Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BF04ADF2F for ; Mon, 10 Sep 2012 18:31:42 +0000 (UTC) Received: (qmail 68035 invoked by uid 500); 10 Sep 2012 18:31:42 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 67997 invoked by uid 500); 10 Sep 2012 18:31:42 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 67990 invoked by uid 99); 10 Sep 2012 18:31:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Sep 2012 18:31:42 +0000 X-ASF-Spam-Status: No, hits=-1997.3 required=5.0 tests=ALL_TRUSTED,LOTTO_AGENT X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Sep 2012 18:31:40 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id C752A238896F; Mon, 10 Sep 2012 18:30:57 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1383025 - in /cxf/branches/2.6.x-fixes/services/sts/sts-core/src: main/java/org/apache/cxf/sts/claims/ test/java/org/apache/cxf/sts/token/provider/ Date: Mon, 10 Sep 2012 18:30:57 -0000 To: commits@cxf.apache.org From: owulff@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120910183057.C752A238896F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: owulff Date: Mon Sep 10 18:30:57 2012 New Revision: 1383025 URL: http://svn.apache.org/viewvc?rev=1383025&view=rev Log: [CXF-4460] Support static claims globally and per endpoint Added: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java Added: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java?rev=1383025&view=auto ============================================================================== --- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java (added) +++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java Mon Sep 10 18:30:57 2012 @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.sts.claims; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; + +import org.apache.cxf.common.logging.LogUtils; + +public class StaticClaimsHandler implements ClaimsHandler { + + private static final Logger LOG = LogUtils.getL7dLogger(StaticClaimsHandler.class); + + private Map globalClaims; + + public void setGlobalClaims(Map globalClaims) { + this.globalClaims = globalClaims; + } + + public Map getGlobalClaims() { + return globalClaims; + } + + + public List getSupportedClaimTypes() { + List uriList = new ArrayList(); + for (String uri : getGlobalClaims().keySet()) { + try { + uriList.add(new URI(uri)); + } catch (URISyntaxException e) { + e.printStackTrace(); + } + } + + return uriList; + } + + public ClaimCollection retrieveClaimValues( + RequestClaimCollection claims, ClaimsParameters parameters) { + + ClaimCollection claimsColl = new ClaimCollection(); + for (RequestClaim claim : claims) { + if (getGlobalClaims().keySet().contains(claim.getClaimType().toString())) { + Claim c = new Claim(); + c.setClaimType(claim.getClaimType()); + c.setPrincipal(parameters.getPrincipal()); + c.setValue(getGlobalClaims().get(claim.getClaimType().toString())); + claimsColl.add(c); + } else { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("Unsupported claim: " + claim.getClaimType()); + } + } + } + return claimsColl; + + } + +} + Added: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java?rev=1383025&view=auto ============================================================================== --- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java (added) +++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java Mon Sep 10 18:30:57 2012 @@ -0,0 +1,91 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.sts.claims; + +import java.net.URI; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; + +import org.apache.cxf.common.logging.LogUtils; + +public class StaticEndpointClaimsHandler implements ClaimsHandler { + + private static final Logger LOG = LogUtils.getL7dLogger(StaticEndpointClaimsHandler.class); + + private Map> endpointClaimsMap; + private List supportedClaims; + + public void setEndpointClaims(Map> userClaims) { + this.endpointClaimsMap = userClaims; + } + + public Map> getEndpointClaims() { + return endpointClaimsMap; + } + + public void setSupportedClaims(List supportedClaims) { + this.supportedClaims = supportedClaims; + } + + public List getSupportedClaimTypes() { + return Collections.unmodifiableList(this.supportedClaims); + } + + public ClaimCollection retrieveClaimValues( + RequestClaimCollection claims, ClaimsParameters parameters) { + + ClaimCollection claimsColl = new ClaimCollection(); + String appliesTo = parameters.getAppliesToAddress(); + if (appliesTo == null) { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("AppliesTo not provided in RST. " + StaticEndpointClaimsHandler.class.getName() + " ignored"); + } + return claimsColl; + } + Map endpointClaims = this.getEndpointClaims().get(appliesTo); + if (endpointClaims == null) { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer(StaticEndpointClaimsHandler.class.getName() + + " doesn't define claims for endpoint '" + appliesTo + "'"); + } + return claimsColl; + } + for (RequestClaim claim : claims) { + if (endpointClaims.keySet().contains(claim.getClaimType().toString())) { + Claim c = new Claim(); + c.setClaimType(claim.getClaimType()); + c.setPrincipal(parameters.getPrincipal()); + c.setValue(endpointClaims.get(claim.getClaimType().toString())); + claimsColl.add(c); + } else { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("Unsupported