Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B90281004A for ; Thu, 6 Mar 2014 12:43:41 +0000 (UTC) Received: (qmail 50857 invoked by uid 500); 6 Mar 2014 12:43:39 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 50634 invoked by uid 500); 6 Mar 2014 12:43:35 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 50316 invoked by uid 99); 6 Mar 2014 12:43:28 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Mar 2014 12:43:28 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id EE757938ECD; Thu, 6 Mar 2014 12:43:27 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Thu, 06 Mar 2014 12:43:29 -0000 Message-Id: <51aea73b7d744362ae07e315ade89548@git.apache.org> In-Reply-To: <59e87ffa34d343bb92058b551770b873@git.apache.org> References: <59e87ffa34d343bb92058b551770b873@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [3/4] git commit: Start of Claims refactor Start of Claims refactor Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac69305b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac69305b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac69305b Branch: refs/heads/claims Commit: ac69305bfacb878360336e160f0fbe8262758504 Parents: db6d559 Author: Colm O hEigeartaigh Authored: Tue Mar 4 16:09:12 2014 +0000 Committer: Colm O hEigeartaigh Committed: Tue Mar 4 16:09:12 2014 +0000 ---------------------------------------------------------------------- .../security/SAMLSecurityContext.java | 90 ---------------- .../authorization/JAXRSSAMLSecurityContext.java | 2 +- .../SecurityContextProviderImpl.java | 3 +- .../security/claims/ClaimsSecurityContext.java | 27 +++++ .../rt/security/saml/SAMLSecurityContext.java | 104 +++++++++++++++++++ .../cxf/rt/security/xacml/CXFMessageParser.java | 2 +- .../wss4j/StaxSecurityContextInInterceptor.java | 2 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 2 +- .../token/validator/DefaultSAMLRoleParser.java | 2 +- 9 files changed, 137 insertions(+), 97 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java b/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java deleted file mode 100644 index a8e0709..0000000 --- a/core/src/main/java/org/apache/cxf/interceptor/security/SAMLSecurityContext.java +++ /dev/null @@ -1,90 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.interceptor.security; - -import java.security.Principal; -import java.util.Set; - -import org.w3c.dom.Element; - -import org.apache.cxf.security.LoginSecurityContext; - -public class SAMLSecurityContext implements LoginSecurityContext { - - private final Principal principal; - private Set roles; - private Element assertionElement; - private String issuer; - - public SAMLSecurityContext(Principal principal) { - this.principal = principal; - } - - public SAMLSecurityContext( - Principal principal, - Set roles - ) { - this.principal = principal; - this.roles = roles; - } - - public Principal getUserPrincipal() { - return principal; - } - - public boolean isUserInRole(String role) { - if (roles == null) { - return false; - } - for (Principal principalRole : roles) { - if (principalRole.getName().equals(role)) { - return true; - } - } - return false; - } - - public javax.security.auth.Subject getSubject() { - return null; - } - - public void setUserRoles(Set userRoles) { - this.roles = userRoles; - } - - public Set getUserRoles() { - return roles; - } - - public void setAssertionElement(Element assertionElement) { - this.assertionElement = assertionElement; - } - - public Element getAssertionElement() { - return assertionElement; - } - - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - public String getIssuer() { - return issuer; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java index 2042a00..9e8739c 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/JAXRSSAMLSecurityContext.java @@ -24,10 +24,10 @@ import java.util.List; import java.util.Set; import org.apache.cxf.common.security.SimplePrincipal; -import org.apache.cxf.interceptor.security.SAMLSecurityContext; import org.apache.cxf.rs.security.saml.assertion.Claim; import org.apache.cxf.rs.security.saml.assertion.Claims; import org.apache.cxf.rs.security.saml.assertion.Subject; +import org.apache.cxf.rt.security.saml.SAMLSecurityContext; public class JAXRSSAMLSecurityContext extends SAMLSecurityContext { http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java index e9613db..ec9aafb 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java @@ -19,13 +19,12 @@ package org.apache.cxf.rs.security.saml.authorization; import org.w3c.dom.Element; - -import org.apache.cxf.interceptor.security.SAMLSecurityContext; import org.apache.cxf.message.Message; import org.apache.cxf.rs.security.saml.SAMLUtils; import org.apache.cxf.rs.security.saml.assertion.Claim; import org.apache.cxf.rs.security.saml.assertion.Claims; import org.apache.cxf.rs.security.saml.assertion.Subject; +import org.apache.cxf.rt.security.saml.SAMLSecurityContext; import org.apache.cxf.security.SecurityContext; import org.apache.wss4j.common.saml.SamlAssertionWrapper; http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsSecurityContext.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsSecurityContext.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsSecurityContext.java new file mode 100644 index 0000000..1501d45 --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsSecurityContext.java @@ -0,0 +1,27 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.claims; + +import org.apache.cxf.security.LoginSecurityContext; + +public interface ClaimsSecurityContext extends LoginSecurityContext { + + ClaimCollection getClaims(); + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java new file mode 100644 index 0000000..4287eb2 --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLSecurityContext.java @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.saml; + +import java.security.Principal; +import java.util.Set; + +import org.w3c.dom.Element; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.rt.security.claims.ClaimsSecurityContext; + +public class SAMLSecurityContext implements ClaimsSecurityContext { + + private final Principal principal; + private Set roles; + private Element assertionElement; + private String issuer; + private ClaimCollection claims; + + public SAMLSecurityContext(Principal principal) { + this(principal, null); + } + + public SAMLSecurityContext( + Principal principal, + Set roles + ) { + this(principal, roles, null); + } + + public SAMLSecurityContext( + Principal principal, + Set roles, + ClaimCollection claims + ) { + this.principal = principal; + this.roles = roles; + this.claims = claims; + } + + public ClaimCollection getClaims() { + return claims; + } + + public Principal getUserPrincipal() { + return principal; + } + + public boolean isUserInRole(String role) { + if (roles == null) { + return false; + } + for (Principal principalRole : roles) { + if (principalRole.getName().equals(role)) { + return true; + } + } + return false; + } + + public javax.security.auth.Subject getSubject() { + return null; + } + + public void setUserRoles(Set userRoles) { + this.roles = userRoles; + } + + public Set getUserRoles() { + return roles; + } + + public void setAssertionElement(Element assertionElement) { + this.assertionElement = assertionElement; + } + + public Element getAssertionElement() { + return assertionElement; + } + + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + public String getIssuer() { + return issuer; + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java index 96f5e11..5da3359 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/CXFMessageParser.java @@ -21,8 +21,8 @@ package org.apache.cxf.rt.security.xacml; import javax.xml.namespace.QName; import org.w3c.dom.Element; -import org.apache.cxf.interceptor.security.SAMLSecurityContext; import org.apache.cxf.message.Message; +import org.apache.cxf.rt.security.saml.SAMLSecurityContext; import org.apache.cxf.security.SecurityContext; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java index 785e32c..7d20d22 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java @@ -32,9 +32,9 @@ import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl; -import org.apache.cxf.interceptor.security.SAMLSecurityContext; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; +import org.apache.cxf.rt.security.saml.SAMLSecurityContext; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.ext.WSSecurityException; http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index c3bda1d..0422845 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -59,9 +59,9 @@ import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl; -import org.apache.cxf.interceptor.security.SAMLSecurityContext; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.Phase; +import org.apache.cxf.rt.security.saml.SAMLSecurityContext; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.staxutils.StaxUtils; http://git-wip-us.apache.org/repos/asf/cxf/blob/ac69305b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java index 8c925cd..175135d 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java @@ -28,7 +28,7 @@ import javax.security.auth.Subject; import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl; -import org.apache.cxf.interceptor.security.SAMLSecurityContext; +import org.apache.cxf.rt.security.saml.SAMLSecurityContext; import org.apache.cxf.ws.security.wss4j.SAMLUtils; import org.apache.wss4j.common.saml.SamlAssertionWrapper;