cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/5] cxf git commit: Refactoring of XACML code
Date Fri, 17 Jul 2015 14:17:10 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java
deleted file mode 100644
index 53cd863..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.joda.time.DateTime;
-import org.opensaml.xacml.ctx.ActionType;
-import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.AttributeValueType;
-import org.opensaml.xacml.ctx.EnvironmentType;
-import org.opensaml.xacml.ctx.RequestType;
-import org.opensaml.xacml.ctx.ResourceType;
-import org.opensaml.xacml.ctx.SubjectType;
-
-
-/**
- * Some unit tests to create a XACML Request using the RequestComponentBuilder.
- */
-public class RequestComponentBuilderTest extends org.junit.Assert {
-    
-    private DocumentBuilder docBuilder;
-    static {
-        OpenSAMLUtil.initSamlEngine();
-    }
-    
-    public RequestComponentBuilderTest() throws ParserConfigurationException {
-        DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
-        docBuilderFactory.setNamespaceAware(true);
-        docBuilder = docBuilderFactory.newDocumentBuilder();
-    }
-
-    @org.junit.Test
-    public void testCreateXACMLRequest() throws Exception {
-        Document doc = docBuilder.newDocument();
-        
-        // Subject
-        AttributeValueType subjectIdAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "alice-user@apache.org"
-            );
-        AttributeType subjectIdAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.SUBJECT_ID,
-                    XACMLConstants.RFC_822_NAME,
-                    null,
-                    Collections.singletonList(subjectIdAttributeValue)
-            );
-        
-        AttributeValueType subjectGroupAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "manager"
-            );
-        AttributeType subjectGroupAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.SUBJECT_ROLE,
-                    XACMLConstants.XS_ANY_URI,
-                    "admin-user@apache.org",
-                    Collections.singletonList(subjectGroupAttributeValue)
-            );
-        List<AttributeType> attributes = new ArrayList<AttributeType>();
-        attributes.add(subjectIdAttribute);
-        attributes.add(subjectGroupAttribute);
-        SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
-        
-        // Resource
-        AttributeValueType resourceAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "{http://www.example.org/contract/DoubleIt}DoubleIt"
-            );
-        AttributeType resourceAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.RESOURCE_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(resourceAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(resourceAttribute);
-        ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
-        
-        // Action
-        AttributeValueType actionAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "execute"
-            );
-        AttributeType actionAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.ACTION_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(actionAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(actionAttribute);
-        ActionType action = RequestComponentBuilder.createActionType(attributes);
-        
-        // Request
-        RequestType request = 
-            RequestComponentBuilder.createRequestType(
-                    Collections.singletonList(subject), 
-                    Collections.singletonList(resource), 
-                    action, 
-                    null
-            );
-        
-        Element policyElement = OpenSAMLUtil.toDom(request, doc);
-        // String outputString = DOM2Writer.nodeToString(policyElement);
-        assertNotNull(policyElement);
-    }
-    
-    @org.junit.Test
-    public void testEnvironment() throws Exception {
-        Document doc = docBuilder.newDocument();
-        
-        // Subject
-        AttributeValueType subjectIdAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "alice-user@apache.org"
-            );
-        AttributeType subjectIdAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.SUBJECT_ID,
-                    XACMLConstants.RFC_822_NAME,
-                    null,
-                    Collections.singletonList(subjectIdAttributeValue)
-            );
-        
-        List<AttributeType> attributes = new ArrayList<AttributeType>();
-        attributes.add(subjectIdAttribute);
-        SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
-        
-        // Resource
-        AttributeValueType resourceAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "{http://www.example.org/contract/DoubleIt}DoubleIt"
-            );
-        AttributeType resourceAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.RESOURCE_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(resourceAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(resourceAttribute);
-        ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
-        
-        // Action
-        AttributeValueType actionAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "execute"
-            );
-        AttributeType actionAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.ACTION_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(actionAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(actionAttribute);
-        ActionType action = RequestComponentBuilder.createActionType(attributes);
-        
-        // Environment
-        DateTime dateTime = new DateTime();
-        AttributeValueType environmentAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(dateTime.toString());
-        AttributeType environmentAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.CURRENT_DATETIME,
-                    XACMLConstants.XS_DATETIME,
-                    null,
-                    Collections.singletonList(environmentAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(environmentAttribute);
-        EnvironmentType environmentType = 
-             RequestComponentBuilder.createEnvironmentType(attributes);
-        
-        // Request
-        RequestType request = 
-            RequestComponentBuilder.createRequestType(
-                    Collections.singletonList(subject), 
-                    Collections.singletonList(resource), 
-                    action, 
-                    environmentType
-            );
-        
-        Element policyElement = OpenSAMLUtil.toDom(request, doc);
-        // String outputString = DOM2Writer.nodeToString(policyElement);
-        assertNotNull(policyElement);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java
deleted file mode 100644
index 526be4a..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.opensaml.xacml.ctx.ActionType;
-import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.AttributeValueType;
-import org.opensaml.xacml.ctx.RequestType;
-import org.opensaml.xacml.ctx.ResourceType;
-import org.opensaml.xacml.ctx.SubjectType;
-import org.opensaml.xacml.profile.saml.SAMLProfileConstants;
-import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;
-
-
-/**
- * Some unit tests for creating a SAML XACML Request.
