Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2975B187CF for ; Mon, 9 Nov 2015 19:27:53 +0000 (UTC) Received: (qmail 88144 invoked by uid 500); 9 Nov 2015 19:27:53 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 87944 invoked by uid 500); 9 Nov 2015 19:27:52 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 87891 invoked by uid 99); 9 Nov 2015 19:27:52 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Nov 2015 19:27:52 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 98CC4E05DB; Mon, 9 Nov 2015 19:27:52 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 09 Nov 2015 19:27:52 -0000 Message-Id: <9dd034da8a854e8aa2e8619103846b4d@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/5] cxf git commit: Renaming SAMLRealm so that it can apply for other token types Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 1e82efba0 -> 8516661b6 Renaming SAMLRealm so that it can apply for other token types Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/27151209 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/27151209 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/27151209 Branch: refs/heads/3.1.x-fixes Commit: 27151209eb440ac03876368d443d8df24488cde5 Parents: 1e82efb Author: Colm O hEigeartaigh Authored: Mon Nov 9 11:41:35 2015 +0000 Committer: Colm O hEigeartaigh Committed: Mon Nov 9 19:27:37 2015 +0000 ---------------------------------------------------------------------- .../provider/AbstractSAMLTokenProvider.java | 4 +- .../sts/token/provider/SAMLTokenProvider.java | 28 +-- .../token/provider/jwt/JWTTokenProvider.java | 38 ++-- .../cxf/sts/token/realm/RealmProperties.java | 185 +++++++++++++++++++ .../apache/cxf/sts/token/realm/SAMLRealm.java | 164 +--------------- .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 24 +-- .../claims/mapper/JexlIssueSamlClaimsTest.java | 16 +- .../sts/operation/IssueOnbehalfofUnitTest.java | 16 +- .../sts/operation/IssueSamlClaimsUnitTest.java | 16 +- .../sts/operation/IssueSamlRealmUnitTest.java | 18 +- .../ValidateTokenTransformationUnitTest.java | 16 +- .../token/provider/SAMLProviderRealmTest.java | 69 ++++++- .../renewer/SAMLTokenRenewerRealmTest.java | 16 +- .../SAMLTokenValidatorCachedRealmTest.java | 12 +- .../validator/SAMLTokenValidatorRealmTest.java | 12 +- .../cxf/systest/sts/realms/cxf-sts-saml1.xml | 4 +- .../cxf/systest/sts/realms/cxf-sts-saml2.xml | 2 +- .../systest/sts/issueunit/IssueUnitTest.java | 4 +- .../sts/delegation/cxf-sts-transport.xml | 4 +- .../systest/sts/deployment/cxf-transport.xml | 4 +- .../sts/deployment/stax-cxf-transport.xml | 4 +- .../systest/sts/issuer/cxf-sts-transport.xml | 4 +- 22 files changed, 378 insertions(+), 282 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java index ed33eb8..b5ad4cb 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java @@ -29,7 +29,7 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.sts.STSPropertiesMBean; import org.apache.cxf.sts.SignatureProperties; import org.apache.cxf.sts.request.KeyRequirements; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.saml.SamlAssertionWrapper; @@ -43,7 +43,7 @@ public abstract class AbstractSAMLTokenProvider { protected void signToken( SamlAssertionWrapper assertion, - SAMLRealm samlRealm, + RealmProperties samlRealm, STSPropertiesMBean stsProperties, KeyRequirements keyRequirements ) throws Exception { http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java index aafe972..3d5d762 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java @@ -20,6 +20,7 @@ package org.apache.cxf.sts.token.provider; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -36,7 +37,7 @@ import org.apache.cxf.sts.cache.CacheUtils; import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider; import org.apache.cxf.sts.request.KeyRequirements; import org.apache.cxf.sts.request.TokenRequirements; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.wss4j.common.saml.SAMLCallback; @@ -64,7 +65,7 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke private SubjectProvider subjectProvider = new DefaultSubjectProvider(); private ConditionsProvider conditionsProvider = new DefaultConditionsProvider(); private boolean signToken = true; - private Map realmMap = new HashMap<>(); + private Map realmMap = new HashMap<>(); private SamlCustomHandler samlCustomHandler; /** @@ -262,19 +263,22 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke } /** - * Set the map of realm->SAMLRealm for this token provider - * @param realms the map of realm->SAMLRealm for this token provider + * Set the map of realm->RealmProperties for this token provider + * @param realms the map of realm->RealmProperties for this token provider */ - public void setRealmMap(Map realms) { - this.realmMap = realms; + public void setRealmMap(Map realms) { + this.realmMap.clear(); + if (realms != null) { + this.realmMap.putAll(realms); + } } /** - * Get the map of realm->SAMLRealm for this token provider - * @return the map of realm->SAMLRealm for this token provider + * Get the map of realm->RealmProperties for this token