cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1410467 - in /cxf/trunk: rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ services/sts/sy...
Date Fri, 16 Nov 2012 16:56:58 GMT
Author: coheigea
Date: Fri Nov 16 16:56:56 2012
New Revision: 1410467

URL: http://svn.apache.org/viewvc?rev=1410467&view=rev
Log:
[CXF-4638][CXF-4639] - Add ability to set STSClient Claims via a CallbackHandler
 - Add ability to send an existing SAML Token via the JAX-RS SAML code

Added:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleItNoClaims.wsdl
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler.xml
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlRetrievalInterceptor.java
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java?rev=1410467&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
Fri Nov 16 16:56:56 2012
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml;
+
+/**
+ * Some constant configuration options
+ */
+public final class SAMLConstants {
+    
+    /**
+     * This tag refers to a DOM Element representation of a SAML Token. If a SAML Token
+     * is stored on the Message Context, then the SamlFormOutInterceptor and 
+     * SamlHeaderOutInterceptor will use this token instead of creating a new SAML Token.
+     */
+    public static final String SAML_TOKEN_ELEMENT = "rs-security.saml.token.element";
+    
+    private SAMLConstants() {
+        // complete
+    }
+}

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java?rev=1410467&r1=1410466&r2=1410467&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
Fri Nov 16 16:56:56 2012
@@ -25,6 +25,8 @@ import java.util.logging.Logger;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.jaxrs.ext.form.Form;
@@ -42,8 +44,16 @@ public class SamlFormOutInterceptor exte
         if (form == null) {
             return;
         }
-        AssertionWrapper assertionWrapper = createAssertion(message);
+        
         try {
+            Element samlToken = 
+                (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
+            AssertionWrapper assertionWrapper;
+            if (samlToken != null) {
+                assertionWrapper = new AssertionWrapper(samlToken);
+            } else {
+                assertionWrapper = createAssertion(message);
+            }
             
             String encodedToken = encodeToken(assertionWrapper.assertionToString());
                 

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java?rev=1410467&r1=1410466&r2=1410467&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
Fri Nov 16 16:56:56 2012
@@ -26,6 +26,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.logging.Logger;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
@@ -37,8 +39,15 @@ public class SamlHeaderOutInterceptor ex
         LogUtils.getL7dLogger(SamlHeaderOutInterceptor.class);
     
     public void handleMessage(Message message) throws Fault {
-        AssertionWrapper assertionWrapper = createAssertion(message);
         try {
+            Element samlToken = 
+                (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
+            AssertionWrapper assertionWrapper;
+            if (samlToken != null) {
+                assertionWrapper = new AssertionWrapper(samlToken);
+            } else {
+                assertionWrapper = createAssertion(message);
+            }
             
             String encodedToken = encodeToken(assertionWrapper.assertionToString());
             

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1410467&r1=1410466&r2=1410467&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Fri Nov 16 16:56:56 2012
@@ -103,6 +103,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
 import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
 import org.apache.cxf.wsdl.EndpointReferenceUtils;
 import org.apache.cxf.wsdl.WSDLManager;
@@ -154,6 +155,7 @@ public class STSClient implements Config
     protected boolean requiresEntropy = true;
     protected Element template;
     protected Element claims;
+    protected CallbackHandler claimsCallbackHandler;
     protected AlgorithmSuite algorithmSuite;
     protected String namespace = STSUtils.WST_NS_05_12;
     protected String addressingNamespace;
@@ -1267,9 +1269,16 @@ public class STSClient implements Config
         }
     }
     
-    protected void addClaims(XMLStreamWriter writer) throws XMLStreamException {
+    protected void addClaims(XMLStreamWriter writer) throws Exception {
         if (claims != null) {
             StaxUtils.copy(claims, writer);
+        } else if (claimsCallbackHandler != null) {
+            ClaimsCallback callback = new ClaimsCallback(message);
+            claimsCallbackHandler.handle(new Callback[]{callback});
+            Element claimsElement = callback.getClaims();
+            if (claimsElement != null) {
+                StaxUtils.copy(claimsElement, writer);
+            }
         }
     }
 
