Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1506515 - in /cxf/trunk/services/sts:
 sts-core/src/main/java/org/apache/cxf/sts/token/provider/
 sts-core/src/test/java/org/apache/cxf/sts/token/provider/
 systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/
Date: Wed, 24 Jul 2013 12:20:25 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
Message-Id: <20130724122025.892B023888CD@eris.apache.org>

Author: coheigea
Date: Wed Jul 24 12:20:24 2013
New Revision: 1506515

URL: http://svn.apache.org/r1506515
Log:
Remove "OnBehalfOf" Attribute from created OnBehalfOf Assertions

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java?rev=1506515&r1=1506514&r2=1506515&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java Wed Jul 24 12:20:24 2013
@@ -55,19 +55,11 @@ public class DefaultAttributeStatementPr
         AttributeBean attributeBean = createDefaultAttribute(tokenType);
         attributeList.add(attributeBean);
         
-        ReceivedToken onBehalfOf = tokenRequirements.getOnBehalfOf();
         ReceivedToken actAs = tokenRequirements.getActAs();
         try {
-            if (onBehalfOf != null) {
-                AttributeBean parameterBean = 
-                    handleAdditionalParameters(false, onBehalfOf.getToken(), tokenType);
-                if (!parameterBean.getAttributeValues().isEmpty()) {
-                    attributeList.add(parameterBean);
-                }
-            }
             if (actAs != null) {
                 AttributeBean parameterBean = 
-                    handleAdditionalParameters(true, actAs.getToken(), tokenType);
+                    handleAdditionalParameters(actAs.getToken(), tokenType);
                 if (!parameterBean.getAttributeValues().isEmpty()) {
                     attributeList.add(parameterBean);
                 }
@@ -102,16 +94,15 @@ public class DefaultAttributeStatementPr
     }
 
     /**
-     * Handle ActAs or OnBehalfOf elements.
+     * Handle an ActAs element.
      */
     private AttributeBean handleAdditionalParameters(
-        boolean actAs, 
         Object parameter, 
         String tokenType
     ) throws WSSecurityException {
         AttributeBean parameterBean = new AttributeBean();
 
-        String claimType = actAs ? "ActAs" : "OnBehalfOf";
+        String claimType = "ActAs";
         if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) {
             parameterBean.setQualifiedName(claimType);
             parameterBean.setNameFormat("http://cxf.apache.org/sts");

Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java?rev=1506515&r1=1506514&r2=1506515&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java Wed Jul 24 12:20:24 2013
@@ -86,7 +86,6 @@ public class SAMLProviderOnBehalfOfTest 
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
-        assertTrue(tokenString.contains("OnBehalfOf"));
         assertTrue(tokenString.contains("bob"));
     }
     
@@ -118,7 +117,6 @@ public class SAMLProviderOnBehalfOfTest 
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
         assertTrue(tokenString.contains(user));
-        assertTrue(tokenString.contains("OnBehalfOf"));
     }
     
     /**

Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java?rev=1506515&r1=1506514&r2=1506515&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java Wed Jul 24 12:20:24 2013
@@ -20,21 +20,19 @@ package org.apache.cxf.systest.sts.inter
 
 import java.util.List;
 
-import org.w3c.dom.Element;
-
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SamlAssertionValidator;
 import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
 
 /**
- * This class validates a SAML 2 Assertion and checks that it has an OnBehalfOf Attribute with
- * a value containing "alice" or "bob".
+ * This class validates a SAML 2 Assertion and checks that it has a Subject with a value 
+ * containing "alice" or bob
  */
 public class OnBehalfOfValidator extends SamlAssertionValidator {
     
@@ -53,20 +51,11 @@ public class OnBehalfOfValidator extends
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
-        for (AttributeStatement statement : attributeStatements) {
-            List<Attribute> attributes = statement.getAttributes();
-            for (Attribute attribute : attributes) {
-                if (!"OnBehalfOf".equals(attribute.getName())) {
-                    continue;
-                }
-                for (XMLObject attributeValue : attribute.getAttributeValues()) {
-                    Element attributeValueElement = attributeValue.getDOM();
-                    String text = attributeValueElement.getTextContent();
-                    if (text.contains("alice") || text.contains("bob")) {
-                        return validatedCredential;
-                    }
-                }
-            }
+        Subject subject = saml2Assertion.getSubject();
+        NameID nameID = subject.getNameID();
+        String subjectName = nameID.getValue();
+        if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
+            return validatedCredential;
         }
         
         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");