cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1520355 - in /cxf/branches/2.7.x-fixes/services/sts: sts-core/src/main/java/org/apache/cxf/sts/operation/ sts-core/src/main/java/org/apache/cxf/sts/request/ sts-core/src/main/java/org/apache/cxf/sts/token/delegation/ sts-core/src/test/java...
Date Thu, 05 Sep 2013 16:02:40 GMT
Author: coheigea
Date: Thu Sep  5 16:02:40 2013
New Revision: 1520355

URL: http://svn.apache.org/r1520355
Log:
[CXF-5251] - A revised version of this patch following some comments by Oli


Conflicts:
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/UsernameTokenDelegationHandler.java
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
	services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java

Added:
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
      - copied, changed from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
      - copied, changed from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java
      - copied, changed from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java
      - copied, changed from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java
Removed:
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/UsernameTokenDelegationHandler.java
Modified:
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
    cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
    cxf/branches/2.7.x-fixes/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
    cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java
    cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
    cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml

Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java Thu Sep  5 16:02:40 2013
@@ -36,6 +36,7 @@ import javax.xml.ws.handler.MessageConte
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.sts.IdentityMapper;
@@ -48,8 +49,6 @@ import org.apache.cxf.sts.claims.Request
 import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.AbstractSTSEvent;
 import org.apache.cxf.sts.event.STSEventListener;
-import org.apache.cxf.sts.request.DefaultDelegationHandler;
-import org.apache.cxf.sts.request.DelegationHandler;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
@@ -57,6 +56,9 @@ import org.apache.cxf.sts.request.Reques
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
+import org.apache.cxf.sts.token.delegation.TokenDelegationParameters;
+import org.apache.cxf.sts.token.delegation.TokenDelegationResponse;
 import org.apache.cxf.sts.token.provider.TokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProviderParameters;
 import org.apache.cxf.sts.token.provider.TokenReference;
@@ -105,16 +107,8 @@ public abstract class AbstractOperation 
     protected TokenStore tokenStore;
     protected ClaimsManager claimsManager = new ClaimsManager();
     protected STSEventListener eventPublisher;
-    protected DelegationHandler delegationHandler = new DefaultDelegationHandler();
+    protected List<TokenDelegationHandler> delegationHandlers = new ArrayList<TokenDelegationHandler>();
     
-    public DelegationHandler getDelegationHandler() {
-        return delegationHandler;
-    }
-
-    public void setDelegationHandler(DelegationHandler delegationHandler) {
-        this.delegationHandler = delegationHandler;
-    }
-
     public boolean isReturnReferences() {
         return returnReferences;
     }
@@ -147,6 +141,14 @@ public abstract class AbstractOperation 
         this.tokenProviders = tokenProviders;
     }
     
+    public List<TokenDelegationHandler> getDelegationHandlers() {
+        return delegationHandlers;
+    }
+
+    public void setDelegationHandlers(List<TokenDelegationHandler> delegationHandlers) {
+        this.delegationHandlers = delegationHandlers;
+    }
+
     public List<TokenProvider> getTokenProviders() {
         return tokenProviders;
     }
@@ -582,6 +584,48 @@ public abstract class AbstractOperation 
         return tokenResponse;
     }
     
+    protected void performDelegationHandling(
+        RequestParser requestParser, WebServiceContext context, ReceivedToken token
+    ) {
+        TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
+        delegationParameters.setStsProperties(stsProperties);
+        delegationParameters.setPrincipal(context.getUserPrincipal());
+        delegationParameters.setWebServiceContext(context);
+        delegationParameters.setTokenStore(getTokenStore());
+        
+        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        delegationParameters.setKeyRequirements(keyRequirements);
+        delegationParameters.setTokenRequirements(tokenRequirements);
+        
+        // Extract AppliesTo
+        String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
+        delegationParameters.setAppliesToAddress(address);
+        
+        delegationParameters.setToken(token);
+
+        TokenDelegationResponse tokenResponse = null;
+        for (TokenDelegationHandler delegationHandler : delegationHandlers) {
+            if (delegationHandler.canHandleToken(token)) {
+                try {
+                    tokenResponse = delegationHandler.isDelegationAllowed(delegationParameters);
+                } catch (RuntimeException ex) {
+                    LOG.log(Level.WARNING, "", ex);
+                    throw new STSException("Error in delegation handling", ex, STSException.REQUEST_FAILED);
+                }
+                break;
+            }
+        }
+        
+        if (tokenResponse == null || !tokenResponse.isDelegationAllowed()) {
+            LOG.log(Level.WARNING, "No matching token delegation handler found");
+            throw new STSException(
+                "No matching token delegation handler found", 
+                STSException.REQUEST_FAILED
+            );
+        }
+    }
+    
     protected void checkClaimsSupport(RequestClaimCollection requestedClaims) {
         if (requestedClaims != null) {
             List<URI> unhandledClaimTypes = new ArrayList<URI>();

Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Thu Sep  5 16:02:40 2013
@@ -144,13 +144,14 @@ public class TokenIssueOperation extends
                 }
             }
             
-            if (delegationHandler != null) {
-                String appliesToAddress = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
-                if (!delegationHandler.isDelegationAllowed(context, tokenRequirements, appliesToAddress)) {
-                    LOG.fine("Token Delegation (OnBehalfOf/ActAs) is not allowed for this particular token");
-                    throw new STSException("Token Delegation (OnBehalfOf/ActAs) is not allowed", 
-                                           STSException.REQUEST_FAILED);
-                }
+            // See whether OnBehalfOf/ActAs is allowed or not
+            if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
+                performDelegationHandling(requestParser, context,
+                                    providerParameters.getTokenRequirements().getOnBehalfOf());
+            }
+            if (providerParameters.getTokenRequirements().getActAs() != null) {
+                performDelegationHandling(requestParser, context,
+                                    providerParameters.getTokenRequirements().getActAs());
             }
 
             // Validate OnBehalfOf token if present

Copied: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java (from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java?p2=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java&p1=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java&r1=1520314&r2=1520355&rev=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java Thu Sep  5 16:02:40 2013
@@ -16,27 +16,26 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.sts.request;
+package org.apache.cxf.sts.token.delegation;
 
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.xml.ws.WebServiceContext;
-
 import org.w3c.dom.Element;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 
 /**
- * This DelegationHandler implementation extends the Default implementation to allow SAML
+ * This TokenDelegationHandler implementation extends the Default implementation to allow SAML
  * Tokens with HolderOfKey Subject Confirmation.
  */
-public class HOKDelegationHandler extends DefaultDelegationHandler {
+public class HOKDelegationHandler extends SAMLDelegationHandler {
     
     private static final Logger LOG = 
         LogUtils.getL7dLogger(HOKDelegationHandler.class);
@@ -46,15 +45,8 @@ public class HOKDelegationHandler extend
      */
     @Override
     protected boolean isDelegationAllowed(
-        WebServiceContext context,
-        ReceivedToken receivedToken, 
-        String appliesToAddress
+        ReceivedToken receivedToken, String appliesToAddress
     ) {
-        // It must be a SAML Token
-        if (!isSAMLToken(receivedToken)) {
-            return false;
-        }
-
         Element validateTargetElement = (Element)receivedToken.getToken();
         try {
             AssertionWrapper assertion = new AssertionWrapper(validateTargetElement);
@@ -82,4 +74,4 @@ public class HOKDelegationHandler extend
         return true;
     }
     
-}
\ No newline at end of file
+}

Copied: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java (from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java?p2=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java&p1=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java&r1=1520314&r2=1520355&rev=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java Thu Sep  5 16:02:40 2013
@@ -16,18 +16,17 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.sts.request;
+package org.apache.cxf.sts.token.delegation;
 
 import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.xml.ws.WebServiceContext;
-
 import org.w3c.dom.Element;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -36,55 +35,51 @@ import org.apache.ws.security.saml.ext.b
 import org.opensaml.saml1.core.AudienceRestrictionCondition;
 
