cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1506519 - in /cxf/branches/2.7.x-fixes/services/sts: sts-core/src/main/java/org/apache/cxf/sts/token/provider/ sts-core/src/test/java/org/apache/cxf/sts/token/provider/ systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_t...
Date Wed, 24 Jul 2013 12:36:18 GMT
Author: coheigea
Date: Wed Jul 24 12:36:18 2013
New Revision: 1506519

URL: http://svn.apache.org/r1506519
Log:
Remove "OnBehalfOf" Attribute from created OnBehalfOf Assertions


Conflicts:
	services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java

Modified:
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
    cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java

Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java?rev=1506519&r1=1506518&r2=1506519&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
(original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
Wed Jul 24 12:36:18 2013
@@ -54,19 +54,11 @@ public class DefaultAttributeStatementPr
         AttributeBean attributeBean = createDefaultAttribute(tokenType);
         attributeList.add(attributeBean);
         
-        ReceivedToken onBehalfOf = tokenRequirements.getOnBehalfOf();
         ReceivedToken actAs = tokenRequirements.getActAs();
         try {
-            if (onBehalfOf != null) {
-                AttributeBean parameterBean = 
-                    handleAdditionalParameters(false, onBehalfOf.getToken(), tokenType);
-                if (!parameterBean.getAttributeValues().isEmpty()) {
-                    attributeList.add(parameterBean);
-                }
-            }
             if (actAs != null) {
                 AttributeBean parameterBean = 
-                    handleAdditionalParameters(true, actAs.getToken(), tokenType);
+                    handleAdditionalParameters(actAs.getToken(), tokenType);
                 if (!parameterBean.getAttributeValues().isEmpty()) {
                     attributeList.add(parameterBean);
                 }
@@ -101,16 +93,15 @@ public class DefaultAttributeStatementPr
     }
 
     /**
-     * Handle ActAs or OnBehalfOf elements.
+     * Handle an ActAs element.
      */
     private AttributeBean handleAdditionalParameters(
-        boolean actAs, 
         Object parameter, 
         String tokenType
     ) throws WSSecurityException {
         AttributeBean parameterBean = new AttributeBean();
 
-        String claimType = actAs ? "ActAs" : "OnBehalfOf";
+        String claimType = "ActAs";
         if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType))
{
             parameterBean.setQualifiedName(claimType);
             parameterBean.setNameFormat("http://cxf.apache.org/sts");

Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java?rev=1506519&r1=1506518&r2=1506519&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
(original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
Wed Jul 24 12:36:18 2013
@@ -86,7 +86,6 @@ public class SAMLProviderOnBehalfOfTest 
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
-        assertTrue(tokenString.contains("OnBehalfOf"));
         assertTrue(tokenString.contains("bob"));
     }
     
@@ -118,7 +117,6 @@ public class SAMLProviderOnBehalfOfTest 
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
         assertTrue(tokenString.contains(user));
-        assertTrue(tokenString.contains("OnBehalfOf"));
     }
     
     /**

Modified: cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java?rev=1506519&r1=1506518&r2=1506519&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java
(original)
+++ cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java
Wed Jul 24 12:36:18 2013
@@ -20,21 +20,20 @@ package org.apache.cxf.systest.sts.inter
 
 import java.util.List;
 
-import org.w3c.dom.Element;
-
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.validate.Credential;
 import org.apache.ws.security.validate.SamlAssertionValidator;
+
 import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
 
 /**
- * This class validates a SAML 2 Assertion and checks that it has an OnBehalfOf Attribute
with
- * a value containing "alice" or "bob".
+ * This class validates a SAML 2 Assertion and checks that it has a Subject with a value

+ * containing "alice" or bob
  */
 public class OnBehalfOfValidator extends SamlAssertionValidator {
     
@@ -53,20 +52,11 @@ public class OnBehalfOfValidator extends
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         }
         
-        for (AttributeStatement statement : attributeStatements) {
-            List<Attribute> attributes = statement.getAttributes();
-            for (Attribute attribute : attributes) {
-                if (!"OnBehalfOf".equals(attribute.getName())) {
-                    continue;
-                }
-                for (XMLObject attributeValue : attribute.getAttributeValues()) {
-                    Element attributeValueElement = attributeValue.getDOM();
-                    String text = attributeValueElement.getTextContent();
-                    if (text.contains("alice") || text.contains("bob")) {
-                        return validatedCredential;
-                    }
-                }
-            }
+        Subject subject = saml2Assertion.getSubject();
+        NameID nameID = subject.getNameID();
+        String subjectName = nameID.getValue();
+        if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
+            return validatedCredential;
         }
         
         throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");



Mime
View raw message