cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] git commit: Adding support for a cross-domain STS test
Date Thu, 26 Jun 2014 12:48:40 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 403a4fb83 -> 417d93849


Adding support for a cross-domain STS test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/417d9384
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/417d9384
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/417d9384

Branch: refs/heads/master
Commit: 417d9384948f93adcc0ce1c9f2786e8dcafa434d
Parents: 68372da
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jun 26 13:48:07 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jun 26 13:48:34 2014 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      |  12 +-
 .../apache/cxf/ws/security/trust/STSUtils.java  | 128 +++++++++++++++----
 .../sts/cross_domain/CrossDomainTest.java       |   3 +-
 .../cxf/systest/sts/cross_domain/cxf-client.xml |   1 +
 4 files changed, 117 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/417d9384/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 131a6ac..7938889 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -455,6 +455,16 @@ public final class SecurityConstants {
         "ws-security.sts.disable-wsmex-call-using-epr-address";
     
     /**
+     * Whether to prefer to use WS-MEX over a STSClient's location/wsdlLocation properties
+     * when making an STS RequestSecurityToken call. This can be set to true for the scenario
+     * of making a WS-MEX call to an initial STS, and using the returned token to make another
+     * call to an STS (which is configured using the STSClient configuration). Default is

+     * "false".
+     */
+    public static final String PREFER_WSMEX_OVER_STS_CLIENT_CONFIG = 
+        "ws-security.sts.prefer-wsmex";
+    
+    /**
      * Switch STS client to send Soap 1.2 messages
      */
     public static final String STS_CLIENT_SOAP12_BINDING =
@@ -568,7 +578,7 @@ public final class SecurityConstants {
             TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
             ASYMMETRIC_SIGNATURE_ALGORITHM, PASSWORD_ENCRYPTOR_INSTANCE, ENABLE_SAML_ONE_TIME_USE_CACHE,
             SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY, RETURN_SECURITY_ERROR,
-            CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT
+            CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/417d9384/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
index 6003439..6e27209 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
@@ -22,6 +22,8 @@ package org.apache.cxf.ws.security.trust;
 import javax.xml.bind.JAXBException;
 import javax.xml.namespace.QName;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusException;
 import org.apache.cxf.binding.BindingFactory;
@@ -31,6 +33,7 @@ import org.apache.cxf.databinding.source.SourceDataBinding;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.endpoint.EndpointException;
 import org.apache.cxf.endpoint.EndpointImpl;
+import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.service.Service;
@@ -90,39 +93,116 @@ public final class STSUtils {
     }
     