- */
-public class SamlRequestComponentBuilderTest extends org.junit.Assert {
-    
-    private DocumentBuilder docBuilder;
-    static {
-        OpenSAMLUtil.initSamlEngine();
-    }
-    
-    public SamlRequestComponentBuilderTest() throws ParserConfigurationException {
-        DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
-        docBuilderFactory.setNamespaceAware(true);
-        docBuilder = docBuilderFactory.newDocumentBuilder();
-    }
-
-    @org.junit.Test
-    public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
-        Document doc = docBuilder.newDocument();
-        
-        //
-        // Create XACML request
-        //
-        
-        // Subject
-        AttributeValueType subjectIdAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "alice-user@apache.org"
-            );
-        AttributeType subjectIdAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.SUBJECT_ID,
-                    XACMLConstants.RFC_822_NAME,
-                    null,
-                    Collections.singletonList(subjectIdAttributeValue)
-            );
-        
-        AttributeValueType subjectGroupAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "manager"
-            );
-        AttributeType subjectGroupAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.SUBJECT_ROLE,
-                    XACMLConstants.XS_ANY_URI,
-                    "admin-user@apache.org",
-                    Collections.singletonList(subjectGroupAttributeValue)
-            );
-        List<AttributeType> attributes = new ArrayList<AttributeType>();
-        attributes.add(subjectIdAttribute);
-        attributes.add(subjectGroupAttribute);
-        SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
-        
-        // Resource
-        AttributeValueType resourceAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "{http://www.example.org/contract/DoubleIt}DoubleIt"
-            );
-        AttributeType resourceAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.RESOURCE_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(resourceAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(resourceAttribute);
-        ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
-        
-        // Action
-        AttributeValueType actionAttributeValue = 
-            RequestComponentBuilder.createAttributeValueType(
-                    "execute"
-            );
-        AttributeType actionAttribute = 
-            RequestComponentBuilder.createAttributeType(
-                    XACMLConstants.ACTION_ID,
-                    XACMLConstants.XS_STRING,
-                    null,
-                    Collections.singletonList(actionAttributeValue)
-            );
-        attributes.clear();
-        attributes.add(actionAttribute);
-        ActionType action = RequestComponentBuilder.createActionType(attributes);
-        
-        // Request
-        RequestType request = 
-            RequestComponentBuilder.createRequestType(
-                    Collections.singletonList(subject), 
-                    Collections.singletonList(resource), 
-                    action, 
-                    null
-            );
-        
-        //
-        // Create SAML wrapper
-        //
-        
-        XACMLAuthzDecisionQueryType authzQuery = 
-            SamlRequestComponentBuilder.createAuthzDecisionQuery(
-                    "Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS
-            );
-        
-        Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
-        // String outputString = DOM2Writer.nodeToString(policyElement);
-        assertNotNull(policyElement);
-    }
-    
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java
deleted file mode 100644
index 30fb821..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.apache.cxf.rt.security.saml.xacml.pdp.api.PolicyDecisionPoint;
-import org.apache.cxf.security.LoginSecurityContext;
-import org.apache.cxf.security.SecurityContext;
-
-
-/**
- * Some unit tests to test the AbstractXACMLAuthorizingInterceptor.
- */
-public class XACMLAuthorizingInterceptorTest extends org.junit.Assert {
-    
-    static {
-        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
-    }
-
-    @SuppressWarnings("deprecation")
-    @org.junit.Test
-    public void testPermit() throws Exception {
-        // Mock up a Security Context
-        SecurityContext sc = createSecurityContext("alice", "manager");
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURI = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URI, resourceURI);
-        msg.put(SecurityContext.class, sc);
-        
-        PolicyDecisionPoint pdp = new DummyPDP();
-        XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
-        authorizingInterceptor.handleMessage(msg);
-    }
-    
-    @SuppressWarnings("deprecation")
-    @org.junit.Test
-    public void testDeny() throws Exception {
-        // Mock up a Security Context
-        SecurityContext sc = createSecurityContext("alice", "boss");
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURI = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URI, resourceURI);
-        msg.put(SecurityContext.class, sc);
-        
-        PolicyDecisionPoint pdp = new DummyPDP();
-        XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
-        
-        try {
-            authorizingInterceptor.handleMessage(msg);
-            fail("Failure expected on deny");
-        } catch (Exception ex) {
-            // Failure expected
-        }
-    }
-    
-    private SecurityContext createSecurityContext(final String user, final String role) {
-        return new LoginSecurityContext() {
-
-            @Override
-            public Principal getUserPrincipal() {
-                return new Principal() {
-                    public String getName() {
-                        return user;
-                    }
-                };
-            }
-
-            @Override
-            public boolean isUserInRole(String role) {
-                return false;
-            }
-
-            @Override
-            public Subject getSubject() {
-                return null;
-            }
-
-            @Override
-            public Set<Principal> getUserRoles() {
-                Set<Principal> principals = new HashSet<Principal>();
-                principals.add(new Principal() {
-                    public String getName() {
-                        return role;
-                    }
-                });
-                return principals;
-            }
-            
-        };
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java
deleted file mode 100644
index baccaeb..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java
+++ /dev/null
@@ -1,308 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.security.Principal;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.RequestType;
-import org.opensaml.xacml.ctx.ResourceType;
-
-
-/**
- * Some unit tests to create a XACML Request via the XACMLRequestBuilder interface.