provider + * @return the map of realm->RealmProperties for this token provider */ - public Map getRealmMap() { - return realmMap; + public Map getRealmMap() { + return Collections.unmodifiableMap(realmMap); } public void setSamlCustomHandler(SamlCustomHandler samlCustomHandler) { @@ -285,7 +289,7 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke TokenProviderParameters tokenParameters, byte[] secret, Document doc ) throws Exception { String realm = tokenParameters.getRealm(); - SAMLRealm samlRealm = null; + RealmProperties samlRealm = null; if (realm != null && realmMap.containsKey(realm)) { samlRealm = realmMap.get(realm); } @@ -310,7 +314,7 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke } public SamlCallbackHandler createCallbackHandler( - TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc + TokenProviderParameters tokenParameters, byte[] secret, RealmProperties samlRealm, Document doc ) throws Exception { boolean statementAdded = false; http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java index 573788b..6096649 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java @@ -20,6 +20,7 @@ package org.apache.cxf.sts.token.provider.jwt; import java.security.KeyStore; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.Map; @@ -45,7 +46,7 @@ import org.apache.cxf.sts.request.TokenRequirements; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.Merlin; @@ -60,7 +61,7 @@ public class JWTTokenProvider implements TokenProvider { private static final Logger LOG = LogUtils.getL7dLogger(JWTTokenProvider.class); private boolean signToken = true; - private Map realmMap = new HashMap<>(); + private Map realmMap = new HashMap<>(); private JWTClaimsProvider jwtClaimsProvider = new DefaultJWTClaimsProvider(); /** @@ -165,19 +166,20 @@ public class JWTTokenProvider implements TokenProvider { } /** - * Set the map of realm->SAMLRealm for this token provider - * @param realms the map of realm->SAMLRealm for this token provider + * Set the map of realm->RealmProperties for this token provider + * @param realms the map of realm->RealmProperties for this token provider */ - public void setRealmMap(Map realms) { - this.realmMap = realms; + public void setRealmMap(Map realms) { + this.realmMap.clear(); + this.realmMap.putAll(realms); } /** - * Get the map of realm->SAMLRealm for this token provider - * @return the map of realm->SAMLRealm for this token provider + * Get the map of realm->RealmProperties for this token provider + * @return the map of realm->RealmProperties for this token provider */ - public Map getRealmMap() { - return realmMap; + public Map getRealmMap() { + return Collections.unmodifiableMap(realmMap); } public JWTClaimsProvider getJwtClaimsProvider() { @@ -190,7 +192,7 @@ public class JWTTokenProvider implements TokenProvider { private String signToken( JwtToken token, - SAMLRealm samlRealm, + RealmProperties jwtRealm, STSPropertiesMBean stsProperties, TokenRequirements tokenRequirements ) throws Exception { @@ -204,18 +206,18 @@ public class JWTTokenProvider implements TokenProvider { SignatureProperties signatureProperties = stsProperties.getSignatureProperties(); String alias = stsProperties.getSignatureUsername(); - if (samlRealm != null) { + if (jwtRealm != null) { // If SignatureCrypto configured in realm then // callbackhandler and alias of STSPropertiesMBean is ignored - if (samlRealm.getSignatureCrypto() != null) { + if (jwtRealm.getSignatureCrypto() != null) { LOG.fine("SAMLRealm signature keystore used"); - signatureCrypto = samlRealm.getSignatureCrypto(); - callbackHandler = samlRealm.getCallbackHandler(); - alias = samlRealm.getSignatureAlias(); + signatureCrypto = jwtRealm.getSignatureCrypto(); + callbackHandler = jwtRealm.getCallbackHandler(); + alias = jwtRealm.getSignatureAlias(); } // SignatureProperties can be defined independently of SignatureCrypto - if (samlRealm.getSignatureProperties() != null) { - signatureProperties = samlRealm.getSignatureProperties(); + if (jwtRealm.getSignatureProperties() != null) { + signatureProperties = jwtRealm.getSignatureProperties(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmProperties.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmProperties.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmProperties.java new file mode 100644 index 0000000..3f5112f --- /dev/null +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmProperties.java @@ -0,0 +1,185 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.sts.token.realm; + +import java.util.Properties; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.security.auth.callback.CallbackHandler; + +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.rt.security.utils.SecurityUtils; +import org.apache.cxf.sts.SignatureProperties; +import org.apache.cxf.ws.security.sts.provider.STSException; +import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.ext.WSSecurityException; + + +/** + * This class defines some properties that are associated with a realm for issuing or validating a particular token. + */ +public