Return-Path: 
 <commits-return-30845-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id BE97110623
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu,  6 Feb 2014 16:27:15 +0000 (UTC)
Received: (qmail 37823 invoked by uid 500); 6 Feb 2014 16:27:14 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 37712 invoked by uid 500); 6 Feb 2014 16:27:13 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 37699 invoked by uid 99); 6 Feb 2014 16:27:13 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Feb 2014 16:27:13 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Feb 2014 16:27:09 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id AC70623888E2;
	Thu,  6 Feb 2014 16:26:47 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1565326 - in /cxf/trunk:
 rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/
 rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
 services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/
 ...
Date: Thu, 06 Feb 2014 16:26:47 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20140206162647.AC70623888E2@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: coheigea
Date: Thu Feb  6 16:26:46 2014
New Revision: 1565326

URL: http://svn.apache.org/r1565326
Log:
Adding support for sending Claims via the Validate binding + a test

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java Thu Feb  6 16:26:46 2014
@@ -1056,6 +1056,8 @@ public abstract class AbstractSTSClient 
         writer.writeStartElement("wst", "TokenType", namespace);
         writer.writeCharacters(tokentype);
         writer.writeEndElement();
+        
+        addClaims(writer);
 
         writer.writeStartElement("wst", "ValidateTarget", namespace);
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Feb  6 16:26:46 2014
@@ -45,7 +45,6 @@ import javax.xml.transform.dom.DOMSource
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
@@ -75,6 +74,7 @@ import org.apache.wss4j.common.ext.WSPas
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.CustomTokenPrincipal;
 import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.WSSecurityEngine;
@@ -539,16 +539,18 @@ public class WSS4JInInterceptor extends 
                 if (!utWithCallbacks) {
                     WSS4JTokenConverter.convertToken(msg, p);
                 }
-                Object receivedAssertion = null;
+                Object receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                if (receivedAssertion == null) {
+                    receivedAssertion  = o.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
+                }
                 
                 List<String> roles = null;
-                if (o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
+                if (receivedAssertion instanceof SamlAssertionWrapper) {
                     String roleAttributeName = (String)msg.getContextualProperty(
                             SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
                     if (roleAttributeName == null || roleAttributeName.length() == 0) {
                         roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                     }
-                    receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                     roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
                     SAMLSecurityContext context = createSecurityContext(p, roles);
                     context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java Thu Feb  6 16:26:46 2014
@@ -37,6 +37,9 @@ import org.junit.BeforeClass;
  * The provider dispatches the Username Token to an STS for validation (via TLS), and also
  * send a TokenType corresponding to a SAML2 Assertion. The STS will create the requested
  * SAML Assertion after validation and return it to the provider.
+ * 
+ * In the second test, the service will also send some claims to the STS for inclusion in the
+ * SAML Token, and validate the result.
  */
 public class TransformationTest extends AbstractBusClientServerTestBase {
     
@@ -92,6 +95,29 @@ public class TransformationTest extends 
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testTokenTransformationClaims() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = TransformationTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = TransformationTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportUTClaimsPort");
+        DoubleItPortType transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+        
+        doubleIt(transportUTPort, 25);
+        
+        ((java.io.Closeable)transportUTPort).close();
+        bus.shutdown(true);
+    }
+    
     private static void doubleIt(DoubleItPortType port, int numToDouble) {
         int resp = port.doubleIt(numToDouble);
         assertEquals(numToDouble * 2 , resp);

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml Thu Feb  6 16:26:46 2014
@@ -41,6 +41,7 @@
         <property name="tokenProviders" ref="transportTokenProviders"/>
         <property name="tokenValidators" ref="transportTokenValidators"/>
         <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="claimsManager" ref="claimsManager"/>
         <property name="tokenStore" ref="defaultTokenStore"/>
     </bean>
     <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl Thu Feb  6 16:26:46 2014
@@ -38,6 +38,9 @@
         <wsdl:port name="DoubleItTransportUTPort" binding="tns:DoubleItTransportUTBinding">
             <soap:address location="https://localhost:8081/doubleit/services/doubleittransportut"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItTransportUTClaimsPort" binding="tns:DoubleItTransportUTBinding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportutclaims"/>
+        </wsdl:port>
     </wsdl:service>
     <wsp:Policy wsu:Id="DoubleItBindingTransportUTPolicy">
         <wsp:ExactlyOne>

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml Thu Feb  6 16:26:46 2014
@@ -29,6 +29,12 @@
             <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
         </jaxws:properties>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportUTClaimsPort" createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        </jaxws:properties>
+    </jaxws:client>
     <http:conduit name="https://localhost:.*">
         <http:tlsClientParameters disableCNCheck="true">
             <sec:trustManagers>

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml Thu Feb  6 16:26:46 2014
@@ -41,6 +41,39 @@
             </entry>
         </jaxws:properties>
     </jaxws:endpoint>
+   
+    <bean id="authzInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+        <property name="methodRolesMap">
+            <map>
+                <entry key="doubleIt" value="admin-user"/>
+            </map>
+        </property>
+    </bean>
+    
+    <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler"/>
+    
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportutclaims" implementor="org.apache.cxf.systest.sts.transformation.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportUTClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportutclaims" wsdlLocation="org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.ut.validator">
+                <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>
+            </entry>
+            <entry key="ws-security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                    <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+                    <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+                </bean>
+            </entry>
+        </jaxws:properties>
+        <jaxws:inInterceptors>
+            <ref bean="authzInterceptor"/>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
+    
     <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
         <httpj:engine port="${testutil.ports.Server}">
             <httpj:tlsServerParameters>