- */
-@SuppressWarnings("deprecation")
-public class XACMLRequestBuilderTest extends org.junit.Assert {
-    
-    static {
-        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
-    }
-
-    @org.junit.Test
-    public void testXACMLRequestBuilder() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URI, resourceURL);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-    }
-
-    
-    @org.junit.Test
-    public void testAction() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URI, resourceURL);
-        
-        DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request); 
-        
-        String action = 
-            request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
-        assertEquals("execute", action);
-        
-        builder.setAction("write");
-        request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request); 
-        
-        action = 
-            request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
-        assertEquals("write", action);
-    }
-    
-    @org.junit.Test
-    public void testEnvironment() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URL, resourceURL);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-        assertFalse(request.getEnvironment().getAttributes().isEmpty());
-        
-        ((DefaultXACMLRequestBuilder)builder).setSendDateTime(false);
-        request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-        assertTrue(request.getEnvironment().getAttributes().isEmpty());
-    }
-    
-    @org.junit.Test
-    public void testSOAPResource() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URL, resourceURL);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-        
-        List<ResourceType> resources = request.getResources();
-        assertNotNull(resources);
-        assertEquals(1, resources.size());
-        
-        ResourceType resource = resources.get(0);
-        assertEquals(4, resource.getAttributes().size());
-        
-        boolean resourceIdSatisfied = false;
-        boolean soapServiceSatisfied = false;
-        boolean soapOperationSatisfied = false;
-        boolean resourceURISatisfied = false;
-        for (AttributeType attribute : resource.getAttributes()) {
-            String attributeValue = attribute.getAttributeValues().get(0).getValue();
-            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
-                && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals(
-                    attributeValue)) {
-                resourceIdSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
-                && service.equals(attributeValue)) {
-                soapServiceSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
-                && operation.equals(attributeValue)) {
-                soapOperationSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
-                && resourceURL.equals(attributeValue)) {
-                resourceURISatisfied = true;
-            }
-        }
-        
-        assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
-                   && resourceURISatisfied);
-    }
-    
-    @org.junit.Test
-    public void testSOAPResourceDifferentNamespace() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
-        MessageImpl msg = new MessageImpl();
-        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
-        String service = "{http://www.example.org/contract/DoubleItService}DoubleItService";
-        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URL, resourceURL);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-        
-        List<ResourceType> resources = request.getResources();
-        assertNotNull(resources);
-        assertEquals(1, resources.size());
-        
-        ResourceType resource = resources.get(0);
-        assertEquals(4, resource.getAttributes().size());
-        
-        boolean resourceIdSatisfied = false;
-        boolean soapServiceSatisfied = false;
-        boolean soapOperationSatisfied = false;
-        boolean resourceURISatisfied = false;
-        String expectedResourceId = 
-            service + "#" + operation;
-        for (AttributeType attribute : resource.getAttributes()) {
-            String attributeValue = attribute.getAttributeValues().get(0).getValue();
-            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
-                && expectedResourceId.equals(attributeValue)) {
-                resourceIdSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
-                && service.equals(attributeValue)) {
-                soapServiceSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
-                && operation.equals(attributeValue)) {
-                soapOperationSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
-                && resourceURL.equals(attributeValue)) {
-                resourceURISatisfied = true;
-            }
-        }
-        
-        assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
-                   && resourceURISatisfied);
-    }
-    
-    @org.junit.Test
-    public void testRESTResource() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        MessageImpl msg = new MessageImpl();
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URL, resourceURL);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-        
-        List<ResourceType> resources = request.getResources();
-        assertNotNull(resources);
-        assertEquals(1, resources.size());
-        
-        ResourceType resource = resources.get(0);
-        assertEquals(1, resource.getAttributes().size());
-        
-        for (AttributeType attribute : resource.getAttributes()) {
-            String attributeValue = attribute.getAttributeValues().get(0).getValue();
-            assertEquals(attributeValue, resourceURL);
