cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Changing the default to issue tokens rather than WS-Trust responses
Date Fri, 05 Feb 2016 20:39:53 GMT
Changing the default to issue tokens rather than WS-Trust responses


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bbe5e870
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bbe5e870
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bbe5e870

Branch: refs/heads/3.1.x-fixes
Commit: bbe5e870579720272af49b9cea65b8293d5b1f3c
Parents: 194224f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Feb 5 17:53:25 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Feb 5 20:39:45 2016 +0000

----------------------------------------------------------------------
 .../cxf/sts/rest/RESTSecurityTokenService.java  |  8 +++
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 61 ++++++++++++-----
 .../cxf/systest/sts/rest/RESTUnitTest.java      | 71 +++++++++++++++-----
 3 files changed, 107 insertions(+), 33 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index 04cc0f6..a68194d 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -63,6 +63,14 @@ public interface RESTSecurityTokenService {
     })
     Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String
keyType,
         @QueryParam("claim") List<String> requestedClaims);
+    
+    @GET
+    @Path("ws-trust/{tokenType}")
+    @Produces({
+        MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
+    })
+    Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType")
String keyType,
+        @QueryParam("claim") List<String> requestedClaims);
 
     @POST
     @Produces({

http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 393b806..ae454ab 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -45,6 +45,7 @@ import org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
 import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.dom.WSConstants;
 
@@ -90,6 +91,36 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
 
     @Override
     public Response getToken(String tokenType, String keyType, List<String> requestedClaims)
{
+        RequestSecurityTokenResponseType response = 
+            issueToken(tokenType, keyType, requestedClaims);
+        
+        RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
+        
+        return Response.ok(requestedToken.getAny()).build();
+    }
+    
+    @Override
+    public Response getTokenViaWSTrust(String tokenType, String keyType, List<String>
requestedClaims) {
+        return getToken(tokenType, keyType, requestedClaims);
+    }
+    
+    private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType
response) {
+        for (Object obj : response.getAny()) {
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+                if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart()))
{
+                    return (RequestedSecurityTokenType)jaxbElement.getValue();
+                }
+            }
+        }
+        return null;
+    }
+    
+    private RequestSecurityTokenResponseType issueToken(
+        String tokenType,
+        String keyType,
+        List<String> requestedClaims
+    ) {
         if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
             tokenType = tokenTypeMap.get(tokenType);
         }
@@ -141,32 +172,32 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
       //  }
 
         // request.setContext(null);
-        return getToken(Action.ISSUE, request);
+        return processRequest(Action.ISSUE, request);
     }
 
     @Override
     public Response getToken(Action action, RequestSecurityTokenType request) {
-        RequestSecurityTokenResponseType response;
+        RequestSecurityTokenResponseType response = processRequest(action, request);
+        
+        JAXBElement<RequestSecurityTokenResponseType> jaxbResponse = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponse(response);
+
+        return Response.ok(jaxbResponse).build();
+    }
+    
+    private RequestSecurityTokenResponseType processRequest(Action action, 
+                                                            RequestSecurityTokenType request)
{
         switch (action) {
         case VALIDATE:
-            response = validate(request);
-            break;
+            return validate(request);
         case RENEW:
-            response = renew(request);
-            break;
+            return renew(request);
         case CANCEL:
-            response = cancel(request);
-            break;
+            return cancel(request);
         case ISSUE:
         default:
-            response = issueSingle(request);
-            break;
+            return issueSingle(request);
         }
-        
-        JAXBElement<RequestSecurityTokenResponseType> jaxbResponse = 
-            QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponse(response);
-
-        return Response.ok(jaxbResponse).build();
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 7caf0f2..068b4c3 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -25,6 +25,7 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.ws.rs.core.Response;
 import javax.xml.bind.JAXBElement;
 
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import org.apache.cxf.Bus;
@@ -83,23 +84,11 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
         client.path("saml2.0");
         
         Response response = client.get();
-        RequestSecurityTokenResponseType securityResponse = 
-            response.readEntity(RequestSecurityTokenResponseType.class);
-        
-        RequestedSecurityTokenType requestedSecurityToken = null;
-        for (Object obj : securityResponse.getAny()) {
-            if (obj instanceof JAXBElement<?>) {
-                JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
-                if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart()))
{
-                    requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
-                    break;
-                }
-            }
-        }
-        assertNotNull(requestedSecurityToken);
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
         
         // Process the token
-        List<WSSecurityEngineResult> results = processToken(requestedSecurityToken);
+        List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
 
         assertTrue(results != null && results.size() == 1);
         SamlAssertionWrapper assertion = 
@@ -112,6 +101,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    @org.junit.Ignore
     public void testIssueJWTToken() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
@@ -129,7 +119,53 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
         client.get();
     }
     
-    private List<WSSecurityEngineResult> processToken(RequestedSecurityTokenType securityResponse)
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testIssueSAML2TokenViaWSTrust() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("saml2.0");
+        
+        Response response = client.get();
+        RequestSecurityTokenResponseType securityResponse = 
+            response.readEntity(RequestSecurityTokenResponseType.class);
+        
+        RequestedSecurityTokenType requestedSecurityToken = null;
+        for (Object obj : securityResponse.getAny()) {
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+                if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart()))
{
+                    requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
+                    break;
+                }
+            }
+        }
+        assertNotNull(requestedSecurityToken);
+        
+        // Process the token
+        List<WSSecurityEngineResult> results = 
+            processToken((Element)requestedSecurityToken.getAny());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+        assertTrue(assertion.isSigned());
+
+        bus.shutdown(true);
+    }
+    
+    private List<WSSecurityEngineResult> processToken(Element assertionElement)
         throws Exception {
         RequestData requestData = new RequestData();
         requestData.setDisableBSPEnforcement(true);
@@ -140,9 +176,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
         requestData.setSigVerCrypto(crypto);
         
         Processor processor = new SAMLTokenProcessor();
-        Element securityTokenElem = (Element)securityResponse.getAny();
         return processor.handleToken(
-            securityTokenElem, requestData, new WSDocInfo(securityTokenElem.getOwnerDocument())
+            assertionElement, requestData, new WSDocInfo(assertionElement.getOwnerDocument())
         );
     }
     


Mime
View raw message