 /**
- * The Default DelegationHandler implementation. It disallows ActAs or OnBehalfOf for
+ * The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for
  * all cases apart from the case of a Bearer SAML Token. In addition, the AppliesTo
  * address (if supplied) must match an AudienceRestriction address (if in token)
  */
-public class DefaultDelegationHandler implements DelegationHandler {
+public class SAMLDelegationHandler implements TokenDelegationHandler {
     
     private static final Logger LOG = 
-        LogUtils.getL7dLogger(DefaultDelegationHandler.class);
+        LogUtils.getL7dLogger(SAMLDelegationHandler.class);
     
-    /**
-     * Returns true if delegation is allowed.
-     * @param context WebServiceContext
-     * @param tokenRequirements The parameters extracted from the request
-     * @param appliesToAddress The AppliesTo address (if any)
-     * @param onBehalfOf whether the token was received OnBehalfOf or ActAs
-     * @return true if delegation is allowed.
-     */
-    public boolean isDelegationAllowed(
-        WebServiceContext context,
-        TokenRequirements tokenRequirements, 
-        String appliesToAddress
-    ) {
-        if (tokenRequirements.getOnBehalfOf() != null 
-            && !isDelegationAllowed(context, tokenRequirements.getOnBehalfOf(), appliesToAddress)) {
-            return false;
+    public boolean canHandleToken(ReceivedToken delegateTarget) {
+        Object token = delegateTarget.getToken();
+        if (token instanceof Element) {
+            Element tokenElement = (Element)token;
+            String namespace = tokenElement.getNamespaceURI();
+            String localname = tokenElement.getLocalName();
+            if ((WSConstants.SAML_NS.equals(namespace) || WSConstants.SAML2_NS.equals(namespace))
+                && "Assertion".equals(localname)) {
+                return true;
+            }
         }
+        return false;
+    }
+    
+    public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
+        TokenDelegationResponse response = new TokenDelegationResponse();
+        ReceivedToken delegateTarget = tokenParameters.getToken();
+        response.setToken(delegateTarget);
         
-        if (tokenRequirements.getActAs() != null 
-            && !isDelegationAllowed(context, tokenRequirements.getActAs(), appliesToAddress)) {
-            return false;
+        if (!delegateTarget.isDOMElement()) {
+            return response;
         }
         
-        return true;
+        if (isDelegationAllowed(delegateTarget, tokenParameters.getAppliesToAddress())) {
+            response.setDelegationAllowed(true);
+        }
+        
+        return response;
     }
     
     /**
      * Is Delegation allowed for a particular token
      */
     protected boolean isDelegationAllowed(
-        WebServiceContext context,
-        ReceivedToken receivedToken, 
-        String appliesToAddress
+        ReceivedToken receivedToken, String appliesToAddress
     ) {
-        // It must be a SAML Token
-        if (!isSAMLToken(receivedToken)) {
-            LOG.fine("Received token is not a SAML Token");
-            return false;
-        }
-
         Element validateTargetElement = (Element)receivedToken.getToken();
         try {
             AssertionWrapper assertion = new AssertionWrapper(validateTargetElement);
@@ -113,20 +108,6 @@ public class DefaultDelegationHandler im
         return true;
     }
     
-    protected boolean isSAMLToken(ReceivedToken target) {
-        Object token = target.getToken();
-        if (token instanceof Element) {
-            Element tokenElement = (Element)token;
-            String namespace = tokenElement.getNamespaceURI();
-            String localname = tokenElement.getLocalName();
-            if ((WSConstants.SAML_NS.equals(namespace) || WSConstants.SAML2_NS.equals(namespace))
-                && "Assertion".equals(localname)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    
     protected List<String> getAudienceRestrictions(AssertionWrapper assertion) {
         List<String> addresses = new ArrayList<String>();
         if (assertion.getSaml1() != null) {
@@ -148,4 +129,4 @@ public class DefaultDelegationHandler im
         return addresses;
     }
     
-}
\ No newline at end of file
+}

Copied: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java (from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java?p2=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java&p1=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java&r1=1520314&r2=1520355&rev=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java Thu Sep  5 16:02:40 2013
@@ -16,29 +16,26 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.sts.request;
+package org.apache.cxf.sts.token.delegation;
 
-import javax.xml.ws.WebServiceContext;
+import org.apache.cxf.sts.request.ReceivedToken;
 