-        }
-    }
-    
-    @org.junit.Test
-    public void testRESTResourceTruncatedURI() throws Exception {
-        // Mock up a request
-        Principal principal = new Principal() {
-            public String getName() {
-                return "alice";
-            }
-        };
-        
-        MessageImpl msg = new MessageImpl();
-        String resourceURL = "https://localhost:8080/doubleit";
-        msg.put(Message.REQUEST_URL, resourceURL);
-        String resourceURI = "/doubleit";
-        msg.put(Message.REQUEST_URI, resourceURI);
-        
-        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
-        ((DefaultXACMLRequestBuilder)builder).setSendFullRequestURL(false);
-        RequestType request = 
-            builder.createRequest(principal, Collections.singletonList("manager"), msg);
-        assertNotNull(request);
-        
-        List<ResourceType> resources = request.getResources();
-        assertNotNull(resources);
-        assertEquals(1, resources.size());
-        
-        ResourceType resource = resources.get(0);
-        assertEquals(1, resource.getAttributes().size());
-        
-        for (AttributeType attribute : resource.getAttributes()) {
-            String attributeValue = attribute.getAttributeValues().get(0).getValue();
-            assertEquals(attributeValue, resourceURI);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java
new file mode 100644
index 0000000..3481598
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.util.List;
+
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.xacml.XACMLObjectBuilder;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.DecisionType;
+import org.opensaml.xacml.ctx.DecisionType.DECISION;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResponseType;
+import org.opensaml.xacml.ctx.ResultType;
+import org.opensaml.xacml.ctx.StatusCodeType;
+import org.opensaml.xacml.ctx.StatusType;
+import org.opensaml.xacml.ctx.SubjectType;
+
+/**
+ * A test implementation of AbstractXACMLAuthorizingInterceptor. It just mocks up a Response
+ * object based on the role of the Subject. If the role is "manager" then it permits the
+ * request, otherwise it denies it.
+ */
+public class DummyPDP implements PolicyDecisionPoint {
+
+    public ResponseType evaluate(RequestType request) {
+        String role = getSubjectRole(request);
+        DECISION decision = "manager".equals(role) ? DecisionType.DECISION.Permit : DecisionType.DECISION.Deny;        
+        return createResponse(decision);
+    }
+    
+    private ResponseType createResponse(DECISION decision) {
+        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
+        
+        @SuppressWarnings("unchecked")
+        XACMLObjectBuilder<ResponseType> responseTypeBuilder = 
+            (XACMLObjectBuilder<ResponseType>)
+            builderFactory.getBuilder(ResponseType.DEFAULT_ELEMENT_NAME);
+        
+        @SuppressWarnings("unchecked")
+        XACMLObjectBuilder<ResultType> resultTypeBuilder = 
+            (XACMLObjectBuilder<ResultType>)
+            builderFactory.getBuilder(ResultType.DEFAULT_ELEMENT_NAME);
+        
+        @SuppressWarnings("unchecked")
+        XACMLObjectBuilder<DecisionType> decisionTypeBuilder =
+            (XACMLObjectBuilder<DecisionType>)
+            builderFactory.getBuilder(DecisionType.DEFAULT_ELEMENT_NAME);
+        
+        @SuppressWarnings("unchecked")
+        XACMLObjectBuilder<StatusType> statusTypeBuilder = 
+            (XACMLObjectBuilder<StatusType>)
+            builderFactory.getBuilder(StatusType.DEFAULT_ELEMENT_NAME);
+        
+        @SuppressWarnings("unchecked")
+        XACMLObjectBuilder<StatusCodeType> statusCodeTypeBuilder =
+            (XACMLObjectBuilder<StatusCodeType>)
+            builderFactory.getBuilder(StatusCodeType.DEFAULT_ELEMENT_NAME);
+            
+        ResultType result = resultTypeBuilder.buildObject();
+
+        DecisionType decisionType = decisionTypeBuilder.buildObject();
+        decisionType.setDecision(decision);
+        result.setDecision(decisionType);
+        
+        StatusType status = statusTypeBuilder.buildObject();
+        StatusCodeType statusCode = statusCodeTypeBuilder.buildObject();
+        statusCode.setValue("urn:oasis:names:tc:xacml:1.0:status:ok");
+        status.setStatusCode(statusCode);
+        result.setStatus(status);
+        
+        ResponseType response = responseTypeBuilder.buildObject();
+        response.getResults().add(result);
+        return response;
+    }
+
+    private String getSubjectRole(RequestType request) {
+        List<SubjectType> subjects = request.getSubjects();
+        if (subjects != null) {
+            for (SubjectType subject : subjects) {
+                List<AttributeType> attributes = subject.getAttributes();
+                if (attributes != null) {
+                    for (AttributeType attribute : attributes) {
+                        if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeId())) {
+                            return attribute.getAttributeValues().get(0).getValue();
+                        }
+                    }
+                }
+            }
+        }
+        return null;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
new file mode 100644
index 0000000..3a2bc3c
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
@@ -0,0 +1,222 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.joda.time.DateTime;
+import org.opensaml.xacml.ctx.ActionType;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.AttributeValueType;
+import org.opensaml.xacml.ctx.EnvironmentType;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResourceType;
+import org.opensaml.xacml.ctx.SubjectType;
+
+
+/**
+ * Some unit tests to create a XACML Request using the RequestComponentBuilder.
