cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a.@apache.org
Subject svn commit: r1372877 - in /cxf/trunk/rt/ws/security: pom.xml src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Date Tue, 14 Aug 2012 13:36:05 GMT
Author: ay
Date: Tue Aug 14 13:36:04 2012
New Revision: 1372877

URL: http://svn.apache.org/viewvc?rev=1372877&view=rev
Log:
[CXF-4469] 2.6.x rt-ws-security bundle is requiring opensaml

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
  (with props)
Modified:
    cxf/trunk/rt/ws/security/pom.xml
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java

Modified: cxf/trunk/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/pom.xml?rev=1372877&r1=1372876&r2=1372877&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/pom.xml (original)
+++ cxf/trunk/rt/ws/security/pom.xml Tue Aug 14 13:36:04 2012
@@ -34,6 +34,7 @@
     <properties>
         <cxf.osgi.import>
             net.sf.ehcache*;resolution:=optional;version="[2.5, 3.0.0)",
+            org.opensaml*;resolution:=optional,
         </cxf.osgi.import>
     </properties>
 

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java?rev=1372877&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
Tue Aug 14 13:36:04 2012
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * internal SAMLUtils to avoid direct reference to opensaml from WSS4J interceptors.
+ */
+final class SAMLUtils {
+    private SAMLUtils() {
+    }
+    
+    public static List<String> parseRolesInAssertion(Object assertion, String roleAttributeName)
{
+        if (((AssertionWrapper) assertion).getSamlVersion().equals(SAMLVersion.VERSION_20))
{
+            return parseRolesInAssertion(((AssertionWrapper)assertion).getSaml2(), roleAttributeName);
+        } else {
+            return parseRolesInAssertion(((AssertionWrapper)assertion).getSaml1(), roleAttributeName);
+        }
+    }
+    
+    //
+    // these methods are moved from previous WSS4JInInterceptor
+    //
+    private static List<String> parseRolesInAssertion(org.opensaml.saml1.core.Assertion
assertion,
+            String roleAttributeName) {
+        List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
+            assertion.getAttributeStatements();
+        if (attributeStatements == null || attributeStatements.isEmpty()) {
+            return null;
+        }
+        List<String> roles = new ArrayList<String>();
+        
+        for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements)
{
+            
+            List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes();
+            for (org.opensaml.saml1.core.Attribute attribute : attributes) {
+                
+                if (attribute.getAttributeName().equals(roleAttributeName)) {
+                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                        Element attributeValueElement = attributeValue.getDOM();
+                        String value = attributeValueElement.getTextContent();
+                        roles.add(value);                    
+                    }
+                    if (attribute.getAttributeValues().size() > 1) {
+//                        Don't search for other attributes with the same name if       
                 
+//                        <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+//                             AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="roles">
+//                        <saml:AttributeValue>Value1</saml:AttributeValue>
+//                        <saml:AttributeValue>Value2</saml:AttributeValue>
+//                        </saml:Attribute>
+                        break;
+                    }
+                }
+                
+            }
+        }
+        return Collections.unmodifiableList(roles);
+    }
+    
+
+    private static List<String> parseRolesInAssertion(org.opensaml.saml2.core.Assertion
assertion,
+            String roleAttributeName) {
+        List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = 
+            assertion.getAttributeStatements();
+        if (attributeStatements == null || attributeStatements.isEmpty()) {
+            return null;
+        }
+        List<String> roles = new ArrayList<String>();
+        
+        for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements)
{
+            
+            List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes();
+            for (org.opensaml.saml2.core.Attribute attribute : attributes) {
+                
+                if (attribute.getName().equals(roleAttributeName)) {
+                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                        Element attributeValueElement = attributeValue.getDOM();
+                        String value = attributeValueElement.getTextContent();
+                        roles.add(value);                    
+                    }
+                    if (attribute.getAttributeValues().size() > 1) {
+//                        Don't search for other attributes with the same name if       
                 
