cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1383018 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/claims/ test/java/org/apache/cxf/sts/token/provider/
Date Mon, 10 Sep 2012 18:17:00 GMT
Author: owulff
Date: Mon Sep 10 18:16:59 2012
New Revision: 1383018

URL: http://svn.apache.org/viewvc?rev=1383018&view=rev
Log:
[CXF-4460] Support static claims globally and per endpoint

Added:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
Modified:
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java?rev=1383018&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
Mon Sep 10 18:16:59 2012
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+
+public class StaticClaimsHandler implements ClaimsHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(StaticClaimsHandler.class);
+
+    private Map<String, String> globalClaims;
+        
+    public void setGlobalClaims(Map<String, String> globalClaims) {
+        this.globalClaims = globalClaims;
+    }
+
+    public Map<String, String> getGlobalClaims() {
+        return globalClaims;
+    }
+
+    
+    public List<URI> getSupportedClaimTypes() {
+        List<URI> uriList = new ArrayList<URI>();
+        for (String uri : getGlobalClaims().keySet()) {
+            try {
+                uriList.add(new URI(uri));
+            } catch (URISyntaxException e) {
+                e.printStackTrace();
+            }
+        }
+
+        return uriList;
+    }    
+    
+    public ClaimCollection retrieveClaimValues(
+            RequestClaimCollection claims, ClaimsParameters parameters) {
+        
+        ClaimCollection claimsColl = new ClaimCollection();
+        for (RequestClaim claim : claims) {
+            if (getGlobalClaims().keySet().contains(claim.getClaimType().toString())) {
+                Claim c = new Claim();
+                c.setClaimType(claim.getClaimType());
+                c.setPrincipal(parameters.getPrincipal());
+                c.setValue(getGlobalClaims().get(claim.getClaimType().toString()));
+                claimsColl.add(c);
+            } else {
+                if (LOG.isLoggable(Level.FINER)) {
+                    LOG.finer("Unsupported claim: " + claim.getClaimType());
+                }
+            }
+        }
+        return claimsColl;
+        
+    }
+
+}
+

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java?rev=1383018&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
Mon Sep 10 18:16:59 2012
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+
+public class StaticEndpointClaimsHandler implements ClaimsHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(StaticEndpointClaimsHandler.class);
+
+    private Map<String, Map<String, String>> endpointClaimsMap;
+    private List<URI> supportedClaims;
+
+    public void setEndpointClaims(Map<String, Map<String, String>> userClaims)
{
+        this.endpointClaimsMap = userClaims;
+    }
+
+    public Map<String, Map<String, String>> getEndpointClaims() {
+        return endpointClaimsMap;
+    }
+    
+    public void setSupportedClaims(List<URI> supportedClaims) {
+        this.supportedClaims = supportedClaims;
+    }
+    
+    public List<URI> getSupportedClaimTypes() {
+        return Collections.unmodifiableList(this.supportedClaims);
+    }    
+    
+    public ClaimCollection retrieveClaimValues(
+            RequestClaimCollection claims, ClaimsParameters parameters) {
+        
+        ClaimCollection claimsColl = new ClaimCollection();
+        String appliesTo = parameters.getAppliesToAddress();
+        if (appliesTo == null) {
+            if (LOG.isLoggable(Level.FINER)) {
+                LOG.finer("AppliesTo not provided in RST. " + StaticEndpointClaimsHandler.class.getName()
+ " ignored");
+            }
+            return claimsColl;
+        }
+        Map<String, String> endpointClaims = this.getEndpointClaims().get(appliesTo);
+        if (endpointClaims == null) {
+            if (LOG.isLoggable(Level.FINER)) {
+                LOG.finer(StaticEndpointClaimsHandler.class.getName()
+                        + " doesn't define claims for endpoint '" + appliesTo + "'");
+            }
+            return claimsColl;
+        }
+        for (RequestClaim claim : claims) {
+            if (endpointClaims.keySet().contains(claim.getClaimType().toString())) {
+                Claim c = new Claim();
+                c.setClaimType(claim.getClaimType());
+                c.setPrincipal(parameters.getPrincipal());
+                c.setValue(endpointClaims.get(claim.getClaimType().toString()));
+                claimsColl.add(c);
+            } else {
+                if (LOG.isLoggable(Level.FINER)) {
+                    LOG.finer("Unsupported claim: " + claim.getClaimType());
+                }
+            }
+        }
+        return claimsColl;
+        
+    }
+
+}
+