+ */
+public class RequestComponentBuilderTest extends org.junit.Assert {
+    
+    private DocumentBuilder docBuilder;
+    static {
+        OpenSAMLUtil.initSamlEngine();
+    }
+    
+    public RequestComponentBuilderTest() throws ParserConfigurationException {
+        DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+        docBuilderFactory.setNamespaceAware(true);
+        docBuilder = docBuilderFactory.newDocumentBuilder();
+    }
+
+    @org.junit.Test
+    public void testCreateXACMLRequest() throws Exception {
+        Document doc = docBuilder.newDocument();
+        
+        // Subject
+        AttributeValueType subjectIdAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "alice-user@apache.org"
+            );
+        AttributeType subjectIdAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.SUBJECT_ID,
+                    XACMLConstants.RFC_822_NAME,
+                    null,
+                    Collections.singletonList(subjectIdAttributeValue)
+            );
+        
+        AttributeValueType subjectGroupAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "manager"
+            );
+        AttributeType subjectGroupAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.SUBJECT_ROLE,
+                    XACMLConstants.XS_ANY_URI,
+                    "admin-user@apache.org",
+                    Collections.singletonList(subjectGroupAttributeValue)
+            );
+        List<AttributeType> attributes = new ArrayList<AttributeType>();
+        attributes.add(subjectIdAttribute);
+        attributes.add(subjectGroupAttribute);
+        SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
+        
+        // Resource
+        AttributeValueType resourceAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "{http://www.example.org/contract/DoubleIt}DoubleIt"
+            );
+        AttributeType resourceAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.RESOURCE_ID,
+                    XACMLConstants.XS_STRING,
+                    null,
+                    Collections.singletonList(resourceAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(resourceAttribute);
+        ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
+        
+        // Action
+        AttributeValueType actionAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "execute"
+            );
+        AttributeType actionAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.ACTION_ID,
+                    XACMLConstants.XS_STRING,
+                    null,
+                    Collections.singletonList(actionAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(actionAttribute);
+        ActionType action = RequestComponentBuilder.createActionType(attributes);
+        
+        // Request
+        RequestType request = 
+            RequestComponentBuilder.createRequestType(
+                    Collections.singletonList(subject), 
+                    Collections.singletonList(resource), 
+                    action, 
+                    null
+            );
+        
+        Element policyElement = OpenSAMLUtil.toDom(request, doc);
+        // String outputString = DOM2Writer.nodeToString(policyElement);
+        assertNotNull(policyElement);
+    }
+    
+    @org.junit.Test
+    public void testEnvironment() throws Exception {
+        Document doc = docBuilder.newDocument();
+        
+        // Subject
+        AttributeValueType subjectIdAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "alice-user@apache.org"
+            );
+        AttributeType subjectIdAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.SUBJECT_ID,
+                    XACMLConstants.RFC_822_NAME,
+                    null,
+                    Collections.singletonList(subjectIdAttributeValue)
+            );
+        
+        List<AttributeType> attributes = new ArrayList<AttributeType>();
+        attributes.add(subjectIdAttribute);
+        SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
+        
+        // Resource
+        AttributeValueType resourceAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "{http://www.example.org/contract/DoubleIt}DoubleIt"
+            );
+        AttributeType resourceAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.RESOURCE_ID,
+                    XACMLConstants.XS_STRING,
+                    null,
+                    Collections.singletonList(resourceAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(resourceAttribute);
+        ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
+        
+        // Action
+        AttributeValueType actionAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "execute"
+            );
+        AttributeType actionAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.ACTION_ID,
+                    XACMLConstants.XS_STRING,
+                    null,
+                    Collections.singletonList(actionAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(actionAttribute);
+        ActionType action = RequestComponentBuilder.createActionType(attributes);
+        
+        // Environment
+        DateTime dateTime = new DateTime();
+        AttributeValueType environmentAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(dateTime.toString());
+        AttributeType environmentAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.CURRENT_DATETIME,
+                    XACMLConstants.XS_DATETIME,
+                    null,
+                    Collections.singletonList(environmentAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(environmentAttribute);
+        EnvironmentType environmentType = 
+             RequestComponentBuilder.createEnvironmentType(attributes);
+        
+        // Request
+        RequestType request = 
+            RequestComponentBuilder.createRequestType(
+                    Collections.singletonList(subject), 
+                    Collections.singletonList(resource), 
+                    action, 
+                    environmentType
+            );
+        
+        Element policyElement = OpenSAMLUtil.toDom(request, doc);
+        // String outputString = DOM2Writer.nodeToString(policyElement);
+        assertNotNull(policyElement);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java
new file mode 100644
index 0000000..7d594dc
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.opensaml.xacml.ctx.ActionType;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.AttributeValueType;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResourceType;
+import org.opensaml.xacml.ctx.SubjectType;
+import org.opensaml.xacml.profile.saml.SAMLProfileConstants;
+import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;
+
+
+/**
+ * Some unit tests for creating a SAML XACML Request.
