cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1485241 - in /cxf/branches/wss4j2.0-port: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ services/sts/systests/basic/src/test/java/org/apache/cxf...
Date Wed, 22 May 2013 15:14:08 GMT
Author: coheigea
Date: Wed May 22 15:14:07 2013
New Revision: 1485241

URL: http://svn.apache.org/r1485241
Log:
[CXF-5031] - Add support for SupportingToken policy assertions without a binding


Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java

Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
    cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl
    cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-client.xml
    cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-service.xml

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1485241&r1=1485240&r2=1485241&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed May 22 15:14:07 2013
@@ -279,15 +279,9 @@ public class PolicyBasedWSS4JInIntercept
         return action;
     }
     
-    private String checkTransportBinding(
+    private String checkDefaultBinding(
         AssertionInfoMap aim, String action, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (ais.isEmpty()) {
-            return action;
-        }
-        
         action = addToAction(action, "Signature", true);
         action = addToAction(action, "Encrypt", true);
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
@@ -560,7 +554,10 @@ public class PolicyBasedWSS4JInIntercept
             handleWSS11(aim, message);
             action = checkAsymmetricBinding(aim, action, message);
             action = checkSymmetricBinding(aim, action, message);
-            action = checkTransportBinding(aim, action, message);
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
+            if ("".equals(action) || (ais != null && !ais.isEmpty())) {
+                action = checkDefaultBinding(aim, action, message);
+            }
             checkUsernameToken(aim, message);
             
             // stuff we can default to asserted and un-assert if a condition isn't met

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1485241&r1=1485240&r2=1485241&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed May 22 15:14:07 2013
@@ -148,8 +148,10 @@ public class TransportBindingHandler ext
                             addEncryptedKeyElement(cloneElement(el));
                         } 
                     }
+                }
                     
-                    handleNonEndorsingSupportingTokens();
+                handleNonEndorsingSupportingTokens();
+                if (transportTokenWrapper != null) {
                     handleEndorsingSupportingTokens();
                 }
             } else {

Modified: cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java?rev=1485241&r1=1485240&r2=1485241&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
(original)
+++ cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
Wed May 22 15:14:07 2013
@@ -165,6 +165,31 @@ public class BearerTest extends Abstract
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testSAML2BearerNoBinding() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BearerTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BearerTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort2");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        
+        doubleIt(transportSaml2Port, 45);
+        
+        ((java.io.Closeable)transportSaml2Port).close();
+        bus.shutdown(true);
+    }
     
     private static void doubleIt(DoubleItPortType port, int numToDouble) {
         int resp = port.doubleIt(numToDouble);

Modified: cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl?rev=1485241&r1=1485240&r2=1485241&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl
(original)
+++ cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl
Wed May 22 15:14:07 2013
@@ -44,6 +44,20 @@
 			</wsdl:output>
 		</wsdl:operation>
 	</wsdl:binding>
+	<wsdl:binding name="DoubleItTransportSAML2BearerBinding2" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2BearerNoBindingPolicy"
/>
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
 
 	<wsdl:service name="DoubleItService">
 		<wsdl:port name="DoubleItTransportSAML2BearerPort" 
@@ -51,6 +65,11 @@
 			<soap:address
 				location="https://localhost:8081/doubleit/services/doubleittransportsaml2bearer" />
 		</wsdl:port>
+		<wsdl:port name="DoubleItTransportSAML2BearerPort2" 
+                   binding="tns:DoubleItTransportSAML2BearerBinding2">
+            <soap:address
+                location="https://localhost:8081/doubleit/services/doubleittransportsaml2bearer2"
/>
+        </wsdl:port>
 	</wsdl:service>
 	
 	<wsp:Policy wsu:Id="DoubleItBindingTransportSAML2BearerPolicy">
@@ -129,6 +148,59 @@
 		</wsp:ExactlyOne>
 	</wsp:Policy>
 	