class RealmProperties { + + private static final Logger LOG = LogUtils.getL7dLogger(RealmProperties.class); + + private String issuer; + private String signatureAlias; + private Crypto signatureCrypto; + private SignatureProperties signatureProperties; + private String signaturePropertiesFile; + private String callbackHandlerClass; + private CallbackHandler callbackHandler; + + /** + * Get the issuer of this realm + * @return the issuer of this realm + */ + public String getIssuer() { + return issuer; + } + + /** + * Set the issuer of this realm + * @param issuer the issuer of this realm + */ + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + /** + * Get the signature alias to use for this realm + * @return the signature alias to use for this realm + */ + public String getSignatureAlias() { + return signatureAlias; + } + + /** + * Set the signature alias to use for this realm + * @param signatureAlias the signature alias to use for this realm + */ + public void setSignatureAlias(String signatureAlias) { + this.signatureAlias = signatureAlias; + } + + /** + * Set the signature Crypto object + * @param signatureCrypto the signature Crypto object + */ + public void setSignatureCrypto(Crypto signatureCrypto) { + this.signatureCrypto = signatureCrypto; + } + + /** + * Set the String corresponding to the signature Properties class + * @param signaturePropertiesFile the String corresponding to the signature properties file + */ + public void setSignaturePropertiesFile(String signaturePropertiesFile) { + this.signaturePropertiesFile = signaturePropertiesFile; + if (LOG.isLoggable(Level.FINE)) { + LOG.fine("Setting signature properties: " + signaturePropertiesFile); + } + } + + /** + * Set the SignatureProperties to use. + * @param signatureProperties the SignatureProperties to use. + */ + public void setSignatureProperties(SignatureProperties signatureProperties) { + this.signatureProperties = signatureProperties; + } + + /** + * Get the SignatureProperties to use. + * @return the SignatureProperties to use. + */ + public SignatureProperties getSignatureProperties() { + return signatureProperties; + } + + + /** + * Get the signature Crypto object + * @return the signature Crypto object + */ + public Crypto getSignatureCrypto() { + if (signatureCrypto == null && signaturePropertiesFile != null) { + Properties sigProperties = SecurityUtils.loadProperties(signaturePropertiesFile); + if (sigProperties == null) { + LOG.fine("Cannot load signature properties using: " + signaturePropertiesFile); + throw new STSException("Configuration error: cannot load signature properties"); + } + try { + signatureCrypto = CryptoFactory.getInstance(sigProperties); + } catch (WSSecurityException ex) { + LOG.fine("Error in loading the signature Crypto object: " + ex.getMessage()); + throw new STSException(ex.getMessage()); + } + } + + return signatureCrypto; + } + + + /** + * Set the CallbackHandler object. + * @param callbackHandler the CallbackHandler object. + */ + public void setCallbackHandler(CallbackHandler callbackHandler) { + this.callbackHandler = callbackHandler; + if (LOG.isLoggable(Level.FINE)) { + LOG.fine("Setting callbackHandler: " + callbackHandler); + } + } + + /** + * Set the String corresponding to the CallbackHandler class. + * @param callbackHandlerClass the String corresponding to the CallbackHandler class. + */ + public void setCallbackHandlerClass(String callbackHandlerClass) { + this.callbackHandlerClass = callbackHandlerClass; + if (LOG.isLoggable(Level.FINE)) { + LOG.fine("Setting callbackHandlerClass: " + callbackHandlerClass); + } + } + + /** + * Get the CallbackHandler object. + * @return the CallbackHandler object. + */ + public CallbackHandler getCallbackHandler() { + if (callbackHandler == null && callbackHandlerClass != null) { + try { + callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass); + if (callbackHandler == null) { + LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass); + throw new STSException("Configuration error: cannot load callback handler"); + } + } catch (Exception ex) { + LOG.fine("Error in loading the callback handler object: " + ex.getMessage()); + throw new STSException(ex.getMessage()); + } + } + return callbackHandler; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java index 37c4ce6..fe2be74 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java @@ -19,168 +19,10 @@ package org.apache.cxf.sts.token.realm; -import java.util.Properties; -import java.util.logging.Level; -import java.util.logging.Logger; - -import javax.security.auth.callback.CallbackHandler; - -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.rt.security.utils.SecurityUtils; -import org.apache.cxf.sts.SignatureProperties; -import org.apache.cxf.ws.security.sts.provider.STSException; -import org.apache.wss4j.common.crypto.Crypto; -import org.apache.wss4j.common.crypto.CryptoFactory; -import org.apache.wss4j.common.ext.WSSecurityException; - - /** - * This class defines some properties that are associated with a realm for the SAMLTokenProvider