     public static STSClient getClient(Message message, String type, IssuedToken itok) {
-        STSClient client = (STSClient)message
-            .getContextualProperty(SecurityConstants.STS_CLIENT);
-        if (client == null) {
-            if (type == null) {
-                type = "";
-            } else {
-                type = "." + type + "-client";
-            }
-            client = new STSClient(message.getExchange().get(Bus.class));
-            Endpoint ep = message.getExchange().get(Endpoint.class);
-            client.setEndpointName(ep.getEndpointInfo().getName().toString() + type);
-            client.setBeanName(ep.getEndpointInfo().getName().toString() + type);
-            if (MessageUtils.getContextualBoolean(message, SecurityConstants.STS_CLIENT_SOAP12_BINDING,
false)) {
-                client.setSoap12();
-            }
-        }
-        
-        if (client.getLocation() == null && client.getWsdlLocation() == null 
-            && itok != null && itok.getIssuer() != null) {
+        // Find out first if we have an EPR to get the STS Address (possibly via WS-MEX)
+        if (itok != null && itok.getIssuer() != null && message != null)
{
             EndpointReferenceType epr = null;
             try {
                 epr = VersionTransformer.parseEndpointReference(itok.getIssuer());
             } catch (JAXBException e) {
                 throw new IllegalArgumentException(e);
             }
-            //configure via mex
-            boolean useEPRWSAAddrAsMEXLocation = 
-                !Boolean.valueOf((String)message.getContextualProperty(
-                    SecurityConstants.DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS));
-            client.configureViaEPR(epr, useEPRWSAAddrAsMEXLocation);
+            
+            String mexLocation = findMEXLocation(epr);
+            // Configure via WS-MEX
+            if (mexLocation != null
+                && MessageUtils.getContextualBoolean(message, 
+                                                     SecurityConstants.PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
+                                                     false)) {
+                // WS-MEX call. So now either get the WS-MEX specific STSClient or else create
one
+                STSClient client = (STSClient)message
+                    .getContextualProperty(SecurityConstants.STS_CLIENT + ".wsmex");
+                if (client == null) {
+                    client = createSTSClient(message, type);
+                }
+                client.configureViaEPR(epr, false);
+                return client;
+            } else if (configureViaEPR(message, type, epr)) {
+                // Only use WS-MEX here if the pre-configured STSClient has no location/wsdllocation
+                boolean useEPRWSAAddrAsMEXLocation = 
+                    !Boolean.valueOf((String)message.getContextualProperty(
+                        SecurityConstants.DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS));
+                
+                STSClient client = (STSClient)message
+                    .getContextualProperty(SecurityConstants.STS_CLIENT);
+                if (client == null) {
+                    client = createSTSClient(message, type);
+                }
+                client.configureViaEPR(epr, useEPRWSAAddrAsMEXLocation);
+                return client;
+            }
+        }
+        
+        // Not a WS-MEX call
+        STSClient client = (STSClient)message
+            .getContextualProperty(SecurityConstants.STS_CLIENT);
+        if (client == null) {
+            client = createSTSClient(message, type);
+        }
+        
+        return client;
+    }
+        
+    public static boolean configureViaEPR(Message message, String type, EndpointReferenceType
epr) {
+        STSClient client = (STSClient)message
+            .getContextualProperty(SecurityConstants.STS_CLIENT);
+        if (epr != null && client == null) {
+            return true;
+        } else if (epr != null && client != null && client.getLocation()
== null && client.getWsdlLocation() == null) {
+            return true;
+        }
+            
+        return false;
+    }
+    
+    private static STSClient createSTSClient(Message message, String type) {
+        if (type == null) {
+            type = "";
+        } else {
+            type = "." + type + "-client";
+        }
+        STSClient client = new STSClient(message.getExchange().get(Bus.class));
+        Endpoint ep = message.getExchange().get(Endpoint.class);
+        client.setEndpointName(ep.getEndpointInfo().getName().toString() + type);
+        client.setBeanName(ep.getEndpointInfo().getName().toString() + type);
+        if (MessageUtils.getContextualBoolean(message, SecurityConstants.STS_CLIENT_SOAP12_BINDING,
false)) {
+            client.setSoap12();
         }
+        
         return client;
     }
+    
+    public static String findMEXLocation(EndpointReferenceType ref) {
+        if (ref.getMetadata() != null && ref.getMetadata().getAny() != null) {
+            for (Object any : ref.getMetadata().getAny()) {
+                if (any instanceof Element) {
+                    String addr = findMEXLocation((Element)any);
+                    if (addr != null) {
+                        return addr;
+                    }
+                }
+            }
+        }
+        return null;
+    }
+    
+    public static String findMEXLocation(Element ref) {
+        Element el = DOMUtils.getFirstElement(ref);
+        while (el != null) {
+            if (el.getLocalName().equals("Address")
+                && VersionTransformer.isSupported(el.getNamespaceURI())
+                && "MetadataReference".equals(ref.getLocalName())) {
+                return DOMUtils.getContent(el);
+            } else {
+                String ad = findMEXLocation(el);
+                if (ad != null) {
+                    return ad;
+                }
+            }
+            el = DOMUtils.getNextElement(el);
+        }
+        return null;
+    }
+    
     public static Endpoint createSTSEndpoint(Bus bus, 
                                              String namespace,
                                              String transportId,

http://git-wip-us.apache.org/repos/asf/cxf/blob/417d9384/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
index 9b169fa..8f340f6 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
@@ -89,7 +89,7 @@ public class CrossDomainTest extends AbstractBusClientServerTestBase {
         stopAllServers();
     }
 
-    //  In this test, a CXF client checks to see that the location defined on its STSClient
is different
+    // In this test, a CXF client checks to see that the location defined on its STSClient
is different
     // from that configured in the Issuer of the IssuedToken policy supplied in the WSDL
of the
     // service provider. It obtains a SAML Token from the configured STS first, and then
sends it in
     // the security header to the second STS. The returned token is then sent to the service
provider.
@@ -123,7 +123,6 @@ public class CrossDomainTest extends AbstractBusClientServerTestBase {
     // The client has a configured STSClient for this + uses it to get a token from "a",
and in
     // turn to use the returned token to get a token from "b", to access the service.
     @org.junit.Test
-    @org.junit.Ignore
     public void testCrossDomainMEX() throws Exception {
         
         if (!portFree) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/417d9384/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml
index f854682..26b9fe0 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml
@@ -48,6 +48,7 @@
     
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItCrossDomainMEXPort"
createdFromAPI="true">
         <jaxws:properties>
+            <entry key="ws-security.sts.prefer-wsmex" value="true"/>
             <entry key="ws-security.sts.client">
                 <bean class="org.apache.cxf.ws.security.trust.STSClient">
                     <constructor-arg ref="cxf"/>


Mime
View raw message