cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1394503 - in /cxf/trunk/rt: core/src/main/java/org/apache/cxf/interceptor/security/ rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/authorization/ w...
Date Fri, 05 Oct 2012 13:25:03 GMT
Author: coheigea
Date: Fri Oct  5 13:25:02 2012
New Revision: 1394503

URL: http://svn.apache.org/viewvc?rev=1394503&view=rev
Log:
[CXF-4544] - Create a common SAML-based SecurityContext for both the JAX-RS and JAX-WS layers

Added:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java
      - copied, changed from r1394433, cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
Removed:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
    cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptorTest.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java?rev=1394503&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
(added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java
Fri Oct  5 13:25:02 2012
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+import java.security.Principal;
+import java.util.Set;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.security.LoginSecurityContext;
+
+public class SAMLSecurityContext implements LoginSecurityContext {
+    
+    private final Principal principal;
+    private Set<Principal> roles;
+    private Element assertionElement;
+    private String issuer;
+    
+    public SAMLSecurityContext(Principal principal) {
+        this.principal = principal;
+    }
+    
+    public SAMLSecurityContext(
+        Principal principal, 
+        Set<Principal> roles
+    ) {
+        this.principal = principal;
+        this.roles = roles;
+    }
+    
+    public Principal getUserPrincipal() {
+        return principal;
+    }
+
+    public boolean isUserInRole(String role) {
+        if (roles == null) {
+            return false;
+        }
+        for (Principal principalRole : roles) {
+            if (principalRole.getName().equals(role)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    public javax.security.auth.Subject getSubject() {
+        return null;
+    }
+
+    public void setUserRoles(Set<Principal> userRoles) {
+        this.roles = userRoles;
+    }
+    
+    public Set<Principal> getUserRoles() {
+        return roles;
+    }
+    
+    public void setAssertionElement(Element assertionElement) {
+        this.assertionElement = assertionElement;
+    }
+    
+    public Element getAssertionElement() {
+        return assertionElement;
+    }
+    
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
+    public String getIssuer() {
+        return issuer;
+    }
+}

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java?rev=1394503&r1=1394502&r2=1394503&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
Fri Oct  5 13:25:02 2012
@@ -67,13 +67,13 @@ public class ClaimsAuthorizingIntercepto
     
     public void handleMessage(Message message) throws Fault {
         SecurityContext sc = message.get(SecurityContext.class);
-        if (!(sc instanceof SAMLSecurityContext)) {
+        if (!(sc instanceof JAXRSSAMLSecurityContext)) {
             throw new AccessDeniedException("Security Context is unavailable or unrecognized");
         }
         
         Method method = getTargetMethod(message);
         
-        if (authorize((SAMLSecurityContext)sc, method)) {
+        if (authorize((JAXRSSAMLSecurityContext)sc, method)) {
             return;
         }
         
@@ -98,7 +98,7 @@ public class ClaimsAuthorizingIntercepto
         throw new AccessDeniedException("Method is not available : Unauthorized");
     }
 
-    protected boolean authorize(SAMLSecurityContext sc, Method method) {
+    protected boolean authorize(JAXRSSAMLSecurityContext sc, Method method) {
         List<ClaimBean> list = claims.get(method.getName());
         org.apache.cxf.rs.security.saml.assertion.Claims actualClaims = sc.getClaims();
         

Copied: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java
(from r1394433, cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java?p2=cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java&p1=cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java&r1=1394433&r2=1394503&rev=1394503&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java
Fri Oct  5 13:25:02 2012
@@ -19,32 +19,35 @@
 package org.apache.cxf.rs.security.saml.authorization;
 
 import java.security.Principal;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.interceptor.security.SAMLSecurityContext;
 import org.apache.cxf.rs.security.saml.assertion.Claim;
 import org.apache.cxf.rs.security.saml.assertion.Claims;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
-import org.apache.cxf.security.SecurityContext;
 
-public class SAMLSecurityContext implements SecurityContext {
+public class JAXRSSAMLSecurityContext extends SAMLSecurityContext {
     
-    private SubjectPrincipal p;
-    private Claims claims; 
-    private Claim rolesClaim;
+    private Claims claims;
     
-    public SAMLSecurityContext(Subject subject, List<Claim> claims) {
+    public JAXRSSAMLSecurityContext(Subject subject, List<Claim> claims) {
         this(new SubjectPrincipal(subject.getName(), subject), new Claims(claims));
     }
     
-    public SAMLSecurityContext(SubjectPrincipal p, Claims claims) {
+    public JAXRSSAMLSecurityContext(SubjectPrincipal p, Claims claims) {
         this(p, claims, Claim.DEFAULT_ROLE_NAME, Claim.DEFAULT_NAME_FORMAT);
     }
     
-    public SAMLSecurityContext(SubjectPrincipal p, 
+    public JAXRSSAMLSecurityContext(SubjectPrincipal p, 
                                Claims cs,
                                String roleClaimNameQualifier,
                                String roleClaimNameFormat) {
-        this.p = p;
+        super(p);
+        
+        Claim rolesClaim = null;
         for (Claim c : cs.getClaims()) {
             if (c.getName().equals(roleClaimNameQualifier)
                 && c.getNameFormat().equals(roleClaimNameFormat)) {
@@ -53,26 +56,22 @@ public class SAMLSecurityContext impleme
             }
         }
         this.claims = cs;
-        
-    }
-    
-    public Principal getUserPrincipal() {
-        return p;
-    }
 