 
 /**
  * This interface controls whether the STS allows an authenticated user to get a token
- * OnBehalfOf or ActAs another token. The tokens should be taken from the TokenRequirements
- * object passed as a parameter.
+ * OnBehalfOf or ActAs another token.
  */
-public interface DelegationHandler {
+public interface TokenDelegationHandler {
     
     /**
-     * Returns true if delegation is allowed.
-     * @param context WebServiceContext
-     * @param tokenRequirements The parameters extracted from the request
-     * @param appliesToAddress The AppliesTo address (if any)
-     * @return true if delegation is allowed.
+     * Return true if this TokenDelegationHandler implementation is capable of handling the
+     * ReceivedToken argument.
      */
-    boolean isDelegationAllowed(
-        WebServiceContext context,
-        TokenRequirements tokenRequirements, 
-        String appliesToAddress
-    );
+    boolean canHandleToken(ReceivedToken delegateTarget);
+    
+    /**
+     * See if delegation is allowed for a Token using the given TokenDelegationParameters.
+     */
+    TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters);
     
 }
\ No newline at end of file

Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java?rev=1520355&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java Thu Sep  5 16:02:40 2013
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.delegation;
+
+import java.security.Principal;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+
+/**
+ * This class encapsulates the parameters that will be passed to a TokenDelegationHandler instance to. 
+ * It consists of both parameters that have been extracted from the request, as well as 
+ * configuration specific to the Operation itself (STSPropertiesMBean etc.)
+ */
+public class TokenDelegationParameters {
+
+    private STSPropertiesMBean stsProperties;
+    private Principal principal;
+    private WebServiceContext webServiceContext;
+    private KeyRequirements keyRequirements;
+    private TokenRequirements tokenRequirements;
+    private TokenStore tokenStore;
+    private ReceivedToken token;
+    private String appliesToAddress;
+    
+    public ReceivedToken getToken() {
+        return token;
+    }
+
+    public void setToken(ReceivedToken token) {
+        this.token = token;
+    }
+
+    public TokenStore getTokenStore() {
+        return tokenStore;
+    }
+
+    public void setTokenStore(TokenStore tokenStore) {
+        this.tokenStore = tokenStore;
+    }
+    
+    public TokenRequirements getTokenRequirements() {
+        return tokenRequirements;
+    }
+
+    public void setTokenRequirements(TokenRequirements tokenRequirements) {
+        this.tokenRequirements = tokenRequirements;
+    }
+
+    public KeyRequirements getKeyRequirements() {
+        return keyRequirements;
+    }
+
+    public void setKeyRequirements(KeyRequirements keyRequirements) {
+        this.keyRequirements = keyRequirements;
+    }
+    
+    public STSPropertiesMBean getStsProperties() {
+        return stsProperties;
+    }
+
+    public void setStsProperties(STSPropertiesMBean stsProperties) {
+        this.stsProperties = stsProperties;
+    }
+    
+    public WebServiceContext getWebServiceContext() {
+        return webServiceContext;
+    }
+
+    public void setWebServiceContext(WebServiceContext webServiceContext) {
+        this.webServiceContext = webServiceContext;
+    }
+    
+    public void setPrincipal(Principal principal) {
+        this.principal = principal;
+    }
+    
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public String getAppliesToAddress() {
+        return appliesToAddress;
+    }
+
+    public void setAppliesToAddress(String appliesToAddress) {
+        this.appliesToAddress = appliesToAddress;
+    }
+    
+}

Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java?rev=1520355&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java (added)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java Thu Sep  5 16:02:40 2013
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.delegation;
+
+import java.util.Map;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+
+/**
+ * This class encapsulates the response from a TokenDelegationHandler instance.
+ */
+public class TokenDelegationResponse {
+
+    private Map<String, Object> additionalProperties;
+    private ReceivedToken token;
+    private boolean delegationAllowed;
+    
+    public ReceivedToken getToken() {
+        return token;
+    }
+
+    public void setToken(ReceivedToken token) {
+        this.token = token;
+    }
+    
+    public void setAdditionalProperties(Map<String, Object> additionalProperties) {
+        this.additionalProperties = additionalProperties;
+    }
+    
+    public Map<String, Object> getAdditionalProperties() {
+        return additionalProperties;
+    }
+
+    public boolean isDelegationAllowed() {
+        return delegationAllowed;
+    }
+
+    public void setDelegationAllowed(boolean delegationAllowed) {
+        this.delegationAllowed = delegationAllowed;
+    }
+    
+}