and - * SAMLTokenValidator. + * Use RealmProperties intead */ -public class SAMLRealm { - - private static final Logger LOG = LogUtils.getL7dLogger(SAMLRealm.class); - - private String issuer; - private String signatureAlias; - private Crypto signatureCrypto; - private SignatureProperties signatureProperties; - private String signaturePropertiesFile; - private String callbackHandlerClass; - private CallbackHandler callbackHandler; - - /** - * Get the issuer of this SAML realm - * @return the issuer of this SAML realm - */ - public String getIssuer() { - return issuer; - } - - /** - * Set the issuer of this SAML realm - * @param issuer the issuer of this SAML realm - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Get the signature alias to use for this SAML realm - * @return the signature alias to use for this SAML realm - */ - public String getSignatureAlias() { - return signatureAlias; - } - - /** - * Set the signature alias to use for this SAML realm - * @param signatureAlias the signature alias to use for this SAML realm - */ - public void setSignatureAlias(String signatureAlias) { - this.signatureAlias = signatureAlias; - } - - /** - * Set the signature Crypto object - * @param signatureCrypto the signature Crypto object - */ - public void setSignatureCrypto(Crypto signatureCrypto) { - this.signatureCrypto = signatureCrypto; - } - - /** - * Set the String corresponding to the signature Properties class - * @param signaturePropertiesFile the String corresponding to the signature properties file - */ - public void setSignaturePropertiesFile(String signaturePropertiesFile) { - this.signaturePropertiesFile = signaturePropertiesFile; - if (LOG.isLoggable(Level.FINE)) { - LOG.fine("Setting signature properties: " + signaturePropertiesFile); - } - } - - /** - * Set the SignatureProperties to use. - * @param signatureProperties the SignatureProperties to use. - */ - public void setSignatureProperties(SignatureProperties signatureProperties) { - this.signatureProperties = signatureProperties; - } - - /** - * Get the SignatureProperties to use. - * @return the SignatureProperties to use. - */ - public SignatureProperties getSignatureProperties() { - return signatureProperties; - } - - - /** - * Get the signature Crypto object - * @return the signature Crypto object - */ - public Crypto getSignatureCrypto() { - if (signatureCrypto == null && signaturePropertiesFile != null) { - Properties sigProperties = SecurityUtils.loadProperties(signaturePropertiesFile); - if (sigProperties == null) { - LOG.fine("Cannot load signature properties using: " + signaturePropertiesFile); - throw new STSException("Configuration error: cannot load signature properties"); - } - try { - signatureCrypto = CryptoFactory.getInstance(sigProperties); - } catch (WSSecurityException ex) { - LOG.fine("Error in loading the signature Crypto object: " + ex.getMessage()); - throw new STSException(ex.getMessage()); - } - } - - return signatureCrypto; - } - - - /** - * Set the CallbackHandler object. - * @param callbackHandler the CallbackHandler object. - */ - public void setCallbackHandler(CallbackHandler callbackHandler) { - this.callbackHandler = callbackHandler; - if (LOG.isLoggable(Level.FINE)) { - LOG.fine("Setting callbackHandler: " + callbackHandler); - } - } - - /** - * Set the String corresponding to the CallbackHandler class. - * @param callbackHandlerClass the String corresponding to the CallbackHandler class. - */ - public void setCallbackHandlerClass(String callbackHandlerClass) { - this.callbackHandlerClass = callbackHandlerClass; - if (LOG.isLoggable(Level.FINE)) { - LOG.fine("Setting callbackHandlerClass: " + callbackHandlerClass); - } - } - - /** - * Get the CallbackHandler object. - * @return the CallbackHandler object. - */ - public CallbackHandler getCallbackHandler() { - if (callbackHandler == null && callbackHandlerClass != null) { - try { - callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass); - if (callbackHandler == null) { - LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass); - throw new STSException("Configuration error: cannot load callback handler"); - } - } catch (Exception ex) { - LOG.fine("Error in loading the callback handler object: " + ex.getMessage()); - throw new STSException(ex.getMessage()); - } - } - return callbackHandler; - } +@Deprecated +public class SAMLRealm extends RealmProperties { } http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java index 13df377..5075946 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java @@ -23,6 +23,7 @@ import java.security.Principal; import java.security.cert.Certificate; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -47,7 +48,7 @@ import org.apache.cxf.sts.token.provider.AbstractSAMLTokenProvider; import org.apache.cxf.sts.token.provider.ConditionsProvider; import org.apache.cxf.sts.token.provider.DefaultConditionsProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; @@ -85,7 +86,7 @@ public class SAMLTokenRenewer extends AbstractSAMLTokenProvider implements Token