+//                        <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+//                             AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="roles">
+//                        <saml:AttributeValue>Value1</saml:AttributeValue>
+//                        <saml:AttributeValue>Value2</saml:AttributeValue>
+//                        </saml:Attribute>
+                        break;
+                    }
+                }
+                
+            }
+        }
+        return Collections.unmodifiableList(roles);
+    }
+
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1372877&r1=1372876&r2=1372877&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Tue Aug 14 13:36:04 2012
@@ -22,7 +22,6 @@ import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -81,14 +80,10 @@ import org.apache.ws.security.handler.WS
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.processor.Processor;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.ws.security.validate.NoOpValidator;
 import org.apache.ws.security.validate.Validator;
 
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.xml.XMLObject;
-
 /**
  * Performs WS-Security inbound actions.
  * 
@@ -481,7 +476,7 @@ public class WSS4JInInterceptor extends 
                 if (!utWithCallbacks) {
                     WSS4JTokenConverter.convertToken(msg, p);
                 }
-                AssertionWrapper receivedAssertion = null;
+                Object receivedAssertion = null;
                 
                 List<String> roles = null;
                 if (o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
@@ -490,13 +485,8 @@ public class WSS4JInInterceptor extends 
                     if (roleAttributeName == null || roleAttributeName.length() == 0) {
                         roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                     }
-                    receivedAssertion = 
-                        (AssertionWrapper) o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-                    if (receivedAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20))
{
-                        roles = this.parseRolesInAssertion(receivedAssertion.getSaml2(),
roleAttributeName);
-                    } else {
-                        roles = this.parseRolesInAssertion(receivedAssertion.getSaml1(),
roleAttributeName);
-                    }
+                    receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                    roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
                     msg.put(SecurityContext.class, createSecurityContext(p, roles));
                 } else {
                     msg.put(SecurityContext.class, createSecurityContext(p));
@@ -800,79 +790,6 @@ public class WSS4JInInterceptor extends 
         return fault;
     }
     
-    protected List<String> parseRolesInAssertion(org.opensaml.saml1.core.Assertion
assertion,
-            String roleAttributeName) {
-        List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
-            assertion.getAttributeStatements();
-        if (attributeStatements == null || attributeStatements.isEmpty()) {
-            return null;
-        }
-        List<String> roles = new ArrayList<String>();
-        
-        for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements)
{
-            
-            List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes();
-            for (org.opensaml.saml1.core.Attribute attribute : attributes) {
-                
-                if (attribute.getAttributeName().equals(roleAttributeName)) {
-                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
-                        Element attributeValueElement = attributeValue.getDOM();
-                        String value = attributeValueElement.getTextContent();
-                        roles.add(value);                    
-                    }
-                    if (attribute.getAttributeValues().size() > 1) {
-//                        Don't search for other attributes with the same name if       
                 
-//                        <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-//                             AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="roles">
-//                        <saml:AttributeValue>Value1</saml:AttributeValue>
-//                        <saml:AttributeValue>Value2</saml:AttributeValue>
-//                        </saml:Attribute>
-                        break;
-                    }
-                }
-                
-            }
-        }
-        return Collections.unmodifiableList(roles);
-    }
-    
-
-    protected List<String> parseRolesInAssertion(org.opensaml.saml2.core.Assertion
assertion,
-            String roleAttributeName) {
-        List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = 
-            assertion.getAttributeStatements();
-        if (attributeStatements == null || attributeStatements.isEmpty()) {
-            return null;
-        }
-        List<String> roles = new ArrayList<String>();
-        
-        for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements)
{
-            
-            List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes();
-            for (org.opensaml.saml2.core.Attribute attribute : attributes) {
-                
-                if (attribute.getName().equals(roleAttributeName)) {
-                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
-                        Element attributeValueElement = attributeValue.getDOM();
-                        String value = attributeValueElement.getTextContent();
-                        roles.add(value);                    
-                    }
-                    if (attribute.getAttributeValues().size() > 1) {
-//                        Don't search for other attributes with the same name if       
                 
-//                        <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-//                             AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="roles">
-//                        <saml:AttributeValue>Value1</saml:AttributeValue>
-//                        <saml:AttributeValue>Value2</saml:AttributeValue>
-//                        </saml:Attribute>
-                        break;
-                    }
-                }
-                
-            }
-        }
-        return Collections.unmodifiableList(roles);
-    }
-    
     
     static class CXFRequestData extends RequestData {
         public CXFRequestData() {



Mime
View raw message