@@ -1602,4 +1611,12 @@ public class STSClient implements Config
     public List<Feature> getFeatures() {
         return features;
     }
+
+    public CallbackHandler getClaimsCallbackHandler() {
+        return claimsCallbackHandler;
+    }
+
+    public void setClaimsCallbackHandler(CallbackHandler claimsCallbackHandler) {
+        this.claimsCallbackHandler = claimsCallbackHandler;
+    }
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java?rev=1410467&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
Fri Nov 16 16:56:56 2012
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.trust.claims;
+
+import javax.security.auth.callback.Callback;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.message.Message;
+
+/**
+ * This Callback class provides a pluggable way of sending Claims to the STS. A CallbackHandler
+ * instance will be supplied with this class, which contains a reference to the current
+ * Message. The CallbackHandler implementation is required to set the claims Element to be
+ * sent in the request. 
+ */
+public class ClaimsCallback implements Callback {
+    
+    private Element claims;
+    
+    private Message currentMessage;
+    
+    public ClaimsCallback() {
+        //
+    }
+    
+    public ClaimsCallback(Message currentMessage) {
+        this.currentMessage = currentMessage;
+    }
+    
+    public void setClaims(Element claims) {
+        this.claims = claims;
+    }
+    
+    public Element getClaims() {
+        return claims;
+    }
+    
+    public void setCurrentMessage(Message currentMessage) {
+        this.currentMessage = currentMessage;
+    }
+    
+    public Message getCurrentMessage() {
+        return currentMessage;
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java?rev=1410467&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
(added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
Fri Nov 16 16:56:56 2012
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.claims;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
+
+/**
+ * This CallbackHandler implementation creates a Claims Element for a "role" ClaimType and
+ * stores it on the ClaimsCallback object.
+ */
+public class ClaimsCallbackHandler implements CallbackHandler {
+    
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof ClaimsCallback) {
+                ClaimsCallback callback = (ClaimsCallback) callbacks[i];
+                callback.setClaims(createClaims());
+                
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+    
+    /**
+     * Create a Claims Element for a "role"
+     */
+    private Element createClaims() {
+        Document doc = DOMUtils.createDocument();
+        Element claimsElement = 
+            doc.createElementNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims");
+        claimsElement.setAttributeNS(null, "Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        Element claimType = 
+            doc.createElementNS("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType");
+        claimType.setAttributeNS(null, "Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+        claimsElement.appendChild(claimType);
+        return claimsElement;
+    }
+    
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java?rev=1410467&r1=1410466&r2=1410467&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
Fri Nov 16 16:56:56 2012
@@ -222,6 +222,32 @@ public class ClaimsTest extends Abstract
         bus.shutdown(true);
     }
     
+    // In this test, the WSDL the client is using has no Claims Element (however the service
+    // is using a WSDL that requires Claims). A CallbackHandler is used to send the Claims
+    // Element to the STS.
+    @org.junit.Test
+    public void testSaml2ClaimsCallbackHandler() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ClaimsTest.class.getResource("cxf-client-cbhandler.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ClaimsTest.class.getResource("DoubleItNoClaims.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
+        DoubleItPortType transportClaimsPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportClaimsPort, PORT);
+        
+        doubleIt(transportClaimsPort, 25);
+        
+        ((java.io.Closeable)transportClaimsPort).close();
+        bus.shutdown(true);
+    }
+    
     private static void doubleIt(DoubleItPortType port, int numToDouble) {
         int resp = port.doubleIt(numToDouble);
         assertEquals(numToDouble * 2 , resp);