private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenRenewer.class); private boolean signToken = true; private ConditionsProvider conditionsProvider = new DefaultConditionsProvider(); - private Map realmMap = new HashMap<>(); + private Map realmMap = new HashMap<>(); private long maxExpiry = DEFAULT_MAX_EXPIRY; // boolean to enable/disable the check of proof of possession private boolean verifyProofOfPossession = true; @@ -265,19 +266,20 @@ public class SAMLTokenRenewer extends AbstractSAMLTokenProvider implements Token } /** - * Set the map of realm->SAMLRealm for this token provider - * @param realms the map of realm->SAMLRealm for this token provider + * Set the map of realm->RealmProperties for this token provider + * @param realms the map of realm->RealmProperties for this token provider */ - public void setRealmMap(Map realms) { - this.realmMap = realms; + public void setRealmMap(Map realms) { + this.realmMap.clear(); + this.realmMap.putAll(realms); } /** - * Get the map of realm->SAMLRealm for this token provider - * @return the map of realm->SAMLRealm for this token provider + * Get the map of realm->RealmProperties for this token provider + * @return the map of realm->RealmProperties for this token provider */ - public Map getRealmMap() { - return realmMap; + public Map getRealmMap() { + return Collections.unmodifiableMap(realmMap); } private void validateAssertion( @@ -426,7 +428,7 @@ public class SAMLTokenRenewer extends AbstractSAMLTokenProvider implements Token if (signToken) { STSPropertiesMBean stsProperties = tokenParameters.getStsProperties(); String realm = tokenParameters.getRealm(); - SAMLRealm samlRealm = null; + RealmProperties samlRealm = null; if (realm != null && realmMap.containsKey(realm)) { samlRealm = realmMap.get(realm); } http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java index f43ba17..219f3f9 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java @@ -64,8 +64,8 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.realm.Relationship; -import org.apache.cxf.sts.token.realm.SAMLRealm; import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec; import org.apache.cxf.sts.token.validator.SAMLTokenValidator; import org.apache.cxf.sts.token.validator.TokenValidator; @@ -124,7 +124,7 @@ public class JexlIssueSamlClaimsTest extends org.junit.Assert { public void testIssueSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims() throws Exception { TokenIssueOperation issueOperation = new TokenIssueOperation(); - Map realms = createSamlRealms(); + Map realms = createSamlRealms(); // Add Token Provider List providerList = new ArrayList(); @@ -203,7 +203,7 @@ public class JexlIssueSamlClaimsTest extends org.junit.Assert { assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER)); } - private RequestSecurityTokenType createRequest(Map realms, Crypto crypto) + private RequestSecurityTokenType createRequest(Map realms, Crypto crypto) throws WSSecurityException { RequestSecurityTokenType request = new RequestSecurityTokenType(); JAXBElement tokenType = new JAXBElement(QNameConstants.TOKEN_TYPE, String.class, @@ -299,13 +299,13 @@ public class JexlIssueSamlClaimsTest extends org.junit.Assert { return claimType; } - private Map createSamlRealms() { + private Map createSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; @@ -315,7 +315,7 @@ public class JexlIssueSamlClaimsTest extends org.junit.Assert { * Mock up an SAML assertion element */ private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, - CallbackHandler callbackHandler, Map realms) throws WSSecurityException { + CallbackHandler callbackHandler, Map realms) throws WSSecurityException { SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); samlTokenProvider.setRealmMap(realms); http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java index 6a2354d..65380cd 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java @@ -33,6 +33,7 @@ import javax.xml.namespace.QName; import org.w3c.dom.Document; import org.w3c.dom.Element; + import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxws.context.WebServiceContextImpl; import org.apache.cxf.jaxws.context.WrappedMessageContext; @@ -63,7 +64,7 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec; import org.apache.cxf.sts.token.validator.SAMLTokenValidator; import org.apache.cxf.sts.token.validator.TokenValidator; @@ -88,7 +89,6 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants; import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.dom.WSConstants; - /** * Some unit tests for the issue operation. */ @@ -920,7 +920,7 @@ public class IssueOnbehalfofUnitTest extends org.junit.Assert { stsProperties.setIdentityMapper(new CustomIdentityMapper()); issueOperation.setStsProperties(stsProperties); - Map realms = createSamlRealms(); + Map realms = createSamlRealms(); // Mock up a request RequestSecurityTokenType request = new RequestSecurityTokenType(); @@ -1224,7 +1224,7 @@ public class IssueOnbehalfofUnitTest extends org.junit.Assert { */ private Element