+ */
+public class SamlRequestComponentBuilderTest extends org.junit.Assert {
+    
+    private DocumentBuilder docBuilder;
+    static {
+        OpenSAMLUtil.initSamlEngine();
+    }
+    
+    public SamlRequestComponentBuilderTest() throws ParserConfigurationException {
+        DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+        docBuilderFactory.setNamespaceAware(true);
+        docBuilder = docBuilderFactory.newDocumentBuilder();
+    }
+
+    @org.junit.Test
+    public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
+        Document doc = docBuilder.newDocument();
+        
+        //
+        // Create XACML request
+        //
+        
+        // Subject
+        AttributeValueType subjectIdAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "alice-user@apache.org"
+            );
+        AttributeType subjectIdAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.SUBJECT_ID,
+                    XACMLConstants.RFC_822_NAME,
+                    null,
+                    Collections.singletonList(subjectIdAttributeValue)
+            );
+        
+        AttributeValueType subjectGroupAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "manager"
+            );
+        AttributeType subjectGroupAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.SUBJECT_ROLE,
+                    XACMLConstants.XS_ANY_URI,
+                    "admin-user@apache.org",
+                    Collections.singletonList(subjectGroupAttributeValue)
+            );
+        List<AttributeType> attributes = new ArrayList<AttributeType>();
+        attributes.add(subjectIdAttribute);
+        attributes.add(subjectGroupAttribute);
+        SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
+        
+        // Resource
+        AttributeValueType resourceAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "{http://www.example.org/contract/DoubleIt}DoubleIt"
+            );
+        AttributeType resourceAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.RESOURCE_ID,
+                    XACMLConstants.XS_STRING,
+                    null,
+                    Collections.singletonList(resourceAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(resourceAttribute);
+        ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
+        
+        // Action
+        AttributeValueType actionAttributeValue = 
+            RequestComponentBuilder.createAttributeValueType(
+                    "execute"
+            );
+        AttributeType actionAttribute = 
+            RequestComponentBuilder.createAttributeType(
+                    XACMLConstants.ACTION_ID,
+                    XACMLConstants.XS_STRING,
+                    null,
+                    Collections.singletonList(actionAttributeValue)
+            );
+        attributes.clear();
+        attributes.add(actionAttribute);
+        ActionType action = RequestComponentBuilder.createActionType(attributes);
+        
+        // Request
+        RequestType request = 
+            RequestComponentBuilder.createRequestType(
+                    Collections.singletonList(subject), 
+                    Collections.singletonList(resource), 
+                    action, 
+                    null
+            );
+        
+        //
+        // Create SAML wrapper
+        //
+        
+        XACMLAuthzDecisionQueryType authzQuery = 
+            SamlRequestComponentBuilder.createAuthzDecisionQuery(
+                    "Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS
+            );
+        
+        Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
+        // String outputString = DOM2Writer.nodeToString(policyElement);
+        assertNotNull(policyElement);
+    }
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java
new file mode 100644
index 0000000..7c6589c
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.security.LoginSecurityContext;
+import org.apache.cxf.security.SecurityContext;
+
+
+/**
+ * Some unit tests to test the AbstractXACMLAuthorizingInterceptor.