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java?rev=1383018&r1=1383017&r2=1383018&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
Mon Sep 10 18:16:59 2012
@@ -18,9 +18,12 @@
  */
 package org.apache.cxf.sts.token.provider;
 
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import org.w3c.dom.Element;
@@ -31,10 +34,13 @@ import org.apache.cxf.message.MessageImp
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
 import org.apache.cxf.sts.claims.ClaimsHandler;
 import org.apache.cxf.sts.claims.ClaimsManager;
 import org.apache.cxf.sts.claims.RequestClaim;
 import org.apache.cxf.sts.claims.RequestClaimCollection;
+import org.apache.cxf.sts.claims.StaticClaimsHandler;
+import org.apache.cxf.sts.claims.StaticEndpointClaimsHandler;
 import org.apache.cxf.sts.common.CustomAttributeProvider;
 import org.apache.cxf.sts.common.CustomClaimsHandler;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
@@ -46,14 +52,30 @@ import org.apache.ws.security.WSConstant
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 import org.apache.ws.security.util.DOM2Writer;
 
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.xml.XMLObject;
+
 /**
  * A unit test for creating a SAML Tokens with various Attributes populated by a ClaimsHandler.
  */
 public class SAMLClaimsTest extends org.junit.Assert {
     
+    public static final URI CLAIM_STATIC_COMPANY = 
+        URI.create("http://apache.org/claims/test/company");
+    
+    public static final URI CLAIM_APPLICATION = 
+        URI.create("http://apache.org/claims/test/applicationId");
+    
+    private static final String CLAIM_STATIC_COMPANY_VALUE = "myc@mpany";
+    
+    private static final String CLAIM_APPLICATION_VALUE = "my@pplic@tion";
+    
+    private static final String APPLICATION_APPLIES_TO = "http://dummy-service.com/dummy";
+    
     /**
      * Test the creation of a SAML2 Assertion with various Attributes set by a ClaimsHandler.
      */
@@ -61,7 +83,15 @@ public class SAMLClaimsTest extends org.
     public void testSaml2Claims() throws Exception {
         TokenProvider samlTokenProvider = new SAMLTokenProvider();
         TokenProviderParameters providerParameters = 
-            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
+            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE,
null);
+        
+        ClaimsManager claimsManager = new ClaimsManager();
+        ClaimsHandler claimsHandler = new CustomClaimsHandler();
+        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+        
+        RequestClaimCollection claims = createClaims();
+        providerParameters.setRequestedClaims(claims);
         
         List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
         customProviderList.add(new CustomAttributeProvider());
@@ -83,8 +113,160 @@ public class SAMLClaimsTest extends org.
         assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
     }
     
+    /**
+     * Test the creation of a SAML2 Assertion with StaticClaimsHandler
+     */
+    @org.junit.Test
+    public void testSaml2StaticClaims() throws Exception {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE,
null);
+        
+        ClaimsManager claimsManager = new ClaimsManager();
+        StaticClaimsHandler claimsHandler = new StaticClaimsHandler();
+        Map<String, String> staticClaimsMap = new HashMap<String, String>();
+        staticClaimsMap.put(CLAIM_STATIC_COMPANY.toString(), CLAIM_STATIC_COMPANY_VALUE);
+        claimsHandler.setGlobalClaims(staticClaimsMap);
+        claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+        
+        RequestClaimCollection claims = new RequestClaimCollection();
+        RequestClaim claim = new RequestClaim();
+        claim.setClaimType(CLAIM_STATIC_COMPANY);
+        claims.add(claim);
+        providerParameters.setRequestedClaims(claims);
+        
+        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
+        customProviderList.add(new ClaimsAttributeStatementProvider());
+        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
+        
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+        
+        Element token = providerResponse.getToken();
+        String tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(providerResponse.getTokenId()));
+        assertTrue(tokenString.contains("AttributeStatement"));
+        assertTrue(tokenString.contains("alice"));
+        assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+        
+        AssertionWrapper assertion = new AssertionWrapper(token);
+        List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
+        assertEquals(attributes.size(), 1);
+        assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY.toString());
+        XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
+        assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE);   
  