createSAMLAssertion( String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, - Map realms, String keyType + Map realms, String keyType ) throws WSSecurityException { SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); samlTokenProvider.setRealmMap(realms); @@ -1315,13 +1315,13 @@ public class IssueOnbehalfofUnitTest extends org.junit.Assert { return tokenType; } - private Map createSamlRealms() { + private Map createSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java index acd061a..6eb6db6 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java @@ -66,8 +66,8 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.realm.Relationship; -import org.apache.cxf.sts.token.realm.SAMLRealm; import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec; import org.apache.cxf.sts.token.validator.SAMLTokenValidator; import org.apache.cxf.sts.token.validator.TokenValidator; @@ -421,7 +421,7 @@ public class IssueSamlClaimsUnitTest extends org.junit.Assert { throws Exception { TokenIssueOperation issueOperation = new TokenIssueOperation(); - Map realms = createSamlRealms(); + Map realms = createSamlRealms(); // Add Token Provider List providerList = new ArrayList(); @@ -569,7 +569,7 @@ public class IssueSamlClaimsUnitTest extends org.junit.Assert { boolean useGlobalIdentityMapper) throws WSSecurityException { TokenIssueOperation issueOperation = new TokenIssueOperation(); - Map realms = createSamlRealms(); + Map realms = createSamlRealms(); // Add Token Provider List providerList = new ArrayList(); @@ -826,13 +826,13 @@ public class IssueSamlClaimsUnitTest extends org.junit.Assert { return claimValue; } - private Map createSamlRealms() { + private Map createSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; @@ -843,7 +843,7 @@ public class IssueSamlClaimsUnitTest extends org.junit.Assert { */ private Element createSAMLAssertion( String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, - Map realms + Map realms ) throws WSSecurityException { SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java index 6667227..f8badb0 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java @@ -46,7 +46,7 @@ import org.apache.cxf.sts.service.ServiceMBean; import org.apache.cxf.sts.service.StaticService; import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType; @@ -332,8 +332,8 @@ public class IssueSamlRealmUnitTest extends org.junit.Assert { issueOperation.setStsProperties(stsProperties); // Set signature properties in SAMLRealm B - Map samlRealms = provider.getRealmMap(); - SAMLRealm realm = samlRealms.get("B"); + Map samlRealms = provider.getRealmMap(); + RealmProperties realm = samlRealms.get("B"); realm.setSignatureCrypto(crypto); realm.setCallbackHandler(new PasswordCallbackHandler()); @@ -431,8 +431,8 @@ public class IssueSamlRealmUnitTest extends org.junit.Assert { issueOperation.setStsProperties(stsProperties); // Set signature properties in SAMLRealm B - Map samlRealms = provider.getRealmMap(); - SAMLRealm realm = samlRealms.get("B"); + Map samlRealms = provider.getRealmMap(); + RealmProperties realm = samlRealms.get("B"); realm.setSignatureCrypto(CryptoFactory.getInstance(getEncryptionPropertiesPKCS12())); realm.setCallbackHandler(new PasswordCallbackHandler()); @@ -485,12 +485,12 @@ public class IssueSamlRealmUnitTest extends org.junit.Assert { /** * Create some SAML Realms */ - private Map createRealms() { - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + private Map createRealms() { + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java index 857ea55..8ff98c5 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java @@ -61,8 +61,8 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.realm.Relationship; -import org.apache.cxf.sts.token.realm.SAMLRealm; import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec; import org.apache.cxf.sts.token.validator.SAMLTokenValidator; import org.apache.cxf.sts.token.validator.TokenValidator; @@ -325,7 +325,7 @@ public class ValidateTokenTransformationUnitTest extends org.junit.Assert { public void testValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims() throws Exception { TokenValidateOperation validateOperation = new TokenValidateOperation(); - Map realms = createSamlRealms(); + Map realms = createSamlRealms(); // Add Token Provider List providerList = new ArrayList(); @@ -549,7 +549,7 @@ public class ValidateTokenTransformationUnitTest extends org.junit.Assert { boolean useGlobalIdentityMapper) throws WSSecurityException { TokenValidateOperation validateOperation = new TokenValidateOperation(); - Map realms = createSamlRealms(); + Map realms = createSamlRealms(); // Add Token Provider List providerList = new ArrayList(); @@ -715,13 +715,13 @@ public class ValidateTokenTransformationUnitTest extends org.junit.Assert { return stsProperties; } - private Map createSamlRealms() { + private Map createSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; @@ -836,7 +836,7 @@ public class ValidateTokenTransformationUnitTest extends org.junit.Assert { */ private Element createSAMLAssertion( String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, - Map