Copied: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java (from r1520314, cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java?p2=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java&p1=cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java&r1=1520314&r2=1520355&rev=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java Thu Sep  5 16:02:40 2013
@@ -16,29 +16,26 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.sts.request;
-
-import javax.xml.ws.WebServiceContext;
+package org.apache.cxf.sts.token.delegation;
 
+import org.apache.cxf.sts.request.ReceivedToken;
 
 /**
- * This interface controls whether the STS allows an authenticated user to get a token
- * OnBehalfOf or ActAs another token. The tokens should be taken from the TokenRequirements
- * object passed as a parameter.
+ * This TokenDelegationHandler implementation allows UsernameTokens for OnBehalfOf/ActAs.
  */
-public interface DelegationHandler {
+public class UsernameTokenDelegationHandler implements TokenDelegationHandler {
     
-    /**
-     * Returns true if delegation is allowed.
-     * @param context WebServiceContext
-     * @param tokenRequirements The parameters extracted from the request
-     * @param appliesToAddress The AppliesTo address (if any)
-     * @return true if delegation is allowed.
-     */
-    boolean isDelegationAllowed(
-        WebServiceContext context,
-        TokenRequirements tokenRequirements, 
-        String appliesToAddress
-    );
+    public boolean canHandleToken(ReceivedToken delegateTarget) {
+        return delegateTarget.isUsernameToken();
+    }
     
+    public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
+        TokenDelegationResponse response = new TokenDelegationResponse();
+        ReceivedToken delegateTarget = tokenParameters.getToken();
+        response.setToken(delegateTarget);
+        
+        response.setDelegationAllowed(true);
+        
+        return response;
+    }
 }
\ No newline at end of file

Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java Thu Sep  5 16:02:40 2013
@@ -48,14 +48,16 @@ import org.apache.cxf.sts.claims.ClaimsH
 import org.apache.cxf.sts.claims.ClaimsManager;
 import org.apache.cxf.sts.common.CustomUserClaimsHandler;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
-import org.apache.cxf.sts.request.HOKDelegationHandler;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedKey;
 import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.request.UsernameTokenDelegationHandler;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.service.ServiceMBean;
 import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.delegation.HOKDelegationHandler;
+import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
+import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
+import org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler;
 import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
 import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProvider;
@@ -126,6 +128,9 @@ public class IssueOnbehalfofUnitTest ext
         stsProperties.setCallbackHandler(new PasswordCallbackHandler());
         stsProperties.setIssuer("STS");
         issueOperation.setStsProperties(stsProperties);
+        
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Mock up a request
         RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -149,7 +154,7 @@ public class IssueOnbehalfofUnitTest ext
                     QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof
             );
         request.getAny().add(onbehalfofType);
-
+        
         // Mock up message context
         MessageImpl msg = new MessageImpl();
         WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
@@ -195,6 +200,9 @@ public class IssueOnbehalfofUnitTest ext
         stsProperties.setCallbackHandler(new PasswordCallbackHandler());
         stsProperties.setIssuer("STS");
         issueOperation.setStsProperties(stsProperties);
+        
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Mock up a request
         RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -304,7 +312,8 @@ public class IssueOnbehalfofUnitTest ext
             // expected
         }
         
-        issueOperation.setDelegationHandler(new HOKDelegationHandler());
+        TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
         
         RequestSecurityTokenResponseCollectionType response = 
             issueOperation.issue(request, webServiceContext);
@@ -385,7 +394,8 @@ public class IssueOnbehalfofUnitTest ext
             // expected
         }
         
-        issueOperation.setDelegationHandler(new HOKDelegationHandler());
+        TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
         
         RequestSecurityTokenResponseCollectionType response = 
             issueOperation.issue(request, webServiceContext);
@@ -466,7 +476,8 @@ public class IssueOnbehalfofUnitTest ext
             // expected
         }
         
-        issueOperation.setDelegationHandler(new HOKDelegationHandler());
+        TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
         