-    public boolean isUserInRole(String role) {
-        if (rolesClaim == null) {
-            return false;
-        }
-        for (String r : rolesClaim.getValues()) {
-            if (r.equals(role)) {
-                return true;
+        Set<Principal> userRoles;
+        if (rolesClaim != null) {
+            userRoles = new HashSet<Principal>();
+            for (String role : rolesClaim.getValues()) {
+                userRoles.add(new SimplePrincipal(role));
             }
+        } else {
+            userRoles = null;
         }
-        return false;
+        
+        setUserRoles(userRoles);
     }
     
     public Claims getClaims() {
         return claims;
     }
+
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java?rev=1394503&r1=1394502&r2=1394503&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
Fri Oct  5 13:25:02 2012
@@ -54,7 +54,7 @@ public class SecurityContextProviderImpl
         SubjectPrincipal subjectPrincipal = 
             new SubjectPrincipal(subjectPrincipalName, subject);
         
-        SecurityContext sc = new SAMLSecurityContext(subjectPrincipal,
+        SecurityContext sc = new JAXRSSAMLSecurityContext(subjectPrincipal,
                 claims,
                 defaultRoleName == null ? Claim.DEFAULT_ROLE_NAME : defaultRoleName,
                 defaultNameFormat == null ? Claim.DEFAULT_NAME_FORMAT : defaultNameFormat);

Modified: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptorTest.java?rev=1394503&r1=1394502&r2=1394503&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptorTest.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptorTest.java
Fri Oct  5 13:25:02 2012
@@ -206,7 +206,7 @@ public class ClaimsAuthorizingIntercepto
         throws Exception {
         List<org.apache.cxf.rs.security.saml.assertion.Claim> claims =
             new ArrayList<org.apache.cxf.rs.security.saml.assertion.Claim>(Arrays.asList(claim));
-        SecurityContext sc = new SAMLSecurityContext(
+        SecurityContext sc = new JAXRSSAMLSecurityContext(
                 new Subject("user"), claims);
         Message m = new MessageImpl();
         m.setExchange(new ExchangeImpl());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java?rev=1394503&r1=1394502&r2=1394503&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
Fri Oct  5 13:25:02 2012
@@ -44,6 +44,14 @@ final class SAMLUtils {
         }
     }
     
+    public static String getIssuer(Object assertion) {
+        return ((AssertionWrapper)assertion).getIssuerString();
+    }
+    
+    public static Element getAssertionElement(Object assertion) {
+        return ((AssertionWrapper)assertion).getElement();
+    }
+    
     //
     // these methods are moved from previous WSS4JInInterceptor
     //

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1394503&r1=1394502&r2=1394503&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Oct  5 13:25:02 2012
@@ -30,9 +30,6 @@ import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-
-
-import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -59,10 +56,10 @@ import org.apache.cxf.common.security.Si
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.security.SAMLSecurityContext;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.phase.PhaseInterceptor;
-import org.apache.cxf.security.LoginSecurityContext;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.staxutils.StaxUtils;
@@ -492,7 +489,10 @@ public class WSS4JInInterceptor extends 
                     }
                     receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                     roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
-                    msg.put(SecurityContext.class, createSecurityContext(p, roles));
+                    SAMLSecurityContext context = createSecurityContext(p, roles);
+                    context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
+                    context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
+                    msg.put(SecurityContext.class, context);
                 } else {
                     msg.put(SecurityContext.class, createSecurityContext(p));
                 }
@@ -534,10 +534,19 @@ public class WSS4JInInterceptor extends 
     }
     
     protected SecurityContext createSecurityContext(final Principal p) {
-        return createSecurityContext(p, null);
+        return new SecurityContext() {
+
+            public Principal getUserPrincipal() {
+                return p;
+            }
+
+            public boolean isUserInRole(String arg0) {
+                return false;
+            }
+        };
     }
     
-    protected LoginSecurityContext createSecurityContext(final Principal p, final List<String>
roles) {
+    protected SAMLSecurityContext createSecurityContext(final Principal p, final List<String>
roles) {
         final Set<Principal> userRoles;
         if (roles != null) {
             userRoles = new HashSet<Principal>();
@@ -548,23 +557,7 @@ public class WSS4JInInterceptor extends 
             userRoles = null;
         }
         
-        return new LoginSecurityContext() {
-            public Principal getUserPrincipal() {
-                return p;
-            }
-            public boolean isUserInRole(String role) {
-                if (roles == null) {
-                    return false;
-                }
-                return roles.contains(role);
-            }
-            public Subject getSubject() {
-                return null;
-            }
-            public Set<Principal> getUserRoles() {
-                return userRoles;
-            }
-        };
+        return new SAMLSecurityContext(p, userRoles);
     }
     
     private String getAction(SoapMessage msg, SoapVersion version) {



Mime
View raw message