+ */
+public class XACMLAuthorizingInterceptorTest extends org.junit.Assert {
+    
+    static {
+        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
+    }
+
+    @org.junit.Test
+    public void testPermit() throws Exception {
+        // Mock up a Security Context
+        SecurityContext sc = createSecurityContext("alice", "manager");
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURI = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URI, resourceURI);
+        msg.put(SecurityContext.class, sc);
+        
+        PolicyDecisionPoint pdp = new DummyPDP();
+        XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
+        authorizingInterceptor.handleMessage(msg);
+    }
+    
+    @org.junit.Test
+    public void testDeny() throws Exception {
+        // Mock up a Security Context
+        SecurityContext sc = createSecurityContext("alice", "boss");
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURI = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URI, resourceURI);
+        msg.put(SecurityContext.class, sc);
+        
+        PolicyDecisionPoint pdp = new DummyPDP();
+        XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
+        
+        try {
+            authorizingInterceptor.handleMessage(msg);
+            fail("Failure expected on deny");
+        } catch (Exception ex) {
+            // Failure expected
+        }
+    }
+    
+    private SecurityContext createSecurityContext(final String user, final String role) {
+        return new LoginSecurityContext() {
+
+            @Override
+            public Principal getUserPrincipal() {
+                return new Principal() {
+                    public String getName() {
+                        return user;
+                    }
+                };
+            }
+
+            @Override
+            public boolean isUserInRole(String role) {
+                return false;
+            }
+
+            @Override
+            public Subject getSubject() {
+                return null;
+            }
+
+            @Override
+            public Set<Principal> getUserRoles() {
+                Set<Principal> principals = new HashSet<Principal>();
+                principals.add(new Principal() {
+                    public String getName() {
+                        return role;
+                    }
+                });
+                return principals;
+            }
+            
+        };
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java
new file mode 100644
index 0000000..cefa37a
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java
@@ -0,0 +1,308 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResourceType;
+
+
+/**
+ * Some unit tests to create a XACML Request via the XACMLRequestBuilder interface.
+ */
+public class XACMLRequestBuilderTest extends org.junit.Assert {
+    
+    static {
+        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
+    }
+
+    @org.junit.Test
+    public void testXACMLRequestBuilder() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URI, resourceURL);
+        
+        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+    }
+
+    
+    @org.junit.Test
+    public void testAction() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URI, resourceURL);
+        
+        DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request); 
+        
+        String action = 
+            request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
+        assertEquals("execute", action);
+        
+        builder.setAction("write");
+        request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request); 
+        
+        action = 
+            request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
+        assertEquals("write", action);
+    }
+    
+    @org.junit.Test
+    public void testEnvironment() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URL, resourceURL);
+        
+        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+        assertFalse(request.getEnvironment().getAttributes().isEmpty());
+        
+        ((DefaultXACMLRequestBuilder)builder).setSendDateTime(false);
+        request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+        assertTrue(request.getEnvironment().getAttributes().isEmpty());
+    }
+    
+    @org.junit.Test
+    public void testSOAPResource() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URL, resourceURL);
+        
+        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+        
+        List<ResourceType> resources = request.getResources();
+        assertNotNull(resources);
+        assertEquals(1, resources.size());
+        
+        ResourceType resource = resources.get(0);
+        assertEquals(4, resource.getAttributes().size());
+        
+        boolean resourceIdSatisfied = false;
+        boolean soapServiceSatisfied = false;
+        boolean soapOperationSatisfied = false;
+        boolean resourceURISatisfied = false;
+        for (AttributeType attribute : resource.getAttributes()) {
+            String attributeValue = attribute.getAttributeValues().get(0).getValue();
+            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
+                && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals(
+                    attributeValue)) {
+                resourceIdSatisfied = true;
+            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
+                && service.equals(attributeValue)) {
+                soapServiceSatisfied = true;
+            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
+                && operation.equals(attributeValue)) {
+                soapOperationSatisfied = true;
+            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
+                && resourceURL.equals(attributeValue)) {
+                resourceURISatisfied = true;
+            }
+        }
+        
+        assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
+                   && resourceURISatisfied);
+    }
+    
+    @org.junit.Test
+    public void testSOAPResourceDifferentNamespace() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+        MessageImpl msg = new MessageImpl();
+        msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+        String service = "{http://www.example.org/contract/DoubleItService}DoubleItService";
+        msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URL, resourceURL);
+        
+        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+        
+        List<ResourceType> resources = request.getResources();
+        assertNotNull(resources);
+        assertEquals(1, resources.size());
+        
+        ResourceType resource = resources.get(0);
+        assertEquals(4, resource.getAttributes().size());
+        
+        boolean resourceIdSatisfied = false;
+        boolean soapServiceSatisfied = false;
+        boolean soapOperationSatisfied = false;
+        boolean resourceURISatisfied = false;
+        String expectedResourceId = 
