cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Use principal from the validation process if available
Date Tue, 16 Dec 2014 14:24:31 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 6057b95ed -> 0ef8f352e


Use principal from the validation process if available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0ef8f352
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0ef8f352
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0ef8f352

Branch: refs/heads/3.0.x-fixes
Commit: 0ef8f352e25ca1a15754a34af948a49ffc7e1fbc
Parents: 6057b95
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 16 13:54:54 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 16 14:16:43 2014 +0000

----------------------------------------------------------------------
 .../cxf/sts/token/validator/SAMLTokenValidator.java | 13 ++++++++-----
 .../sts/token/validator/UsernameTokenValidator.java | 16 ++++++++++------
 .../cxf/sts/token/validator/X509TokenValidator.java |  7 ++++++-
 3 files changed, 24 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0ef8f352/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
index 823e379..bd31688 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
@@ -44,7 +44,6 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
@@ -151,9 +150,6 @@ public class SAMLTokenValidator implements TokenValidator {
             Element validateTargetElement = (Element)validateTarget.getToken();
             SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement);
             
-            SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipalImpl(assertion);
-            response.setPrincipal(samlPrincipal);
-            
             if (!assertion.isSigned()) {
                 LOG.log(Level.WARNING, "The received assertion is not signed, and therefore
not trusted");
                 return response;
@@ -193,6 +189,7 @@ public class SAMLTokenValidator implements TokenValidator {
                 secToken = null;
             }
             
+            Principal principal = null;
             if (secToken == null) {
                 // Validate the assertion against schemas/profiles
                 validateAssertion(assertion);
@@ -203,6 +200,7 @@ public class SAMLTokenValidator implements TokenValidator {
                 trustCredential.setCertificates(samlKeyInfo.getCerts());
     
                 trustCredential = validator.validate(trustCredential, requestData);
+                principal = trustCredential.getPrincipal();
 
                 // Finally check that subject DN of the signing certificate matches a known
constraint
                 X509Certificate cert = null;
@@ -215,10 +213,14 @@ public class SAMLTokenValidator implements TokenValidator {
                 }
             }
             
+            if (principal == null) {
+                principal = new SAMLTokenPrincipalImpl(assertion);
+            }
+            
             // Parse roles from the validated token
             if (samlRoleParser != null) {
                 Set<Principal> roles = 
-                    samlRoleParser.parseRolesFromAssertion(samlPrincipal, null, assertion);
+                    samlRoleParser.parseRolesFromAssertion(principal, null, assertion);
                 response.setRoles(roles);
             }
            
@@ -254,6 +256,7 @@ public class SAMLTokenValidator implements TokenValidator {
             Map<String, Object> addProps = new HashMap<String, Object>();
             addProps.put(SamlAssertionWrapper.class.getName(), assertion);
             response.setAdditionalProperties(addProps);
+            response.setPrincipal(principal);
             
             validateTarget.setState(STATE.VALID);
         } catch (WSSecurityException ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/0ef8f352/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
index a8a175a..317d698 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
@@ -188,16 +188,20 @@ public class UsernameTokenValidator implements TokenValidator {
                 }
             }
             
+            Principal principal = null;
             if (secToken == null) {
                 Credential credential = new Credential();
                 credential.setUsernametoken(ut);
-                validator.validate(credential, requestData);
+                credential = validator.validate(credential, requestData);
+                principal = credential.getPrincipal();
+            }
+           
+            if (principal == null) {
+                principal = 
+                    createPrincipal(
+                        ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(),
ut.getCreated()
+                    );
             }
-            
-            Principal principal = 
-                createPrincipal(
-                    ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(),
ut.getCreated()
-                );
             
             // Get the realm of the UsernameToken
             String tokenRealm = null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/0ef8f352/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
index 6b3847c..368ed54 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.sts.token.validator;
 
+import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.logging.Level;
@@ -154,7 +155,11 @@ public class X509TokenValidator implements TokenValidator {
             }
 
             Credential returnedCredential = validator.validate(credential, requestData);
-            response.setPrincipal(returnedCredential.getCertificates()[0].getSubjectX500Principal());
+            Principal principal = returnedCredential.getPrincipal();
+            if (principal == null) {
+                principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
+            }
+            response.setPrincipal(principal);
             validateTarget.setState(STATE.VALID);
         } catch (WSSecurityException ex) {
             LOG.log(Level.WARNING, "", ex);


Mime
View raw message