cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/6] cxf git commit: Adding AppliesTo support
Date Mon, 08 Feb 2016 16:34:46 GMT
Adding AppliesTo support


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ddc0034a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ddc0034a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ddc0034a

Branch: refs/heads/master
Commit: ddc0034a6345578edcd551ec158dd324af7b2eaf
Parents: aef773a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Feb 8 11:58:36 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Feb 8 16:34:01 2016 +0000

----------------------------------------------------------------------
 .../cxf/sts/rest/RESTSecurityTokenService.java  |  5 +-
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 27 +++++++--
 .../cxf/systest/sts/rest/RESTUnitTest.java      | 62 ++++++++++++++++++++
 3 files changed, 87 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index a68194d..3014da3 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -62,7 +62,8 @@ public interface RESTSecurityTokenService {
         MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
     })
     Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String
keyType,
-        @QueryParam("claim") List<String> requestedClaims);
+        @QueryParam("claim") List<String> requestedClaims,
+        @QueryParam("appliesTo") String appliesTo);
     
     @GET
     @Path("ws-trust/{tokenType}")
@@ -70,7 +71,7 @@ public interface RESTSecurityTokenService {
         MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
     })
     Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType")
String keyType,
-        @QueryParam("claim") List<String> requestedClaims);
+        @QueryParam("claim") List<String> requestedClaims, @QueryParam("appliesTo")
String appliesTo);
 
     @POST
     @Produces({

http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index ae454ab..181a05a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -90,9 +90,9 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
     private boolean requestClaimsOptional = true;
 
     @Override
-    public Response getToken(String tokenType, String keyType, List<String> requestedClaims)
{
+    public Response getToken(String tokenType, String keyType, List<String> requestedClaims,
String appliesTo) {
         RequestSecurityTokenResponseType response = 
-            issueToken(tokenType, keyType, requestedClaims);
+            issueToken(tokenType, keyType, requestedClaims, appliesTo);
         
         RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
         
@@ -100,8 +100,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
     }
     
     @Override
-    public Response getTokenViaWSTrust(String tokenType, String keyType, List<String>
requestedClaims) {
-        return getToken(tokenType, keyType, requestedClaims);
+    public Response getTokenViaWSTrust(String tokenType, String keyType, List<String>
requestedClaims, String appliesTo) {
+        return getToken(tokenType, keyType, requestedClaims, appliesTo);
     }
     
     private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType
response) {
@@ -119,7 +119,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
     private RequestSecurityTokenResponseType issueToken(
         String tokenType,
         String keyType,
-        List<String> requestedClaims
+        List<String> requestedClaims,
+        String appliesTo
     ) {
         if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
             tokenType = tokenTypeMap.get(tokenType);
@@ -158,6 +159,22 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
             }
             request.getAny().add(claims);
         }
+        
+        if (appliesTo != null) {
+            String wspNamespace = "http://www.w3.org/ns/ws-policy";
+            Document doc = DOMUtils.createDocument();
+            Element appliesToElement = doc.createElementNS(wspNamespace, "AppliesTo");
+            
+            String addressingNamespace = "http://www.w3.org/2005/08/addressing";
+            Element eprElement = doc.createElementNS(addressingNamespace, "EndpointReference");
+            Element addressElement = doc.createElementNS(addressingNamespace, "Address");
+            addressElement.setTextContent(appliesTo);
+
+            eprElement.appendChild(addressElement);
+            appliesToElement.appendChild(eprElement);
+            
+            request.getAny().add(appliesToElement);
+        }
 
         // OnBehalfOf
         // User Authentication done with JWT or SAML?

http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index de6981c..e0ed538 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -58,6 +58,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
         "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
     private static final String BEARER_KEYTYPE = 
         "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+    private static final String DEFAULT_ADDRESS = 
+        "https://localhost:8081/doubleit/services/doubleittransportsaml1";
     
     static final String STSPORT = allocatePort(STSRESTServer.class);
     
@@ -267,6 +269,66 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testIssueSAML2TokenAppliesTo() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("saml2.0");
+        client.query("appliesTo", DEFAULT_ADDRESS);
+        
+        Response response = client.get();
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
+        
+        // Process the token
+        List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+        assertTrue(assertion.isSigned());
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testIssueSAML2TokenUnknownAppliesTo() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("saml2.0");
+        client.query("appliesTo", "https://localhost:8081/tripleit/");
+        
+        Response response = client.get();
+        try {
+            response.readEntity(Document.class);
+            fail("Failure expected on an unknown AppliesTo address");
+        } catch (Exception ex) {
+            // expected
+        }
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     @org.junit.Ignore
     public void testIssueJWTToken() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();


Mime
View raw message