cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6521] Updating RS SAML Interceptors to get STS SAML token if available
Date Wed, 05 Aug 2015 15:48:06 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 95e8711bd -> 4800bc8de


[CXF-6521] Updating RS SAML Interceptors to get STS SAML token if available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4800bc8d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4800bc8d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4800bc8d

Branch: refs/heads/master
Commit: 4800bc8de7d7626fab25d8ab775e3da1ecec5007
Parents: 95e8711
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Aug 5 16:47:51 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Aug 5 16:47:51 2015 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/rs/security/saml/SAMLConstants.java |  1 +
 .../org/apache/cxf/rs/security/saml/SAMLUtils.java     | 13 +++++++++++++
 .../cxf/rs/security/saml/SamlFormOutInterceptor.java   | 10 ++--------
 .../cxf/rs/security/saml/SamlHeaderOutInterceptor.java | 10 ++--------
 .../org/apache/cxf/ws/security/SecurityConstants.java  |  1 +
 .../cxf/ws/security/trust/STSTokenRetriever.java       |  2 ++
 6 files changed, 21 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
index d69b004..75458c3 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
@@ -29,6 +29,7 @@ public final class SAMLConstants {
      * SamlHeaderOutInterceptor will use this token instead of creating a new SAML Token.
      */
     public static final String SAML_TOKEN_ELEMENT = "rs-security.saml.token.element";
+    public static final String WS_SAML_TOKEN_ELEMENT = "ws-security.token.element";
     
     private SAMLConstants() {
         // complete

http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index f4ebcb0..1471191 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -24,10 +24,13 @@ import java.util.logging.Logger;
 
 import javax.security.auth.callback.CallbackHandler;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.common.RSSecurityUtils;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
@@ -64,6 +67,16 @@ public final class SAMLUtils {
     
     public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
         try {
+            // Check if the token is already available in the current context;
+            // For example, STS Client can set it up.
+            Element samlToken = 
+                (Element)MessageUtils.getContextualProperty(message, 
+                                                            SAMLConstants.WS_SAML_TOKEN_ELEMENT,
+                                                            SAMLConstants.SAML_TOKEN_ELEMENT);
+            if (samlToken != null) {
+                return new SamlAssertionWrapper(samlToken);
+            }
+            // Finally try to get a self-signed assertion
             CallbackHandler handler = RSSecurityUtils.getCallbackHandler(
                 message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
             return createAssertion(message, handler);

http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
index 62756a9..757003e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
@@ -28,6 +28,7 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
@@ -48,14 +49,7 @@ public class SamlFormOutInterceptor extends AbstractSamlOutInterceptor
{
         }
         
         try {
-            Element samlToken = 
-                (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
-            SamlAssertionWrapper assertionWrapper;
-            if (samlToken != null) {
-                assertionWrapper = new SamlAssertionWrapper(samlToken);
-            } else {
-                assertionWrapper = createAssertion(message);
-            }
+            SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(message);
             
             Document doc = DOMUtils.newDocument();
             Element assertionElement = assertionWrapper.toDOM(doc);

http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
index 29f3b7c..c1e840c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
@@ -28,6 +28,7 @@ import java.util.logging.Logger;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
@@ -42,14 +43,7 @@ public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor
{
     
     public void handleMessage(Message message) throws Fault {
         try {
-            Element samlToken = 
-                (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
-            SamlAssertionWrapper assertionWrapper;
-            if (samlToken != null) {
-                assertionWrapper = new SamlAssertionWrapper(samlToken);
-            } else {
-                assertionWrapper = createAssertion(message);
-            }
+            SamlAssertionWrapper assertionWrapper = createAssertion(message);
             
             Document doc = DOMUtils.newDocument();
             Element assertionElement = assertionWrapper.toDOM(doc);

http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 28702ad..96e1dc2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -496,6 +496,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
     
     public static final String TOKEN = "ws-security.token";
     public static final String TOKEN_ID = "ws-security.token.id";
+    public static final String TOKEN_ELEMENT = "ws-security.token.element";
     
     public static final Set<String> ALL_PROPERTIES;
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
index 5c9c578..c9e5dc0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
@@ -69,12 +69,14 @@ public final class STSTokenRetriever {
         if (cacheIssuedToken) {
             message.getExchange().getEndpoint().put(SecurityConstants.TOKEN, tok);
             message.getExchange().put(SecurityConstants.TOKEN, tok);
+            message.put(SecurityConstants.TOKEN_ELEMENT, tok.getToken());
             message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
             message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID,
                                                           tok.getId());
         } else {
             message.put(SecurityConstants.TOKEN, tok);
             message.put(SecurityConstants.TOKEN_ID, tok.getId());
+            message.put(SecurityConstants.TOKEN_ELEMENT, tok.getToken());
         }
         // ?
         TokenStoreUtils.getTokenStore(message).add(tok);


Mime
View raw message