cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] git commit: [CXF-5664] - CXF STS does not support wst:Participants - Added some unit tests
Date Mon, 14 Apr 2014 10:42:54 GMT
[CXF-5664] - CXF STS does not support wst:Participants
 - Added some unit tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/eeee90c3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/eeee90c3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/eeee90c3

Branch: refs/heads/2.7.x-fixes
Commit: eeee90c3e2e35c32a93a4f7b257d625bb2268d3a
Parents: 4e7d439
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Apr 14 11:32:15 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Apr 14 11:39:00 2014 +0100

----------------------------------------------------------------------
 .../apache/cxf/sts/request/RequestParser.java   |   5 +-
 .../provider/DefaultConditionsProvider.java     |  21 +-
 .../cxf/sts/operation/IssueSamlUnitTest.java    | 195 ++++++++++++++++++-
 3 files changed, 204 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/eeee90c3/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
index e87f738..2406d66 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
@@ -64,6 +64,7 @@ import org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
 import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
 import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
 import org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType;
+import org.apache.cxf.ws.security.sts.provider.model.ParticipantType;
 import org.apache.cxf.ws.security.sts.provider.model.ParticipantsType;
 import org.apache.cxf.ws.security.sts.provider.model.RenewTargetType;
 import org.apache.cxf.ws.security.sts.provider.model.RenewingType;
@@ -435,8 +436,8 @@ public class RequestParser {
             && !participantsType.getParticipant().isEmpty()) {
             List<Object> secondaryParticipants = 
                 new ArrayList<Object>(participantsType.getParticipant().size());
-            for (Object object : participantsType.getParticipant()) {
-                secondaryParticipants.add(object);
+            for (ParticipantType secondaryParticipant : participantsType.getParticipant())
{
+                secondaryParticipants.add(secondaryParticipant.getAny());
             }
             participants.setParticipants(secondaryParticipants);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/eeee90c3/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
index 297b4a4..b044869 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
@@ -277,20 +277,15 @@ public class DefaultConditionsProvider implements ConditionsProvider
{
      * Extract an address from a Particpants EPR DOM element
      */
     protected static String extractAddressFromParticipantsEPR(Element participants) {
-        if (participants != null) {
-            Element endpointRef = 
+        if (participants != null && STSConstants.WSA_NS_05.equals(participants.getNamespaceURI())
+                && "EndpointReference".equals(participants.getLocalName())) {
+            LOG.fine("Found EndpointReference element");
+            Element address = 
                 DOMUtils.getFirstChildWithName(
-                    participants, STSConstants.WSA_NS_05, "EndpointReference"
-                );
-            if (endpointRef != null) {
-                LOG.fine("Found EndpointReference element");
-                Element address = 
-                    DOMUtils.getFirstChildWithName(
-                        endpointRef, STSConstants.WSA_NS_05, "Address");
-                if (address != null) {
-                    LOG.fine("Found address element");
-                    return address.getTextContent();
-                }
+                        participants, STSConstants.WSA_NS_05, "Address");
+            if (address != null) {
+                LOG.fine("Found address element");
+                return address.getTextContent();
             }
         }
         LOG.fine("Participants element does not exist or could not be parsed");

http://git-wip-us.apache.org/repos/asf/cxf/blob/eeee90c3/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index 1aa942a..3a3e1dd 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -52,6 +52,8 @@ import org.apache.cxf.sts.token.provider.TokenProvider;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.cxf.ws.security.sts.provider.model.BinarySecretType;
 import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
+import org.apache.cxf.ws.security.sts.provider.model.ParticipantType;
+import org.apache.cxf.ws.security.sts.provider.model.ParticipantsType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
@@ -1166,6 +1168,190 @@ public class IssueSamlUnitTest extends org.junit.Assert {
         
