cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1521942 - in /cxf/branches/2.6.x-fixes/services/sts/sts-core/src: main/java/org/apache/cxf/sts/operation/ main/java/org/apache/cxf/sts/token/delegation/ main/java/org/apache/cxf/sts/token/validator/ test/java/org/apache/cxf/sts/token/valid...
Date Wed, 11 Sep 2013 17:15:48 GMT
Author: coheigea
Date: Wed Sep 11 17:15:47 2013
New Revision: 1521942

URL: http://svn.apache.org/r1521942
Log:
Reverting last commit. SAMLTokenValidator will only return roles in 2.7.x

Removed:
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLRoleParser.java
Modified:
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
    cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
Wed Sep 11 17:15:47 2013
@@ -26,7 +26,6 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
-import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -581,16 +580,13 @@ public abstract class AbstractOperation 
     }
     
     protected void performDelegationHandling(
-        RequestParser requestParser, WebServiceContext context, ReceivedToken token,
-        Principal tokenPrincipal, Set<Principal> tokenRoles
+        RequestParser requestParser, WebServiceContext context, ReceivedToken token
     ) {
         TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
         delegationParameters.setStsProperties(stsProperties);
         delegationParameters.setPrincipal(context.getUserPrincipal());
         delegationParameters.setWebServiceContext(context);
         delegationParameters.setTokenStore(getTokenStore());
-        delegationParameters.setTokenPrincipal(tokenPrincipal);
-        delegationParameters.setTokenRoles(tokenRoles);
         
         KeyRequirements keyRequirements = requestParser.getKeyRequirements();
         TokenRequirements tokenRequirements = requestParser.getTokenRequirements();

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
Wed Sep 11 17:15:47 2013
@@ -124,30 +124,23 @@ public class TokenIssueOperation extends
                 // the STS trusts the token sent in OnBehalfOf element
             }
 
-            Principal tokenPrincipal = null;
-            Set<Principal> tokenRoles = null;
-                
             if (tokenResponse != null) {
                 Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                 if (additionalProperties != null) {
                     providerParameters.setAdditionalProperties(additionalProperties);
                 }
-                tokenPrincipal = tokenResponse.getPrincipal();
-                tokenRoles = tokenResponse.getRoles();
             }
                 
             // See whether OnBehalfOf is allowed or not
             performDelegationHandling(requestParser, context,
-                                providerParameters.getTokenRequirements().getOnBehalfOf(),
-                                tokenPrincipal, tokenRoles);
+                                providerParameters.getTokenRequirements().getOnBehalfOf());
         }
 
         // See whether ActAs is allowed or not
         // TODO Validate ActAs
         if (providerParameters.getTokenRequirements().getActAs() != null) {
             performDelegationHandling(requestParser, context,
-                                providerParameters.getTokenRequirements().getActAs(),
-                                null, null);
+                                providerParameters.getTokenRequirements().getActAs());
         }
 
 

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
Wed Sep 11 17:15:47 2013
@@ -20,7 +20,6 @@
 package org.apache.cxf.sts.token.delegation;
 
 import java.security.Principal;
-import java.util.Set;
 
 import javax.xml.ws.WebServiceContext;
 
@@ -45,8 +44,6 @@ public class TokenDelegationParameters {
     private TokenStore tokenStore;
     private ReceivedToken token;
     private String appliesToAddress;
-    private Principal tokenPrincipal;
-    private Set<Principal> tokenRoles;
     
     public ReceivedToken getToken() {
         return token;
@@ -112,20 +109,4 @@ public class TokenDelegationParameters {
         this.appliesToAddress = appliesToAddress;
     }
 
-    public Principal getTokenPrincipal() {
-        return tokenPrincipal;
-    }
-
-    public void setTokenPrincipal(Principal tokenPrincipal) {
-        this.tokenPrincipal = tokenPrincipal;
-    }
-
-    public Set<Principal> getTokenRoles() {
-        return tokenRoles;
-    }
-
-    public void setTokenRoles(Set<Principal> tokenRoles) {
-        this.tokenRoles = tokenRoles;
-    }
-    
 }

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Wed Sep 11 17:15:47 2013
@@ -25,7 +25,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
-import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -71,8 +70,6 @@ public class SAMLTokenValidator implemen
     
     private SAMLRealmCodec samlRealmCodec;
     
-    private SAMLRoleParser samlRoleParser = new DefaultSAMLRoleParser();
-    
     /**
      * Set a list of Strings corresponding to regular expression constraints on the subject
DN
      * of a certificate that was used to sign a received Assertion
@@ -203,13 +200,6 @@ public class SAMLTokenValidator implemen
                 
             }
             
-            // Parse roles from the validated token
-            if (samlRoleParser != null) {
-                Set<Principal> roles = 
-                    samlRoleParser.parseRolesFromAssertion(samlPrincipal, null, assertion);
-                response.setRoles(roles);
-            }
-           
             // Get the realm of the SAML token
             String tokenRealm = null;
             if (samlRealmCodec != null) {
@@ -338,11 +328,4 @@ public class SAMLTokenValidator implemen
         }
     }
 
-    public SAMLRoleParser getSamlRoleParser() {
-        return samlRoleParser;
-    }
-
-    public void setSamlRoleParser(SAMLRoleParser samlRoleParser) {
-        this.samlRoleParser = samlRoleParser;
-    }
 }

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
Wed Sep 11 17:15:47 2013
@@ -20,7 +20,6 @@ package org.apache.cxf.sts.token.validat
 
 import java.security.Principal;
 import java.util.Map;
-import java.util.Set;
 
 import org.apache.cxf.sts.request.ReceivedToken;
 