realms + Map realms ) throws WSSecurityException { SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java index 2ef1669..81a763c 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java @@ -33,7 +33,7 @@ import org.apache.cxf.sts.common.PasswordCallbackHandler; import org.apache.cxf.sts.request.KeyRequirements; import org.apache.cxf.sts.request.TokenRequirements; import org.apache.cxf.sts.service.EncryptionProperties; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.ext.WSSecurityException; @@ -57,11 +57,72 @@ public class SAMLProviderRealmTest extends org.junit.Assert { providerParameters.setRealm("A"); // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); + samlRealm.setIssuer("B-Issuer"); + samlRealms.put("B", samlRealm); + ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms); + + // Realm "A" + assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE, "A")); + TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + Element token = (Element)providerResponse.getToken(); + String tokenString = DOM2Writer.nodeToString(token); + assertTrue(tokenString.contains(providerResponse.getTokenId())); + assertTrue(tokenString.contains("A-Issuer")); + assertFalse(tokenString.contains("B-Issuer")); + assertFalse(tokenString.contains("STS")); + + // Realm "B" + providerParameters.setRealm("B"); + assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE, "B")); + providerResponse = samlTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + token = (Element)providerResponse.getToken(); + tokenString = DOM2Writer.nodeToString(token); + assertTrue(tokenString.contains(providerResponse.getTokenId())); + assertFalse(tokenString.contains("A-Issuer")); + assertTrue(tokenString.contains("B-Issuer")); + assertFalse(tokenString.contains("STS")); + + // Default Realm + providerParameters.setRealm(null); + assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE, null)); + providerResponse = samlTokenProvider.createToken(providerParameters); + assertTrue(providerResponse != null); + assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); + + token = (Element)providerResponse.getToken(); + tokenString = DOM2Writer.nodeToString(token); + assertTrue(tokenString.contains(providerResponse.getTokenId())); + assertFalse(tokenString.contains("A-Issuer")); + assertFalse(tokenString.contains("B-Issuer")); + assertTrue(tokenString.contains("STS")); + } + + @SuppressWarnings("deprecation") + @org.junit.Test + public void testRealmsUsingOldRealmClass() throws Exception { + TokenProvider samlTokenProvider = new SAMLTokenProvider(); + TokenProviderParameters providerParameters = + createProviderParameters(WSConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE); + providerParameters.setRealm("A"); + + // Create Realms + Map samlRealms = + new HashMap(); + org.apache.cxf.sts.token.realm.SAMLRealm samlRealm = new org.apache.cxf.sts.token.realm.SAMLRealm(); + samlRealm.setIssuer("A-Issuer"); + samlRealms.put("A", samlRealm); + samlRealm = new org.apache.cxf.sts.token.realm.SAMLRealm(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms); http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java index afee371..6dd4ca8 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java @@ -47,7 +47,7 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.realm.SAMLRealmCodec; import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec; import org.apache.cxf.sts.token.validator.SAMLTokenValidator; @@ -128,7 +128,7 @@ public class SAMLTokenRenewerRealmTest extends org.junit.Assert { TokenRenewer samlTokenRenewer = new SAMLTokenRenewer(); samlTokenRenewer.setVerifyProofOfPossession(false); samlTokenRenewer.setAllowRenewalAfterExpiry(true); - Map samlRealms = getSamlRealms(); + Map samlRealms = getSamlRealms(); ((SAMLTokenRenewer)samlTokenRenewer).setRealmMap(samlRealms); String realm = validatorResponse.getTokenRealm(); assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm)); @@ -201,7 +201,7 @@ public class SAMLTokenRenewerRealmTest extends org.junit.Assert { TokenRenewer samlTokenRenewer = new SAMLTokenRenewer(); samlTokenRenewer.setVerifyProofOfPossession(false); samlTokenRenewer.setAllowRenewalAfterExpiry(true); - Map samlRealms = getSamlRealms(); + Map samlRealms = getSamlRealms(); ((SAMLTokenRenewer)samlTokenRenewer).setRealmMap(samlRealms); String realm = validatorResponse.getTokenRealm(); assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm)); @@ -287,7 +287,7 @@ public class SAMLTokenRenewerRealmTest extends org.junit.Assert { } // Create Realms - Map samlRealms = getSamlRealms(); + Map samlRealms = getSamlRealms(); ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); @@ -297,13 +297,13 @@ public class SAMLTokenRenewerRealmTest extends org.junit.Assert { return (Element)providerResponse.getToken(); } - private Map getSamlRealms() { + private Map getSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java index c12f1c7..94d4b2d 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java @@ -44,7 +44,7 