         RequestSecurityTokenResponseCollectionType response = 
             issueOperation.issue(request, webServiceContext);
@@ -547,7 +558,8 @@ public class IssueOnbehalfofUnitTest ext
             // expected
         }
         
-        issueOperation.setDelegationHandler(new HOKDelegationHandler());
+        TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
         
         RequestSecurityTokenResponseCollectionType response = 
             issueOperation.issue(request, webServiceContext);
@@ -590,6 +602,9 @@ public class IssueOnbehalfofUnitTest ext
         stsProperties.setCallbackHandler(new PasswordCallbackHandler());
         stsProperties.setIssuer("STS");
         issueOperation.setStsProperties(stsProperties);
+        
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Mock up a request
         RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -650,6 +665,9 @@ public class IssueOnbehalfofUnitTest ext
         List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
         validatorList.add(new SAMLTokenValidator());
         issueOperation.setTokenValidators(validatorList);
+        
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Add Service
         ServiceMBean service = new StaticService();
@@ -777,7 +795,8 @@ public class IssueOnbehalfofUnitTest ext
             // expected
         }
         
-        issueOperation.setDelegationHandler(new UsernameTokenDelegationHandler());
+        TokenDelegationHandler delegationHandler = new UsernameTokenDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
         
         RequestSecurityTokenResponseCollectionType response = 
             issueOperation.issue(request, webServiceContext);
@@ -845,7 +864,8 @@ public class IssueOnbehalfofUnitTest ext
         WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
         WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
         
-        issueOperation.setDelegationHandler(new UsernameTokenDelegationHandler());
+        TokenDelegationHandler delegationHandler = new UsernameTokenDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Issue a token - this will fail as the UsernameToken validation fails
         try {
@@ -871,6 +891,9 @@ public class IssueOnbehalfofUnitTest ext
         providerList.add(samlTokenProvider);
         issueOperation.setTokenProviders(providerList);
         
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
+        
         // Add Token Validator
         List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
         SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
@@ -998,6 +1021,9 @@ public class IssueOnbehalfofUnitTest ext
         stsProperties.setCallbackHandler(new PasswordCallbackHandler());
         stsProperties.setIssuer("STS");
         issueOperation.setStsProperties(stsProperties);
+        
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Mock up a request
         RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -1097,6 +1123,9 @@ public class IssueOnbehalfofUnitTest ext
         stsProperties.setCallbackHandler(new PasswordCallbackHandler());
         stsProperties.setIssuer("STS");
         issueOperation.setStsProperties(stsProperties);
+        
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
 
         // Set the ClaimsManager
         ClaimsManager claimsManager = new ClaimsManager();

Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java Thu Sep  5 16:02:40 2013
@@ -33,7 +33,6 @@ import javax.xml.namespace.QName;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxws.context.WebServiceContextImpl;
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
@@ -60,6 +59,8 @@ import org.apache.cxf.sts.request.TokenR
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.service.ServiceMBean;
 import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
+import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
 import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
 import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProvider;
@@ -433,6 +434,9 @@ public class IssueSamlClaimsUnitTest ext
         providerList.add(samlTokenProvider);
         issueOperation.setTokenProviders(providerList);
         
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
+        
         // Add Token Validator
         List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
         SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
@@ -578,6 +582,9 @@ public class IssueSamlClaimsUnitTest ext
         providerList.add(samlTokenProvider);
         issueOperation.setTokenProviders(providerList);
         
+        TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+        issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
+        
         // Add Token Validator
         List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
         SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();

Modified: cxf/branches/2.7.x-fixes/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml (original)
+++ cxf/branches/2.7.x-fixes/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml Thu Sep  5 16:02:40 2013
@@ -55,7 +55,7 @@
 	</bean>
 
     <bean id="utDelegationHandler"
-          class="org.apache.cxf.sts.request.UsernameTokenDelegationHandler" />
+          class="org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler" />
           
 	<bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
 		<property name="tokenProviders" ref="transportTokenProviders" />
@@ -63,7 +63,7 @@
 		<property name="stsProperties" ref="transportSTSProperties" />
 		<property name="claimsManager" ref="claimsManager" />
 		<property name="tokenStore" ref="defaultTokenStore" />
-		<property name="delegationHandler" ref="utDelegationHandler" />
+		<property name="delegationHandlers" ref="utDelegationHandler" />
 	</bean>
 