+            service + "#" + operation;
+        for (AttributeType attribute : resource.getAttributes()) {
+            String attributeValue = attribute.getAttributeValues().get(0).getValue();
+            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
+                && expectedResourceId.equals(attributeValue)) {
+                resourceIdSatisfied = true;
+            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
+                && service.equals(attributeValue)) {
+                soapServiceSatisfied = true;
+            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
+                && operation.equals(attributeValue)) {
+                soapOperationSatisfied = true;
+            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
+                && resourceURL.equals(attributeValue)) {
+                resourceURISatisfied = true;
+            }
+        }
+        
+        assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
+                   && resourceURISatisfied);
+    }
+    
+    @org.junit.Test
+    public void testRESTResource() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        MessageImpl msg = new MessageImpl();
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URL, resourceURL);
+        
+        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+        
+        List<ResourceType> resources = request.getResources();
+        assertNotNull(resources);
+        assertEquals(1, resources.size());
+        
+        ResourceType resource = resources.get(0);
+        assertEquals(1, resource.getAttributes().size());
+        
+        for (AttributeType attribute : resource.getAttributes()) {
+            String attributeValue = attribute.getAttributeValues().get(0).getValue();
+            assertEquals(attributeValue, resourceURL);
+        }
+    }
+    
+    @org.junit.Test
+    public void testRESTResourceTruncatedURI() throws Exception {
+        // Mock up a request
+        Principal principal = new Principal() {
+            public String getName() {
+                return "alice";
+            }
+        };
+        
+        MessageImpl msg = new MessageImpl();
+        String resourceURL = "https://localhost:8080/doubleit";
+        msg.put(Message.REQUEST_URL, resourceURL);
+        String resourceURI = "/doubleit";
+        msg.put(Message.REQUEST_URI, resourceURI);
+        
+        XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+        ((DefaultXACMLRequestBuilder)builder).setSendFullRequestURL(false);
+        RequestType request = 
+            builder.createRequest(principal, Collections.singletonList("manager"), msg);
+        assertNotNull(request);
+        
+        List<ResourceType> resources = request.getResources();
+        assertNotNull(resources);
+        assertEquals(1, resources.size());
+        
+        ResourceType resource = resources.get(0);
+        assertEquals(1, resource.getAttributes().size());
+        
+        for (AttributeType attribute : resource.getAttributes()) {
+            String attributeValue = attribute.getAttributeValues().get(0).getValue();
+            assertEquals(attributeValue, resourceURI);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
index d149db1..aac677d 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
@@ -21,20 +21,8 @@ package org.apache.cxf.systest.ws.saml;
 
 import java.util.List;
 
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMResult;
-import javax.xml.transform.dom.DOMSource;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
-import org.apache.cxf.rt.security.saml.xacml.pdp.api.PolicyDecisionPoint;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.cxf.rt.security.saml.xacml2.PolicyDecisionPoint;
 import org.opensaml.core.xml.XMLObjectBuilderFactory;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.xacml.XACMLObjectBuilder;
@@ -59,8 +47,7 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint {
     }
     
     @Override
-    public Source evaluate(Source request) {
-        RequestType requestType = requestSourceToRequestType(request);
+    public ResponseType evaluate(RequestType requestType) {
         
         XMLObjectBuilderFactory builderFactory = 
             XMLObjectProviderRegistrySupport.getBuilderFactory();
@@ -111,33 +98,7 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint {
         ResponseType response = responseTypeBuilder.buildObject();
         response.getResults().add(result);
         
-        return responseType2Source(response);
-    }
-    
-    private RequestType requestSourceToRequestType(Source requestSource) {
-        try {
-            Transformer trans = TransformerFactory.newInstance().newTransformer();
-            DOMResult res = new DOMResult();
-            trans.transform(requestSource, res);
-            Node nd = res.getNode();
-            if (nd instanceof Document) {
-                nd = ((Document)nd).getDocumentElement();
-            }
-            return (RequestType)OpenSAMLUtil.fromDom((Element)nd);
-        } catch (Exception e) {
-            throw new RuntimeException("Error converting pdp response to ResponseType", e);
-        }
-    }
-    
-    private Source responseType2Source(ResponseType response) {
-        Document doc = DOMUtils.createDocument();
-        Element responseElement;
-        try {
-            responseElement = OpenSAMLUtil.toDom(response, doc);
-        } catch (WSSecurityException e) {
-            throw new RuntimeException("Error converting PDP RequestType to Dom", e);
-        }
-        return new DOMSource(responseElement);
+        return response;
     }
     
     private String getSubjectRole(RequestType request) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
index 9d3895f..e0c7c00 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
@@ -230,7 +230,7 @@
         </jaxws:features>
     </jaxws:endpoint>
     <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
-    <bean class="org.apache.cxf.rt.security.saml.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+    <bean class="org.apache.cxf.rt.security.saml.xacml2.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
         <constructor-arg ref="MockPDP"/>
     </bean>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.saml.Server}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">

http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
index 91768b8..6651ff9 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
@@ -253,7 +253,7 @@
         </jaxws:features>
     </jaxws:endpoint>
     <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
-    <bean class="org.apache.cxf.rt.security.saml.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+    <bean class="org.apache.cxf.rt.security.saml.xacml2.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
         <constructor-arg ref="MockPDP"/>
     </bean>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.saml.StaxServer}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">


Mime
View raw message