+	<wsp:Policy wsu:Id="DoubleItBindingTransportSAML2BearerNoBindingPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsam:Addressing wsp:Optional="false">
+                    <wsp:Policy />
+                </wsam:Addressing>
+                <sp:SignedSupportingTokens
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:IssuedToken
+                            sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <sp:RequestSecurityTokenTemplate>
+                                <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+                                <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType>
+                            </sp:RequestSecurityTokenTemplate>
+                            <wsp:Policy>
+                                <sp:RequireInternalReference />
+                            </wsp:Policy>
+                            <sp:Issuer>
+                                <wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+                                </wsaw:Address>
+                                <wsaw:Metadata>
+                                    <wsx:Metadata>
+                                        <wsx:MetadataSection>
+                                            <wsx:MetadataReference>
+                                                <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+                                                </wsaw:Address>
+                                            </wsx:MetadataReference>
+                                        </wsx:MetadataSection>
+                                    </wsx:Metadata>
+                                </wsaw:Metadata>
+                            </sp:Issuer>
+                        </sp:IssuedToken>
+                    </wsp:Policy>
+                </sp:SignedSupportingTokens>
+                <sp:Wss11>
+                    <wsp:Policy>
+                        <sp:MustSupportRefIssuerSerial />
+                        <sp:MustSupportRefThumbprint />
+                        <sp:MustSupportRefEncryptedKey />
+                    </wsp:Policy>
+                </sp:Wss11>
+                <sp:Trust13>
+                    <wsp:Policy>
+                        <sp:MustSupportIssuedTokens />
+                        <sp:RequireClientEntropy />
+                        <sp:RequireServerEntropy />
+                    </wsp:Policy>
+                </sp:Trust13>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+	
 	<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
 		<wsp:ExactlyOne>
 			<wsp:All>

Modified: cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-client.xml?rev=1485241&r1=1485240&r2=1485241&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-client.xml
(original)
+++ cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-client.xml
Wed May 22 15:14:07 2013
@@ -35,32 +35,39 @@ http://cxf.apache.org/configuration/secu
         </cxf:features>
     </cxf:bus>
    
+    <bean id="stsClient" class="org.apache.cxf.ws.security.trust.STSClient">
+        <constructor-arg ref="cxf"/>
+        <property name="wsdlLocation" 
+                  value="https://localhost:8443/SecurityTokenService/Transport?wsdl"/>
+        <property name="serviceName" 
+                  value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+        <property name="endpointName" 
+                  value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+        <property name="properties">
+            <map>
+                <entry key="ws-security.username" value="alice"/>
+                <entry key="ws-security.callback-handler" 
+                       value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                <entry key="ws-security.sts.token.username" value="myclientkey"/>
+                <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>

+                <entry key="ws-security.sts.token.usecert" value="true"/> 
+             </map>
+         </property>
+    </bean>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2BearerPort"

                   createdFromAPI="true">
        <jaxws:properties>
-           <entry key="ws-security.sts.client">
-               <bean class="org.apache.cxf.ws.security.trust.STSClient">
-                   <constructor-arg ref="cxf"/>
-                   <property name="wsdlLocation" 
-                             value="https://localhost:8443/SecurityTokenService/Transport?wsdl"/>
-                   <property name="serviceName" 
-                             value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
-                   <property name="endpointName" 
-                             value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
-                   <property name="properties">
-                       <map>
-                           <entry key="ws-security.username" value="alice"/>
-                           <entry key="ws-security.callback-handler" 
-                                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-                           <entry key="ws-security.sts.token.username" value="myclientkey"/>
-                           <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>

-                           <entry key="ws-security.sts.token.usecert" value="true"/>

-                       </map>
-                   </property>
-               </bean>            
-           </entry> 
+           <entry key="ws-security.sts.client" value-ref="stsClient"/>
        </jaxws:properties>
-   </jaxws:client>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2BearerPort2"

+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.sts.client" value-ref="stsClient"/>
+       </jaxws:properties>
+    </jaxws:client>
    
    <http:conduit name="https://localhost.*">
       <http:tlsClientParameters disableCNCheck="true">

Modified: cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-service.xml?rev=1485241&r1=1485240&r2=1485241&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-service.xml
(original)
+++ cxf/branches/wss4j2.0-port/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-service.xml
Wed May 22 15:14:07 2013
@@ -56,6 +56,23 @@
       </jaxws:properties> 
    </jaxws:endpoint>
    
+   <jaxws:endpoint id="doubleittransportsaml2bearer2"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItTransportSAML2BearerPort2"
+      serviceName="s:DoubleItService"
+      depends-on="ClientAuthHttpsSettings"
+      address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml2bearer2"
+      wsdlLocation="org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl"
+      xmlns:s="http://www.example.org/contract/DoubleIt">
+        
+      <jaxws:properties>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.is-bsp-compliant" value="false"/>
+      </jaxws:properties> 
+   </jaxws:endpoint>
+   
    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
    <httpj:engine port="${testutil.ports.Server}">
     <httpj:tlsServerParameters>



Mime
View raw message