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleItNoClaims.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleItNoClaims.wsdl?rev=1410467&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleItNoClaims.wsdl
(added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleItNoClaims.wsdl
Fri Nov 16 16:56:56 2012
@@ -0,0 +1,186 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions name="DoubleIt"
+	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt"
+	xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
+	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+	xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+	xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsaw="http://www.w3.org/2005/08/addressing"
+	xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" targetNamespace="http://www.example.org/contract/DoubleIt">
+
+    <wsdl:import location="src/test/resources/DoubleItLogical.wsdl" 
+                 namespace="http://www.example.org/contract/DoubleIt"/>
+
+	<wsdl:binding name="DoubleItTransportSAML2ClaimsBinding" type="tns:DoubleItPortType">
+		<wsp:PolicyReference URI="#DoubleItBindingTransportSAML2ClaimsPolicy" />
+		<soap:binding style="document"
+			transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="DoubleIt">
+			<soap:operation soapAction="" />
+			<wsdl:input>
+				<soap:body use="literal" />
+				<wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy" />
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal" />
+				<wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy" />
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+
+	<wsdl:service name="DoubleItService">
+		<wsdl:port name="DoubleItTransportSAML2ClaimsPort" 
+		           binding="tns:DoubleItTransportSAML2ClaimsBinding">
+			<soap:address
+				location="https://localhost:8081/doubleit/services/doubleittransportsaml2claims" />
+		</wsdl:port>
+	</wsdl:service>
+	
+	<wsp:Policy wsu:Id="DoubleItBindingTransportSAML2ClaimsPolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<wsam:Addressing wsp:Optional="false">
+					<wsp:Policy />
+				</wsam:Addressing>
+				<sp:TransportBinding
+					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+					<wsp:Policy>
+						<sp:TransportToken>
+							<wsp:Policy>
+								<sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
+							</wsp:Policy>
+						</sp:TransportToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:TripleDesRsa15 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+					</wsp:Policy>
+				</sp:TransportBinding>
+				<sp:SupportingTokens
+					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+					<wsp:Policy>
+					    <sp:IssuedToken
+						    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+							<sp:RequestSecurityTokenTemplate>
+								<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+								<t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+							</sp:RequestSecurityTokenTemplate>
+							<wsp:Policy>
+								<sp:RequireInternalReference />
+							</wsp:Policy>
+							<sp:Issuer>
+								<wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+								</wsaw:Address>
+								<wsaw:Metadata>
+									<wsx:Metadata>
+										<wsx:MetadataSection>
+											<wsx:MetadataReference>
+												<wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+												</wsaw:Address>
+											</wsx:MetadataReference>
+										</wsx:MetadataSection>
+									</wsx:Metadata>
+								</wsaw:Metadata>
+							</sp:Issuer>
+						</sp:IssuedToken>
+					</wsp:Policy>
+			    </sp:SupportingTokens>
+				<sp:Wss11>
+					<wsp:Policy>
+						<sp:MustSupportRefIssuerSerial />
+						<sp:MustSupportRefThumbprint />
+						<sp:MustSupportRefEncryptedKey />
+					</wsp:Policy>
+				</sp:Wss11>
+				<sp:Trust13>
+					<wsp:Policy>
+						<sp:MustSupportIssuedTokens />
+						<sp:RequireClientEntropy />
+						<sp:RequireServerEntropy />
+					</wsp:Policy>
+				</sp:Trust13>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+	
+	<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:EncryptedParts>
+					<sp:Body />
+				</sp:EncryptedParts>
+				<sp:SignedParts>
+					<sp:Body />
+					<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="AckRequested"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+					<sp:Header Name="SequenceAcknowledgement"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+					<sp:Header Name="Sequence"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+					<sp:Header Name="CreateSequence"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+				</sp:SignedParts>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+	<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:EncryptedParts>
+					<sp:Body />
+				</sp:EncryptedParts>
+				<sp:SignedParts>
+					<sp:Body />
+					<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+					<sp:Header Name="AckRequested"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+					<sp:Header Name="SequenceAcknowledgement"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+					<sp:Header Name="Sequence"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+					<sp:Header Name="CreateSequence"
+						Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
+				</sp:SignedParts>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+</wsdl:definitions>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler.xml?rev=1410467&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler.xml
(added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler.xml
Fri Nov 16 16:56:56 2012
@@ -0,0 +1,83 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+   xmlns:jaxws="http://cxf.apache.org/jaxws"
+   xmlns:cxf="http://cxf.apache.org/core"
+   xmlns:http="http://cxf.apache.org/transports/http/configuration"
+   xmlns:sec="http://cxf.apache.org/configuration/security"
+   xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+   
+   <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler"
/>
+   
+   <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort"
createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+           <entry key="ws-security.sts.client">
+               <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                   <constructor-arg ref="cxf"/>
+                   <property name="wsdlLocation" 
+                             value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+                   <property name="serviceName" 
+                             value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                   <property name="endpointName" 
+                             value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                   <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"
/>
+                   <property name="properties">
+                       <map>
+                           <entry key="ws-security.username" value="alice"/>
+                           <entry key="ws-security.callback-handler" 
+                                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                           <entry key="ws-security.sts.token.username" value="myclientkey"/>
+                           <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>

+                           <entry key="ws-security.sts.token.usecert" value="true"/>

+                       </map>
+                   </property>
+               </bean>            
+           </entry> 
+       </jaxws:properties>
+   </jaxws:client>
+   
+   <http:conduit name="https://localhost:.*">
+      <http:tlsClientParameters disableCNCheck="true">
+        <sec:trustManagers>
+          <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+        </sec:trustManagers>
+        <sec:keyManagers keyPassword="ckpass">
+           <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+        </sec:keyManagers>
+      </http:tlsClientParameters>
+   </http:conduit>
+   
+</beans>
+