 	<bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">

Modified: cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java Thu Sep  5 16:02:40 2013
@@ -18,37 +18,36 @@
  */
 package org.apache.cxf.systest.sts.common;
 
-import javax.xml.ws.WebServiceContext;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
-import org.apache.cxf.sts.request.DefaultDelegationHandler;
+
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 
 /**
- * This DelegationHandler implementation extends the Default implementation to allow SAML
+ * This TokenDelegationHandler implementation extends the Default implementation to allow SAML
  * Tokens with HolderOfKey Subject Confirmation. It also doesn't require that the AppliesTo
  * address matches an AudienceRestriction condition in the SAML Token.
  */
-public class HOKDelegationHandler extends DefaultDelegationHandler {
+public class HOKDelegationHandler extends SAMLDelegationHandler {
+    
+    private static final Logger LOG = 
+        LogUtils.getL7dLogger(HOKDelegationHandler.class);
     
     /**
      * Is Delegation allowed for a particular token
      */
     @Override
     protected boolean isDelegationAllowed(
-        WebServiceContext context,
-        ReceivedToken receivedToken, 
-        String appliesToAddress
+        ReceivedToken receivedToken, String appliesToAddress
     ) {
-        // It must be a SAML Token
-        if (!isSAMLToken(receivedToken)) {
-            return false;
-        }
-
         Element validateTargetElement = (Element)receivedToken.getToken();
         try {
             AssertionWrapper assertion = new AssertionWrapper(validateTargetElement);
@@ -62,10 +61,11 @@ public class HOKDelegationHandler extend
                 }
             }
         } catch (WSSecurityException ex) {
+            LOG.log(Level.WARNING, "Error in ascertaining whether delegation is allowed", ex);
             return false;
         }
 
         return true;
     }
     
-}
\ No newline at end of file
+}

Modified: cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml (original)
+++ cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml Thu Sep  5 16:02:40 2013
@@ -61,7 +61,7 @@
         <property name="tokenValidators" ref="transportTokenValidators" />
         <property name="services" ref="transportService" />
         <property name="stsProperties" ref="transportSTSProperties" />
-        <property name="delegationHandler" ref="hokDelegationHandler" />
+        <property name="delegationHandlers" ref="hokDelegationHandler" />
     </bean>
 
     <bean id="transportValidateDelegate2" class="org.apache.cxf.sts.operation.TokenValidateOperation">
@@ -90,7 +90,7 @@
         <property name="tokenValidators" ref="transportTokenValidators" />
         <property name="services" ref="transportService" />
         <property name="stsProperties" ref="transportSTSProperties" />
-        <property name="delegationHandler" ref="hokDelegationHandler" />
+        <property name="delegationHandlers" ref="hokDelegationHandler" />
     </bean>
 
     <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">

Modified: cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml?rev=1520355&r1=1520354&r2=1520355&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml (original)
+++ cxf/branches/2.7.x-fixes/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml Thu Sep  5 16:02:40 2013
@@ -10,7 +10,7 @@
   http://www.apache.org/licenses/LICENSE-2.0
  
   Unless required by applicable law or agreed to in writing,
-  software distributed under the License is d   istributed on an
+  software distributed under the License is distributed on an
   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   KIND, either express or implied. See the License for the
   specific language governing permissions and limitations
@@ -48,14 +48,14 @@
     </bean>
     
     <bean id="utDelegationHandler"
-          class="org.apache.cxf.sts.request.UsernameTokenDelegationHandler" />
+          class="org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler" />
 
 	<bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
 		<property name="tokenProviders" ref="x509SamlTokenProvider" />
 		<property name="tokenValidators" ref="x509TokenValidatorsOBO" />
 		<property name="services" ref="x509Service" />
 		<property name="stsProperties" ref="x509STSProperties" />
-		<property name="delegationHandler" ref="utDelegationHandler" />
+		<property name="delegationHandlers" ref="utDelegationHandler" />
 	</bean>
 
 	<bean id="x509ValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">



Mime
View raw message