cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1565326 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/ ...
Date Thu, 06 Feb 2014 16:26:47 GMT
Author: coheigea
Date: Thu Feb  6 16:26:46 2014
New Revision: 1565326

URL: http://svn.apache.org/r1565326
Log:
Adding support for sending Claims via the Validate binding + a test

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
Thu Feb  6 16:26:46 2014
@@ -1056,6 +1056,8 @@ public abstract class AbstractSTSClient 
         writer.writeStartElement("wst", "TokenType", namespace);
         writer.writeCharacters(tokentype);
         writer.writeEndElement();
+        
+        addClaims(writer);
 
         writer.writeStartElement("wst", "ValidateTarget", namespace);
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Thu Feb  6 16:26:46 2014
@@ -45,7 +45,6 @@ import javax.xml.transform.dom.DOMSource
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
@@ -75,6 +74,7 @@ import org.apache.wss4j.common.ext.WSPas
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.CustomTokenPrincipal;
 import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.WSSecurityEngine;
@@ -539,16 +539,18 @@ public class WSS4JInInterceptor extends 
                 if (!utWithCallbacks) {
                     WSS4JTokenConverter.convertToken(msg, p);
                 }
-                Object receivedAssertion = null;
+                Object receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                if (receivedAssertion == null) {
+                    receivedAssertion  = o.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
+                }
                 
                 List<String> roles = null;
-                if (o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
+                if (receivedAssertion instanceof SamlAssertionWrapper) {
                     String roleAttributeName = (String)msg.getContextualProperty(
                             SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
                     if (roleAttributeName == null || roleAttributeName.length() == 0) {
                         roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                     }
-                    receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                     roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
                     SAMLSecurityContext context = createSecurityContext(p, roles);
                     context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
Thu Feb  6 16:26:46 2014
@@ -37,6 +37,9 @@ import org.junit.BeforeClass;
  * The provider dispatches the Username Token to an STS for validation (via TLS), and also
  * send a TokenType corresponding to a SAML2 Assertion. The STS will create the requested
  * SAML Assertion after validation and return it to the provider.
+ * 
+ * In the second test, the service will also send some claims to the STS for inclusion in
the
+ * SAML Token, and validate the result.
  */
 public class TransformationTest extends AbstractBusClientServerTestBase {
     
@@ -92,6 +95,29 @@ public class TransformationTest extends 
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testTokenTransformationClaims() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = TransformationTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = TransformationTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportUTClaimsPort");
+        DoubleItPortType transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+        
+        doubleIt(transportUTPort, 25);
+        
+        ((java.io.Closeable)transportUTPort).close();
+        bus.shutdown(true);
+    }
+    
     private static void doubleIt(DoubleItPortType port, int numToDouble) {
         int resp = port.doubleIt(numToDouble);
         assertEquals(numToDouble * 2 , resp);

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
Thu Feb  6 16:26:46 2014
@@ -41,6 +41,7 @@
         <property name="tokenProviders" ref="transportTokenProviders"/>
         <property name="tokenValidators" ref="transportTokenValidators"/>
         <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="claimsManager" ref="claimsManager"/>
         <property name="tokenStore" ref="defaultTokenStore"/>
     </bean>
     <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
Thu Feb  6 16:26:46 2014
@@ -38,6 +38,9 @@
         <wsdl:port name="DoubleItTransportUTPort" binding="tns:DoubleItTransportUTBinding">
             <soap:address location="https://localhost:8081/doubleit/services/doubleittransportut"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItTransportUTClaimsPort" binding="tns:DoubleItTransportUTBinding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportutclaims"/>
+        </wsdl:port>
     </wsdl:service>
     <wsp:Policy wsu:Id="DoubleItBindingTransportUTPolicy">
         <wsp:ExactlyOne>

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
Thu Feb  6 16:26:46 2014
@@ -29,6 +29,12 @@
             <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
         </jaxws:properties>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportUTClaimsPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        </jaxws:properties>
+    </jaxws:client>
     <http:conduit name="https://localhost:.*">
         <http:tlsClientParameters disableCNCheck="true">
             <sec:trustManagers>

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml
Thu Feb  6 16:26:46 2014
@@ -41,6 +41,39 @@
             </entry>
         </jaxws:properties>
     </jaxws:endpoint>
+   
+    <bean id="authzInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+        <property name="methodRolesMap">
+            <map>
+                <entry key="doubleIt" value="admin-user"/>
+            </map>
+        </property>
+    </bean>
+    
+    <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler"/>
+    
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportutclaims"
implementor="org.apache.cxf.systest.sts.transformation.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportUTClaimsPort"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportutclaims"
wsdlLocation="org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.ut.validator">
+                <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>
+            </entry>
+            <entry key="ws-security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                    <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+                    <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+                </bean>
+            </entry>
+        </jaxws:properties>
+        <jaxws:inInterceptors>
+            <ref bean="authzInterceptor"/>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
+    
     <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
         <httpj:engine port="${testutil.ports.Server}">
             <httpj:tlsServerParameters>



Mime
View raw message