Return-Path: 
 <commits-return-31732-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E94A4107F8
	for <apmail-cxf-commits-archive@www.apache.org>;
 Wed,  2 Apr 2014 14:40:02 +0000 (UTC)
Received: (qmail 35783 invoked by uid 500); 2 Apr 2014 14:40:01 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 35669 invoked by uid 500); 2 Apr 2014 14:40:00 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 35490 invoked by uid 99); 2 Apr 2014 14:39:52 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Apr 2014 14:39:52 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 9C50F8AF39D; Wed,  2 Apr 2014 14:39:52 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Wed, 02 Apr 2014 14:39:52 -0000
Message-Id: <76514339ca7f40e1bc38638050c97e99@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/2] git commit: [CXF-5664] - CXF STS does not support
 wst:Participants

Repository: cxf
Updated Branches:
  refs/heads/master 61cad675f -> e50e87ddb


[CXF-5664] - CXF STS does not support wst:Participants


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e50e87dd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e50e87dd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e50e87dd

Branch: refs/heads/master
Commit: e50e87ddb80061749d3c306d8d511de72e4e5e77
Parents: 7757436
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 2 15:05:16 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 2 15:39:43 2014 +0100

----------------------------------------------------------------------
 .../java/org/apache/cxf/sts/QNameConstants.java |  2 +
 .../apache/cxf/sts/request/Participants.java    | 46 ++++++++++++++++++++
 .../apache/cxf/sts/request/RequestParser.java   | 28 ++++++++++++
 .../cxf/sts/request/TokenRequirements.java      |  9 ++++
 .../provider/DefaultConditionsProvider.java     |  8 +++-
 5 files changed, 92 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e50e87dd/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
index b3cbd3d..0383500 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
@@ -60,6 +60,8 @@ public final class QNameConstants {
         WS_TRUST_FACTORY.createClaims(null).getName();
     public static final QName RENEWING = 
         WS_TRUST_FACTORY.createRenewing(null).getName();
+    public static final QName PARTICIPANTS = 
+        WS_TRUST_FACTORY.createParticipants(null).getName();
     
     //
     // Key Requirement QNames

http://git-wip-us.apache.org/repos/asf/cxf/blob/e50e87dd/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
new file mode 100644
index 0000000..e108139
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+import java.util.List;
+
+/**
+ * This class contains values that have been extracted from a Participants element.
+ */
+public class Participants {
+    private Object primaryParticipant;
+    private List<Object> participants;
+    
+    public Object getPrimaryParticipant() {
+        return primaryParticipant;
+    }
+    
+    public void setPrimaryParticipant(Object primaryParticipant) {
+        this.primaryParticipant = primaryParticipant;
+    }
+    
+    public List<Object> getParticipants() {
+        return participants;
+    }
+    
+    public void setParticipants(List<Object> participants) {
+        this.participants = participants;
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e50e87dd/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
index c716d80..f68246a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
@@ -27,6 +27,7 @@ import java.security.NoSuchProviderException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.logging.Level;
@@ -62,6 +63,7 @@ import org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
 import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
 import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
 import org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType;
+import org.apache.cxf.ws.security.sts.provider.model.ParticipantsType;
 import org.apache.cxf.ws.security.sts.provider.model.RenewTargetType;
 import org.apache.cxf.ws.security.sts.provider.model.RenewingType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
@@ -311,6 +313,12 @@ public class RequestParser {
             }
             tokenRequirements.setRenewing(renewing);
             LOG.fine("Found Renewing token");
+        } else if (QNameConstants.PARTICIPANTS.equals(jaxbElement.getName())) {
+            ParticipantsType participantsType = (ParticipantsType)jaxbElement.getValue();
+            
+            Participants participants = parseParticipants(participantsType);
+            tokenRequirements.setParticipants(participants);
+            LOG.fine("Found Participants");
         } else {
             return false;
         }
@@ -416,6 +424,26 @@ public class RequestParser {
         return null;
     }
     
+    private static Participants parseParticipants(ParticipantsType participantsType) {
+        Participants participants = new Participants();
+        
+        if (participantsType.getPrimary() != null) {
+            participants.setPrimaryParticipant(participantsType.getPrimary().getAny());
+        }
+        
+        if (participantsType.getParticipant() != null 
+            && !participantsType.getParticipant().isEmpty()) {
+            List<Object> secondaryParticipants = 
+                new ArrayList<Object>(participantsType.getParticipant().size());
+            for (Object object : participantsType.getParticipant()) {
+                secondaryParticipants.add(object);
+            }
+            participants.setParticipants(secondaryParticipants);
+        }
+        
+        return participants;
+    }
+    
     private static <T> T extractType(Object param, Class<T> clazz) {
         if (param instanceof JAXBElement<?>) {
             JAXBElement<?> jaxbElement = (JAXBElement<?>) param;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e50e87dd/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
index 68f9390..7dd360c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
@@ -39,6 +39,7 @@ public class TokenRequirements {
     private ClaimCollection primaryClaims;
     private ClaimCollection secondaryClaims;
     private Renewing renewing;
+    private Participants participants;
     
     public Renewing getRenewing() {
         return renewing;
@@ -136,4 +137,12 @@ public class TokenRequirements {
         this.secondaryClaims = secondaryClaims;
     }
 
+    public Participants getParticipants() {
+        return participants;
+    }
+
+    public void setParticipants(Participants participants) {
+        this.participants = participants;
+    }
+
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e50e87dd/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
index af7ac4c..60957261 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
@@ -19,12 +19,14 @@
 package org.apache.cxf.sts.token.provider;
 
 import java.text.ParseException;
+import java.util.Collections;
 import java.util.Date;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.sts.request.Lifetime;
 import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
 import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 import org.joda.time.DateTime;
@@ -200,7 +202,11 @@ public class DefaultConditionsProvider implements ConditionsProvider {
         } else {
             conditions.setTokenPeriodMinutes(5);
         }
-        conditions.setAudienceURI(appliesToAddress);
+        if (appliesToAddress != null) {
+            AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
+            audienceRestriction.setAudienceURIs(Collections.singletonList(appliesToAddress));
+            conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+        }
         
         return conditions;
     }