@@ -33,7 +32,6 @@ public class TokenValidatorResponse {
     private Map<String, Object> additionalProperties;
     private String realm;
     private ReceivedToken token;
-    private Set<Principal> roles;
     
     public ReceivedToken getToken() {
         return token;
@@ -67,12 +65,4 @@ public class TokenValidatorResponse {
         return realm;
     }
 
-    public Set<Principal> getRoles() {
-        return roles;
-    }
-
-    public void setRoles(Set<Principal> roles) {
-        this.roles = roles;
-    }
-    
 }

Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java
(original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java
Wed Sep 11 17:15:47 2013
@@ -19,14 +19,12 @@
 package org.apache.cxf.sts.token.validator;
 
 import java.io.IOException;
-import java.net.URI;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Properties;
-import java.util.Set;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -34,6 +32,7 @@ import javax.security.auth.callback.Unsu
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.jaxws.context.WebServiceContextImpl;
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
 import org.apache.cxf.message.MessageImpl;
@@ -41,11 +40,6 @@ import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.sts.cache.DefaultInMemoryTokenStore;
 import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
-import org.apache.cxf.sts.claims.ClaimsHandler;
-import org.apache.cxf.sts.claims.ClaimsManager;
-import org.apache.cxf.sts.claims.RequestClaim;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
-import org.apache.cxf.sts.common.CustomClaimsHandler;
 import org.apache.cxf.sts.common.PasswordCallbackHandler;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.Lifetime;
@@ -354,77 +348,6 @@ public class SAMLTokenValidatorTest exte
         assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
     }
     
-    @org.junit.Test
-    public void testSAML2AssertionWithRolesNoCaching() throws Exception {
-        TokenValidator samlTokenValidator = new SAMLTokenValidator();
-        TokenValidatorParameters validatorParameters = createValidatorParameters();
-        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
-        
-        // Create a ValidateTarget consisting of a SAML Assertion
-        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
-        CallbackHandler callbackHandler = new PasswordCallbackHandler();
-        Element samlToken = 
-            createSAMLAssertionWithRoles(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",

-                                         callbackHandler, "manager");
-        Document doc = samlToken.getOwnerDocument();
-        samlToken = (Element)doc.appendChild(samlToken);
-        
-        ReceivedToken validateTarget = new ReceivedToken(samlToken);
-        tokenRequirements.setValidateTarget(validateTarget);
-        validatorParameters.setToken(validateTarget);
-        
-        // Disable caching
-        validatorParameters.setTokenStore(null);
-        
-        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
-        
-        TokenValidatorResponse validatorResponse = 
-            samlTokenValidator.validateToken(validatorParameters);
-        assertTrue(validatorResponse != null);
-        assertTrue(validatorResponse.getToken() != null);
-        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
-        
-        Principal principal = validatorResponse.getPrincipal();
-        assertTrue(principal != null && principal.getName() != null);
-        Set<Principal> roles = validatorResponse.getRoles();
-        assertTrue(roles != null && !roles.isEmpty());
-        assertTrue(roles.iterator().next().getName().equals("manager"));
-    }
-    
-    @org.junit.Test
-    public void testSAML2AssertionWithRolesCaching() throws Exception {
-        TokenValidator samlTokenValidator = new SAMLTokenValidator();
-        TokenValidatorParameters validatorParameters = createValidatorParameters();
-        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
-        
-        // Create a ValidateTarget consisting of a SAML Assertion
-        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
-        CallbackHandler callbackHandler = new PasswordCallbackHandler();
-        Element samlToken = 
-            createSAMLAssertionWithRoles(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",

-                                         callbackHandler, "employee");
-        Document doc = samlToken.getOwnerDocument();
-        samlToken = (Element)doc.appendChild(samlToken);
-        
-        ReceivedToken validateTarget = new ReceivedToken(samlToken);
-        tokenRequirements.setValidateTarget(validateTarget);
-        validatorParameters.setToken(validateTarget);
-        
-        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
-        
-        TokenValidatorResponse validatorResponse = 
-            samlTokenValidator.validateToken(validatorParameters);
-        assertTrue(validatorResponse != null);
-        assertTrue(validatorResponse.getToken() != null);
-        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
-        
-        Principal principal = validatorResponse.getPrincipal();
-        assertTrue(principal != null && principal.getName() != null);
-        Set<Principal> roles = validatorResponse.getRoles();
-        assertTrue(roles != null && !roles.isEmpty());
-        assertTrue(roles.iterator().next().getName().equals("employee"));
-    }
-    
     private TokenValidatorParameters createValidatorParameters() throws WSSecurityException
{
         TokenValidatorParameters parameters = new TokenValidatorParameters();
         
@@ -472,36 +395,6 @@ public class SAMLTokenValidatorTest exte
         return providerResponse.getToken();
     }
     
-    private Element createSAMLAssertionWithRoles(
-        String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
-        String role
-    ) throws WSSecurityException {
-        TokenProvider samlTokenProvider = new SAMLTokenProvider();
-        TokenProviderParameters providerParameters = 
-            createProviderParameters(
-                tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
-            );
-        
-        ClaimsManager claimsManager = new ClaimsManager();
-        ClaimsHandler claimsHandler = new CustomClaimsHandler();
-        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
-        providerParameters.setClaimsManager(claimsManager);
-        
-        RequestClaimCollection claims = new RequestClaimCollection();
-        RequestClaim claim = new RequestClaim();
-        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"));
-        claim.setClaimValue(role);
-        claims.add(claim);
-        
-        providerParameters.setRequestedPrimaryClaims(claims);
-        
-        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
-        assertTrue(providerResponse != null);
-        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
-
-        return providerResponse.getToken();
-    }
-    
     private Element createSAMLAssertionWithClaimsProvider(
         String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler
     ) throws WSSecurityException {



Mime
View raw message