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.realm.SAMLRealmCodec; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.crypto.Crypto; @@ -179,7 +179,7 @@ public class SAMLTokenValidatorCachedRealmTest extends org.junit.Assert { providerParameters.setRealm(realm); // Create Realms - Map samlRealms = getSamlRealms(); + Map samlRealms = getSamlRealms(); ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); @@ -189,13 +189,13 @@ public class SAMLTokenValidatorCachedRealmTest extends org.junit.Assert { return (Element)providerResponse.getToken(); } - private Map getSamlRealms() { + private Map getSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorRealmTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorRealmTest.java index 08e2551..cab5fa7 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorRealmTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorRealmTest.java @@ -43,7 +43,7 @@ import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.sts.token.realm.SAMLRealmCodec; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; @@ -188,7 +188,7 @@ public class SAMLTokenValidatorRealmTest extends org.junit.Assert { providerParameters.setRealm(realm); // Create Realms - Map samlRealms = getSamlRealms(); + Map samlRealms = getSamlRealms(); ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); @@ -198,13 +198,13 @@ public class SAMLTokenValidatorRealmTest extends org.junit.Assert { return (Element)providerResponse.getToken(); } - private Map getSamlRealms() { + private Map getSamlRealms() { // Create Realms - Map samlRealms = new HashMap(); - SAMLRealm samlRealm = new SAMLRealm(); + Map samlRealms = new HashMap(); + RealmProperties samlRealm = new RealmProperties(); samlRealm.setIssuer("A-Issuer"); samlRealms.put("A", samlRealm); - samlRealm = new SAMLRealm(); + samlRealm = new RealmProperties(); samlRealm.setIssuer("B-Issuer"); samlRealms.put("B", samlRealm); return samlRealms; http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml1.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml1.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml1.xml index 2f6a46b..3775534 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml1.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml1.xml @@ -44,11 +44,11 @@ - + - + http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml2.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml2.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml2.xml index 0cd889e..4447d9f 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml2.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/realms/cxf-sts-saml2.xml @@ -44,7 +44,7 @@ - + http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java index d3ea738..fc770a8 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java @@ -45,7 +45,7 @@ import org.apache.cxf.sts.service.EncryptionProperties; import org.apache.cxf.sts.token.provider.SAMLTokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; -import org.apache.cxf.sts.token.realm.SAMLRealm; +import org.apache.cxf.sts.token.realm.RealmProperties; import org.apache.cxf.systest.sts.common.CommonCallbackHandler; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.deployment.STSServer; @@ -554,7 +554,7 @@ public class IssueUnitTest extends AbstractBusClientServerTestBase { */ private Element createSAMLAssertion( String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, - Map realms, String user, String issuer + Map realms, String user, String issuer ) throws WSSecurityException { SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider(); samlTokenProvider.setRealmMap(realms); http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/cxf-sts-transport.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/cxf-sts-transport.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/cxf-sts-transport.xml index d18ac2e..6ed9b6b 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/cxf-sts-transport.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/cxf-sts-transport.xml @@ -83,10 +83,10 @@ https://localhost:(\d)*/doubleit/services/doubleittransport.* - + - + http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml index 0c45652..d5201cc 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml @@ -96,10 +96,10 @@ https://localhost:(\d)*/doubleit/services/doubleittransport.* - + - + http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport.xml index 8972213..9f05ebb 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport.xml @@ -84,10 +84,10 @@ https://localhost:(\d)*/doubleit/services/doubleittransport.* - + - + http://git-wip-us.apache.org/repos/asf/cxf/blob/27151209/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-sts-transport.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-sts-transport.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-sts-transport.xml index 99229cd..762ee45 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-sts-transport.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-sts-transport.xml @@ -84,10 +84,10 @@ https://localhost:(\d)*/doubleit/services/doubleittransport.* - + - +