claim: " + claim.getClaimType()); + } + } + } + return claimsColl; + + } + +} + Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java?rev=1383025&r1=1383024&r2=1383025&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java (original) +++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java Mon Sep 10 18:30:57 2012 @@ -18,9 +18,12 @@ */ package org.apache.cxf.sts.token.provider; +import java.net.URI; import java.util.ArrayList; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Properties; import org.w3c.dom.Element; @@ -31,10 +34,13 @@ import org.apache.cxf.message.MessageImp import org.apache.cxf.sts.STSConstants; import org.apache.cxf.sts.StaticSTSProperties; import org.apache.cxf.sts.claims.ClaimTypes; +import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider; import org.apache.cxf.sts.claims.ClaimsHandler; import org.apache.cxf.sts.claims.ClaimsManager; import org.apache.cxf.sts.claims.RequestClaim; import org.apache.cxf.sts.claims.RequestClaimCollection; +import org.apache.cxf.sts.claims.StaticClaimsHandler; +import org.apache.cxf.sts.claims.StaticEndpointClaimsHandler; import org.apache.cxf.sts.common.CustomAttributeProvider; import org.apache.cxf.sts.common.CustomClaimsHandler; import org.apache.cxf.sts.common.PasswordCallbackHandler; @@ -46,14 +52,30 @@ import org.apache.ws.security.WSConstant import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoFactory; +import org.apache.ws.security.saml.ext.AssertionWrapper; import org.apache.ws.security.saml.ext.builder.SAML2Constants; import org.apache.ws.security.util.DOM2Writer; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.xml.XMLObject; + /** * A unit test for creating a SAML Tokens with various Attributes populated by a ClaimsHandler. */ public class SAMLClaimsTest extends org.junit.Assert { + public static final URI CLAIM_STATIC_COMPANY = + URI.create("http://apache.org/claims/test/company"); + + public static final URI CLAIM_APPLICATION = + URI.create("http://apache.org/claims/test/applicationId"); + + private static final String CLAIM_STATIC_COMPANY_VALUE = "myc@mpany"; + + private static final String CLAIM_APPLICATION_VALUE = "my@pplic@tion"; + + private static final String APPLICATION_APPLIES_TO = "http://dummy-service.com/dummy"; + /** * Test the creation of a SAML2 Assertion with various Attributes set by a ClaimsHandler. */ @@ -61,7 +83,15 @@ public class SAMLClaimsTest extends org. public void testSaml2Claims() throws Exception { TokenProvider samlTokenProvider = new SAMLTokenProvider(); TokenProviderParameters providerParameters = - createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE); + createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null); + + ClaimsManager claimsManager = new ClaimsManager(); + ClaimsHandler claimsHandler = new CustomClaimsHandler(); + claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); + providerParameters.setClaimsManager(claimsManager); + + RequestClaimCollection claims = createClaims(); + providerParameters.setRequestedClaims(claims); List customProviderList = new ArrayList(); customProviderList.add(new CustomAttributeProvider()); @@ -83,8 +113,160 @@ public class SAMLClaimsTest extends org. assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString())); } + /** + * Test the creation of a SAML2 Assertion with StaticClaimsHandler + */ + @org.junit.Test + public void testSaml2StaticClaims() throws Exception { + TokenProvider samlTokenProvider = new SAMLTokenProvider(); + TokenProviderParameters providerParameters = + createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null); + + ClaimsManager claimsManager = new ClaimsManager(); + StaticClaimsHandler claimsHandler = new StaticClaimsHandler(); + Map staticClaimsMap = new HashMap(); + staticClaimsMap.put(CLAIM_STATIC_COMPANY.toString(), CLAIM_STATIC_COMPANY_VALUE); + claimsHandler.setGlobalClaims(staticClaimsMap); + claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)claimsHandler)); + providerParameters.setClaimsManager(claimsManager); + + RequestClaimCollection claims = new RequestClaimCollection(); + RequestClaim claim = new RequestClaim(); + claim.setClaimType(CLAIM_STATIC_COMPANY); + claims.add(claim); + providerParameters.setRequestedClaims(claims); + + List customProviderList = new ArrayList(); + customProviderList.add(new ClaimsAttributeStatementProvider()); + ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList); + + assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); + TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + Element token = providerResponse.getToken(); + String tokenString = DOM2Writer.nodeToString(token); + assertTrue(tokenString.contains(providerResponse.getTokenId())); + assertTrue(tokenString.contains("AttributeStatement")); + assertTrue(tokenString.contains("alice")); + assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER)); + + AssertionWrapper assertion = new AssertionWrapper(token); + List attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes(); + assertEquals(attributes.size(), 1); + assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY.toString()); + XMLObject valueObj = attributes.get(0).getAttributeValues().get(0); + assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE); + } + + /** + * Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler + */ + @org.junit.Test + public void testSaml2StaticEndpointClaims() throws Exception { + TokenProvider samlTokenProvider = new SAMLTokenProvider(); + TokenProviderParameters providerParameters = + createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null); + + ClaimsManager claimsManager = new ClaimsManager(); + StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler(); + + // Create claims map for specific application + Map endpointClaimsMap = new HashMap(); + endpointClaimsMap.put(CLAIM_APPLICATION.toString(), CLAIM_APPLICATION_VALUE); + + Map> staticClaims = new HashMap>(); + staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap); + claimsHandler.setEndpointClaims(staticClaims); + + List supportedClaims = new ArrayList(); + supportedClaims.add(CLAIM_APPLICATION); + claimsHandler.setSupportedClaims(supportedClaims); + + claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)claimsHandler)); + providerParameters.setClaimsManager(claimsManager); + + RequestClaimCollection claims = new RequestClaimCollection(); + RequestClaim claim = new RequestClaim(); + claim.setClaimType(CLAIM_APPLICATION); + claims.add(claim); + providerParameters.setRequestedClaims(claims); + + List customProviderList = new ArrayList(); + customProviderList.add(new ClaimsAttributeStatementProvider()); + ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList); + + assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); + TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + Element token = providerResponse.getToken(); + String tokenString = DOM2Writer.nodeToString(token); + assertTrue(tokenString.contains(providerResponse.getTokenId())); + assertTrue(tokenString.contains("AttributeStatement")); + assertTrue(tokenString.contains("alice")); + assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER)); + + AssertionWrapper assertion = new AssertionWrapper(token); + List attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes(); + assertEquals(attributes.size(), 1); + assertEquals(attributes.get(0).getName(), CLAIM_APPLICATION.toString()); + XMLObject valueObj = attributes.get(0).getAttributeValues().get(0); + assertEquals(valueObj.getDOM().getTextContent(), CLAIM_APPLICATION_VALUE); + } + + /** + * Test the creation of a SAML2 Assertion with StaticEndpointClaimsHandler + * but unknown AppliesTo value + */ + @org.junit.Test + public void testSaml2StaticEndpointClaimsUnknownAppliesTo() throws Exception { + TokenProvider samlTokenProvider = new SAMLTokenProvider(); + TokenProviderParameters providerParameters = + createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, + STSConstants.BEARER_KEY_KEYTYPE, APPLICATION_APPLIES_TO + "UNKNOWN"); + + ClaimsManager claimsManager = new ClaimsManager(); + StaticEndpointClaimsHandler claimsHandler = new StaticEndpointClaimsHandler(); + + // Create claims map for specific application + Map endpointClaimsMap = new HashMap(); + endpointClaimsMap.put(CLAIM_APPLICATION.toString(), CLAIM_APPLICATION_VALUE); + + Map> staticClaims = new HashMap>(); + staticClaims.put(APPLICATION_APPLIES_TO, endpointClaimsMap); + claimsHandler.setEndpointClaims(staticClaims); + + List supportedClaims = new ArrayList(); + supportedClaims.add(CLAIM_APPLICATION); + claimsHandler.setSupportedClaims(supportedClaims); + + claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)claimsHandler)); + providerParameters.setClaimsManager(claimsManager); + + RequestClaimCollection claims = new RequestClaimCollection(); + RequestClaim claim = new RequestClaim(); + claim.setClaimType(CLAIM_APPLICATION); + claims.add(claim); + providerParameters.setRequestedClaims(claims); + + List customProviderList = new ArrayList(); + customProviderList.add(new ClaimsAttributeStatementProvider()); + ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList); + assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); + + try { + samlTokenProvider.createToken(providerParameters); + fail("Failure expected as the claim for the application can't be found due to unknown AppliesTo"); + } catch (Exception ex) { + // expected on the wrong attribute provider + } + } + private TokenProviderParameters createProviderParameters( - String tokenType, String keyType + String tokenType, String keyType, String appliesTo ) throws WSSecurityException { TokenProviderParameters parameters = new TokenProviderParameters(); @@ -103,7 +285,11 @@ public class SAMLClaimsTest extends org. WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx); parameters.setWebServiceContext(webServiceContext); - parameters.setAppliesToAddress("http://dummy-service.com/dummy"); + if (appliesTo != null) { + parameters.setAppliesToAddress(appliesTo); + } else { + parameters.setAppliesToAddress(APPLICATION_APPLIES_TO); + } // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); @@ -118,13 +304,7 @@ public class SAMLClaimsTest extends org. parameters.setEncryptionProperties(new EncryptionProperties()); - ClaimsManager claimsManager = new ClaimsManager(); - ClaimsHandler claimsHandler = new CustomClaimsHandler(); - claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); - parameters.setClaimsManager(claimsManager); - - RequestClaimCollection claims = createClaims(); - parameters.setRequestedClaims(claims); + return parameters; }