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1410467&r1=1410466&r2=1410467&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Fri Nov 16 16:56:56 2012
@@ -41,7 +41,6 @@ import org.apache.cxf.rs.security.saml.S
 import org.apache.cxf.rs.security.xml.XmlSigOutInterceptor;
 import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -110,6 +109,53 @@ public class JAXRSSamlTest extends Abstr
         doTestEnvelopedSAMLToken(false);
     }
     
+    @Test
+    public void testGetBookPreviousSAMLTokenAsHeader() throws Exception {
+        String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
+        
+        WebClient wc = 
+            createWebClientForExistingToken(address, new SamlHeaderOutInterceptor(), null);
+        
+        try {
+            Book book = wc.get(Book.class);
+            assertEquals(123L, book.getId());
+        } catch (WebApplicationException ex) {
+            fail(ex.getMessage());
+        } catch (ClientException ex) {
+            if (ex.getCause() != null && ex.getCause().getMessage() != null) {
+                fail(ex.getCause().getMessage());
+            } else {
+                fail(ex.getMessage());
+            }
+        }
+        
+    }
+    
+    @Test
+    public void testGetBookPreviousSAMLTokenInForm() throws Exception {
+        String address = "https://localhost:" + PORT + "/samlform/bookstore/books";
+        FormEncodingProvider<Form> formProvider = new FormEncodingProvider<Form>();
+        formProvider.setExpectedEncoded(true);
+        WebClient wc = createWebClientForExistingToken(address, new SamlFormOutInterceptor(),
+                                       formProvider);
+        
+        wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_XML);
+        try {
+            Book book = wc.post(new Form().set("name", "CXF").set("id", 125),
+                                Book.class);                
+            assertEquals(125L, book.getId());
+        } catch (WebApplicationException ex) {
+            fail(ex.getMessage());
+        } catch (ClientException ex) {
+            if (ex.getCause() != null && ex.getCause().getMessage() != null) {
+                fail(ex.getCause().getMessage());
+            } else {
+                fail(ex.getMessage());
+            }
+        }
+        
+    }
+    
     public void doTestEnvelopedSAMLToken(boolean signed) throws Exception {
         String address = "https://localhost:" + PORT + "/samlxml/bookstore/books";
         WebClient wc = createWebClient(address, new SamlEnvelopedOutInterceptor(!signed),
@@ -167,4 +213,23 @@ public class JAXRSSamlTest extends Abstr
         }
         return bean.createWebClient();
     }
+    
+    private WebClient createWebClientForExistingToken(String address, 
+                                      Interceptor<Message> outInterceptor,
+                                      Object provider) {
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+        
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSSamlTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        bean.getOutInterceptors().add(outInterceptor);
+        bean.getOutInterceptors().add(new SamlRetrievalInterceptor());
+        if (provider != null) {
+            bean.setProvider(provider);
+        }
+        return bean.createWebClient();
+    }
 }

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlRetrievalInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlRetrievalInterceptor.java?rev=1410467&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlRetrievalInterceptor.java
(added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlRetrievalInterceptor.java
Fri Nov 16 16:56:56 2012
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.saml;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rs.security.saml.SAMLConstants;
+import org.apache.cxf.rs.security.saml.SamlFormOutInterceptor;
+import org.apache.cxf.rs.security.saml.SamlHeaderOutInterceptor;
+
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.SAMLParms;
+
+/**
+ * An Interceptor to "retrieve" a SAML Token, i.e. create one and set it on the message
+ * context so that the Saml*Interceptors can write it out in a particular way.
+ */
+public class SamlRetrievalInterceptor extends AbstractPhaseInterceptor<Message> {
+    
+    static {
+        WSSConfig.init();
+    }
+    
+    protected SamlRetrievalInterceptor() {
+        super(Phase.WRITE);
+        addBefore(SamlFormOutInterceptor.class.getName());
+        addBefore(SamlHeaderOutInterceptor.class.getName());
+    } 
+
+    @Override
+    public void handleMessage(Message message) throws Fault {
+        
+        // Create a SAML Token
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(new SamlCallbackHandler());
+        try {
+            AssertionWrapper assertion = new AssertionWrapper(samlParms);
+            Document doc = DOMUtils.createDocument();
+            Element token = assertion.toDOM(doc);
+            message.setContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT, token);
+        } catch (WSSecurityException ex) {
+            StringWriter sw = new StringWriter();
+            ex.printStackTrace(new PrintWriter(sw));
+            throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+        }
+        
+    }
+}



Mime
View raw message