     }
     
+    @org.junit.Test
+    public void testSaml1Participants() throws Exception {
+        TokenIssueOperation issueOperation = new TokenIssueOperation();
+        
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+        providerList.add(new SAMLTokenProvider());
+        issueOperation.setTokenProviders(providerList);
+        
+        // Add Service
+        ServiceMBean service = new StaticService();
+        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+        issueOperation.setServices(Collections.singletonList(service));
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        issueOperation.setStsProperties(stsProperties);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+        
+        // Add participants
+        String primaryParticipant = "http://primary.participant/";
+        String secondaryParticipant = "http://secondary.participant/";
+        
+        ParticipantType primary = new ParticipantType();
+        Document doc = DOMUtils.newDocument();
+        primary.setAny(createEndpointReference(doc, primaryParticipant));
+        
+        ParticipantType secondary = new ParticipantType();
+        secondary.setAny(createEndpointReference(doc, secondaryParticipant));
+        
+        ParticipantsType participants = new ParticipantsType();
+        participants.setPrimary(primary);
+        participants.getParticipant().add(secondary);
+        
+        JAXBElement<ParticipantsType> participantsType = 
+            new JAXBElement<ParticipantsType>(
+                QNameConstants.PARTICIPANTS, ParticipantsType.class, participants
+            );
+        request.getAny().add(participantsType);
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Issue a token
+        RequestSecurityTokenResponseCollectionType response = 
+            issueOperation.issue(request, webServiceContext);
+        List<RequestSecurityTokenResponseType> securityTokenResponse = 
+            response.getRequestSecurityTokenResponse();
+        assertTrue(!securityTokenResponse.isEmpty());
+        
+        // Test the generated token.
+        Element assertion = null;
+        for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName()))
{
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                assertion = (Element)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(assertion);
+        String tokenString = DOM2Writer.nodeToString(assertion);
+        assertTrue(tokenString.contains("AttributeStatement"));
+        assertTrue(tokenString.contains("alice"));
+        assertTrue(tokenString.contains(SAML1Constants.CONF_BEARER));
+        assertTrue(tokenString.contains(primaryParticipant));
+        assertTrue(tokenString.contains(secondaryParticipant));
+    }
+    
+    @org.junit.Test
+    public void testSaml2Participants() throws Exception {
+        TokenIssueOperation issueOperation = new TokenIssueOperation();
+        
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+        providerList.add(new SAMLTokenProvider());
+        issueOperation.setTokenProviders(providerList);
+        
+        // Add Service
+        ServiceMBean service = new StaticService();
+        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+        issueOperation.setServices(Collections.singletonList(service));
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        issueOperation.setStsProperties(stsProperties);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML2_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+        
+        // Add participants
+        String primaryParticipant = "http://primary.participant/";
+        String secondaryParticipant = "http://secondary.participant/";
+        
+        ParticipantType primary = new ParticipantType();
+        Document doc = DOMUtils.newDocument();
+        primary.setAny(createEndpointReference(doc, primaryParticipant));
+        
+        ParticipantType secondary = new ParticipantType();
+        secondary.setAny(createEndpointReference(doc, secondaryParticipant));
+        
+        ParticipantsType participants = new ParticipantsType();
+        participants.setPrimary(primary);
+        participants.getParticipant().add(secondary);
+        
+        JAXBElement<ParticipantsType> participantsType = 
+            new JAXBElement<ParticipantsType>(
+                QNameConstants.PARTICIPANTS, ParticipantsType.class, participants
+            );
+        request.getAny().add(participantsType);
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Issue a token
+        RequestSecurityTokenResponseCollectionType response = 
+            issueOperation.issue(request, webServiceContext);
+        List<RequestSecurityTokenResponseType> securityTokenResponse = 
+            response.getRequestSecurityTokenResponse();
+        assertTrue(!securityTokenResponse.isEmpty());
+        
+        // Test the generated token.
+        Element assertion = null;
+        for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName()))
{
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                assertion = (Element)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(assertion);
+        String tokenString = DOM2Writer.nodeToString(assertion);
+        assertTrue(tokenString.contains("AttributeStatement"));
+        assertTrue(tokenString.contains("alice"));
+        assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+        assertTrue(tokenString.contains(primaryParticipant));
+        assertTrue(tokenString.contains(secondaryParticipant));
+    }
+    
     /*
      * Create a security context object
      */
@@ -1187,14 +1373,19 @@ public class IssueSamlUnitTest extends org.junit.Assert {
         Document doc = DOMUtils.createDocument();
         Element appliesTo = doc.createElementNS(STSConstants.WSP_NS, "wsp:AppliesTo");
         appliesTo.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsp", STSConstants.WSP_NS);
+        appliesTo.appendChild(createEndpointReference(doc, addressUrl));
+        return appliesTo;
+    }
+    
+    private Element createEndpointReference(Document doc, String addressUrl) {
         Element endpointRef = doc.createElementNS(STSConstants.WSA_NS_05, "wsa:EndpointReference");
         endpointRef.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsa", STSConstants.WSA_NS_05);
         Element address = doc.createElementNS(STSConstants.WSA_NS_05, "wsa:Address");
         address.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsa", STSConstants.WSA_NS_05);
         address.setTextContent(addressUrl);
         endpointRef.appendChild(address);
-        appliesTo.appendChild(endpointRef);
-        return appliesTo;
+        
+        return endpointRef;
     }
     
     /*


Mime
View raw message