cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1531304 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: StaxSecurityContextInInterceptor.java policyhandlers/AbstractStaxBindingHandler.java
Date Fri, 11 Oct 2013 14:25:41 GMT
Author: coheigea
Date: Fri Oct 11 14:25:40 2013
New Revision: 1531304

URL: http://svn.apache.org/r1531304
Log:
Bug fixes for an Encrypted SAML assertion case

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java?rev=1531304&r1=1531303&r2=1531304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
Fri Oct 11 14:25:40 2013
@@ -120,11 +120,13 @@ public class StaxSecurityContextInInterc
                         
                         SamlTokenSecurityEvent samlEvent = (SamlTokenSecurityEvent)event;
                         receivedAssertion = samlEvent.getSamlAssertionWrapper();
-                        roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
-                        SAMLSecurityContext context = createSecurityContext(p, roles);
-                        context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
-                        context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
-                        msg.put(SecurityContext.class, context);
+                        if (receivedAssertion != null) {
+                            roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
+                            SAMLSecurityContext context = createSecurityContext(p, roles);
+                            context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
+                            context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
+                            msg.put(SecurityContext.class, context);
+                        }
                     } else {
                         msg.put(SecurityContext.class, createSecurityContext(p));
                     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1531304&r1=1531303&r2=1531304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Fri Oct 11 14:25:40 2013
@@ -342,58 +342,72 @@ public abstract class AbstractStaxBindin
         if (isTokenRequired(token.getIncludeTokenType())) {
             final Element el = secToken.getToken();
             
-            String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
-            if (signed || endorsing) {
-                samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
-            }
-            Map<String, Object> config = getProperties();
-            if (config.containsKey(ConfigurationConstants.ACTION)) {
-                String action = (String)config.get(ConfigurationConstants.ACTION);
-                config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
-            } else {
-                config.put(ConfigurationConstants.ACTION, samlAction);
-            }
-            
-            // Mock up a Subject so that the SAMLTokenOutProcessor can get access to the
certificate
-            final SubjectBean subjectBean;
-            if (signed || endorsing) {
-                KeyInfoBean keyInfo = new KeyInfoBean();
-                keyInfo.setCertificate(secToken.getX509Certificate());
-                keyInfo.setEphemeralKey(secToken.getSecret());
-                subjectBean = new SubjectBean("", "", "");
-                subjectBean.setKeyInfo(keyInfo);
-            } else {
-                subjectBean = null;
-            }
-            
-            CallbackHandler callbackHandler = new CallbackHandler() {
-
-                @Override
-                public void handle(Callback[] callbacks) {
-                    for (Callback callback : callbacks) {
-                        if (callback instanceof SAMLCallback) {
-                            SAMLCallback samlCallback = (SAMLCallback)callback;
-                            samlCallback.setAssertionElement(el);
-                            samlCallback.setSubject(subjectBean);
-                            
-                            if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
-                                samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
-                            } else {
-                                samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+            if (el != null && "Assertion".equals(el.getLocalName())
+                && (WSSConstants.NS_SAML.equals(el.getNamespaceURI())
+                || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
+                String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+                if (signed || endorsing) {
+                    samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
+                }
+                Map<String, Object> config = getProperties();
+                if (config.containsKey(ConfigurationConstants.ACTION)) {
+                    String action = (String)config.get(ConfigurationConstants.ACTION);
+                    config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
+                } else {
+                    config.put(ConfigurationConstants.ACTION, samlAction);
+                }
+                
+                // Mock up a Subject so that the SAMLTokenOutProcessor can get access to
the certificate
+                final SubjectBean subjectBean;
+                if (signed || endorsing) {
+                    KeyInfoBean keyInfo = new KeyInfoBean();
+                    keyInfo.setCertificate(secToken.getX509Certificate());
+                    keyInfo.setEphemeralKey(secToken.getSecret());
+                    subjectBean = new SubjectBean("", "", "");
+                    subjectBean.setKeyInfo(keyInfo);
+                } else {
+                    subjectBean = null;
+                }
+                
+                CallbackHandler callbackHandler = new CallbackHandler() {
+    
+                    @Override
+                    public void handle(Callback[] callbacks) {
+                        for (Callback callback : callbacks) {
+                            if (callback instanceof SAMLCallback) {
+                                SAMLCallback samlCallback = (SAMLCallback)callback;
+                                samlCallback.setAssertionElement(el);
+                                samlCallback.setSubject(subjectBean);
+                                
+                                if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
+                                    samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+                                } else {
+                                    samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+                                }
                             }
                         }
                     }
+                    
+                };
+                config.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
+                
+                QName qname = WSSConstants.TAG_saml2_Assertion;
+                if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
+                    qname = WSSConstants.TAG_saml_Assertion;
                 }
                 
-            };
-            config.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
-            
-            QName qname = WSSConstants.TAG_saml2_Assertion;
-            if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
-                qname = WSSConstants.TAG_saml_Assertion;
+                return new SecurePart(qname, Modifier.Element);
+            } else if (isRequestor()) {
+                // An Encrypted Token...just include it as is
+                Map<String, Object> config = getProperties();
+                String actionToPerform = ConfigurationConstants.CUSTOM_TOKEN;
+                if (config.containsKey(ConfigurationConstants.ACTION)) {
+                    String action = (String)config.get(ConfigurationConstants.ACTION);
+                    config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+                } else {
+                    config.put(ConfigurationConstants.ACTION, actionToPerform);
+                }
             }
-            
-            return new SecurePart(qname, Modifier.Element);
         }
         
         return null;



Mime
View raw message