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
-    private static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";
+    static final String TEST_USER = "alice";
+    static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
+    static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";
     
     private static final String CONFIG_FILE = "fediz_test_config.xml";
     
@@ -463,6 +464,46 @@ public class FederationProcessorTest {
         Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                             .size());
     }
+
+    /**
+     * "Validate" SAML 2 token with a custom token validator
+     * If a validator is configured it precedes the SAMLTokenValidator as part of Fediz
+     */
+    @org.junit.Test
+    public void validateSAML2TokenCustomValidator() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        ConditionsBean cp = new ConditionsBean();
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey");
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = getFederationConfigurator().getFederationContext("CUSTTOK");
+        FederationProtocol fp = (FederationProtocol)config.getProtocol();
+        List<TokenValidator> validators = fp.getTokenValidators();
+        Assert.assertEquals("Two validators must be found", 2, validators.size());
+        Assert.assertEquals("First validator must be custom validator",
+                            CustomValidator.class.getName(), validators.get(0).getClass().getName());
+        
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                            wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+    }
     
     
     private String createSamlToken(AssertionWrapper assertion, String alias) throws IOException,

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Tue Jun  5 10:56:56 2012
@@ -40,6 +40,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
 import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
 import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
+import org.apache.cxf.fediz.core.config.jaxb.TokenValidators;
 import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
@@ -73,6 +74,7 @@ public class FedizConfigurationWriterTes
     private static final String AUTH_TYPE_VALUE = "some auth type";
 
     private static final String CLAIM_TYPE_1 = "a particular claim type";
+    private static final String CLAIM_TYPE_2 = "another claim type";
 
     private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
     
@@ -131,6 +133,10 @@ public class FedizConfigurationWriterTes
         claimType.setOptional(true);
         claimType.setType(CLAIM_TYPE_1);
         claimTypeReq.getClaimType().add(claimType);
+        ClaimType claimType2 = new ClaimType();
+        claimType2.setOptional(true);
+        claimType2.setType(CLAIM_TYPE_2);
+        claimTypeReq.getClaimType().add(claimType2);
 
         protocol.setClaimTypesRequested(claimTypeReq);
 
@@ -149,6 +155,11 @@ public class FedizConfigurationWriterTes
         CallbackType issuer = new CallbackType();
         issuer.setValue(ISSUER);
         protocol.setIssuer(issuer);
+        
+        TokenValidators x = new TokenValidators();
+        x.getValidator().add("org.apache.cxf.fediz.CustomValidator");
+        x.getValidator().add("org.apache.cxf.fediz.CustomValidator2");
+        protocol.setTokenValidators(x);
 
         return rootConfig;
 

Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml (original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Tue Jun  5 10:56:56
2012
@@ -108,4 +108,40 @@
 			</claimTypesRequested>
 		</protocol>
 	</contextConfig>
+	<contextConfig name="CUSTTOK">
+		<audienceUris>
+			<audienceItem>http://host_one:port/url</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>		
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="FedizSTSIssuer" />				
+		</trustedIssuers>
+
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>target realm</realm>
+			<issuer>http://url_to_the_issuer</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+			<tokenValidators>
+				<validator>org.apache.cxf.fediz.core.CustomValidator</validator>
+				<validator>org.apache.cxf.fediz.core.CustomValidator2</validator>
+			</tokenValidators>
+		</protocol>
+	</contextConfig>	
 </FedizConfig>



Mime
View raw message