+    }
+    
+    /**
+     * Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler
+     */
+    @org.junit.Test
+    public void testSaml2StaticEndpointClaims() throws Exception {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE,
null);
+        
+        ClaimsManager claimsManager = new ClaimsManager();
+        StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler();
+        
+        // Create claims map for specific application
+        Map<String, String> endpointClaimsMap = new HashMap<String, String>();
+        endpointClaimsMap.put(CLAIM_APPLICATION.toString(), CLAIM_APPLICATION_VALUE);
+        
+        Map<String, Map<String, String>> staticClaims = new HashMap<String,
Map<String, String>>();
+        staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap);
+        claimsHandler.setEndpointClaims(staticClaims);
+        
+        List<URI> supportedClaims = new ArrayList<URI>();
+        supportedClaims.add(CLAIM_APPLICATION);
+        claimsHandler.setSupportedClaims(supportedClaims);
+        
+        claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+        
+        RequestClaimCollection claims = new RequestClaimCollection();
+        RequestClaim claim = new RequestClaim();
+        claim.setClaimType(CLAIM_APPLICATION);
+        claims.add(claim);
+        providerParameters.setRequestedClaims(claims);
+        
+        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
+        customProviderList.add(new ClaimsAttributeStatementProvider());
+        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
+        
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+        
+        Element token = providerResponse.getToken();
+        String tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(providerResponse.getTokenId()));
+        assertTrue(tokenString.contains("AttributeStatement"));
+        assertTrue(tokenString.contains("alice"));
+        assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+        
+        AssertionWrapper assertion = new AssertionWrapper(token);
+        List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
+        assertEquals(attributes.size(), 1);
+        assertEquals(attributes.get(0).getName(), CLAIM_APPLICATION.toString());
+        XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
+        assertEquals(valueObj.getDOM().getTextContent(), CLAIM_APPLICATION_VALUE);      
+    }
+    
+    /**
+     * Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler
+     * but unknown AppliesTo value
+     */
+    @org.junit.Test
+    public void testSaml2StaticEndpointClaimsUnknownAppliesTo() throws Exception {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, 
+                    STSConstants.BEARER_KEY_KEYTYPE, APPLICATION_APPLIES_TO + "UNKNOWN");
+        
+        ClaimsManager claimsManager = new ClaimsManager();
+        StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler();
+        
+        // Create claims map for specific application
+        Map<String, String> endpointClaimsMap = new HashMap<String, String>();
+        endpointClaimsMap.put(CLAIM_APPLICATION.toString(), CLAIM_APPLICATION_VALUE);
+        
+        Map<String, Map<String, String>> staticClaims = new HashMap<String,
Map<String, String>>();
+        staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap);
+        claimsHandler.setEndpointClaims(staticClaims);
+        
+        List<URI> supportedClaims = new ArrayList<URI>();
+        supportedClaims.add(CLAIM_APPLICATION);
+        claimsHandler.setSupportedClaims(supportedClaims);
+        
+        claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+        
+        RequestClaimCollection claims = new RequestClaimCollection();
+        RequestClaim claim = new RequestClaim();
+        claim.setClaimType(CLAIM_APPLICATION);
+        claims.add(claim);
+        providerParameters.setRequestedClaims(claims);
+        
+        List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
+        customProviderList.add(new ClaimsAttributeStatementProvider());
+        ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+        
+        try {
+            samlTokenProvider.createToken(providerParameters);
+            fail("Failure expected as the claim for the application can't be found due to
unknown AppliesTo");
+        } catch (Exception ex) {
+            // expected on the wrong attribute provider
+        }        
+    }
+    
     private TokenProviderParameters createProviderParameters(
-        String tokenType, String keyType
+        String tokenType, String keyType, String appliesTo
     ) throws WSSecurityException {
         TokenProviderParameters parameters = new TokenProviderParameters();
         
@@ -103,7 +285,11 @@ public class SAMLClaimsTest extends org.
         WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
         parameters.setWebServiceContext(webServiceContext);
         
-        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+        if (appliesTo != null) {
+            parameters.setAppliesToAddress(appliesTo);
+        } else {
+            parameters.setAppliesToAddress(APPLICATION_APPLIES_TO);
+        }
         
         // Add STSProperties object
         StaticSTSProperties stsProperties = new StaticSTSProperties();
@@ -118,13 +304,7 @@ public class SAMLClaimsTest extends org.
         
         parameters.setEncryptionProperties(new EncryptionProperties());
         
-        ClaimsManager claimsManager = new ClaimsManager();
-        ClaimsHandler claimsHandler = new CustomClaimsHandler();
-        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
-        parameters.setClaimsManager(claimsManager);
-        
-        RequestClaimCollection claims = createClaims();
-        parameters.setRequestedClaims(claims);
+
         
         return parameters;
     }



Mime
View raw message