Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D24E018FBA for ; Mon, 8 Feb 2016 16:34:44 +0000 (UTC) Received: (qmail 96149 invoked by uid 500); 8 Feb 2016 16:34:44 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 96049 invoked by uid 500); 8 Feb 2016 16:34:44 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 95818 invoked by uid 99); 8 Feb 2016 16:34:44 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Feb 2016 16:34:44 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id DCBF3E097A; Mon, 8 Feb 2016 16:34:43 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 08 Feb 2016 16:34:46 -0000 Message-Id: <6cb66339769b48a297dafa5b138b0a58@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [4/6] cxf git commit: Adding AppliesTo support Adding AppliesTo support Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ddc0034a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ddc0034a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ddc0034a Branch: refs/heads/master Commit: ddc0034a6345578edcd551ec158dd324af7b2eaf Parents: aef773a Author: Colm O hEigeartaigh Authored: Mon Feb 8 11:58:36 2016 +0000 Committer: Colm O hEigeartaigh Committed: Mon Feb 8 16:34:01 2016 +0000 ---------------------------------------------------------------------- .../cxf/sts/rest/RESTSecurityTokenService.java | 5 +- .../sts/rest/RESTSecurityTokenServiceImpl.java | 27 +++++++-- .../cxf/systest/sts/rest/RESTUnitTest.java | 62 ++++++++++++++++++++ 3 files changed, 87 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java index a68194d..3014da3 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java @@ -62,7 +62,8 @@ public interface RESTSecurityTokenService { MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType, - @QueryParam("claim") List requestedClaims); + @QueryParam("claim") List requestedClaims, + @QueryParam("appliesTo") String appliesTo); @GET @Path("ws-trust/{tokenType}") @@ -70,7 +71,7 @@ public interface RESTSecurityTokenService { MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType, - @QueryParam("claim") List requestedClaims); + @QueryParam("claim") List requestedClaims, @QueryParam("appliesTo") String appliesTo); @POST @Produces({ http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java index ae454ab..181a05a 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java @@ -90,9 +90,9 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple private boolean requestClaimsOptional = true; @Override - public Response getToken(String tokenType, String keyType, List requestedClaims) { + public Response getToken(String tokenType, String keyType, List requestedClaims, String appliesTo) { RequestSecurityTokenResponseType response = - issueToken(tokenType, keyType, requestedClaims); + issueToken(tokenType, keyType, requestedClaims, appliesTo); RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response); @@ -100,8 +100,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple } @Override - public Response getTokenViaWSTrust(String tokenType, String keyType, List requestedClaims) { - return getToken(tokenType, keyType, requestedClaims); + public Response getTokenViaWSTrust(String tokenType, String keyType, List requestedClaims, String appliesTo) { + return getToken(tokenType, keyType, requestedClaims, appliesTo); } private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) { @@ -119,7 +119,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple private RequestSecurityTokenResponseType issueToken( String tokenType, String keyType, - List requestedClaims + List requestedClaims, + String appliesTo ) { if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) { tokenType = tokenTypeMap.get(tokenType); @@ -158,6 +159,22 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple } request.getAny().add(claims); } + + if (appliesTo != null) { + String wspNamespace = "http://www.w3.org/ns/ws-policy"; + Document doc = DOMUtils.createDocument(); + Element appliesToElement = doc.createElementNS(wspNamespace, "AppliesTo"); + + String addressingNamespace = "http://www.w3.org/2005/08/addressing"; + Element eprElement = doc.createElementNS(addressingNamespace, "EndpointReference"); + Element addressElement = doc.createElementNS(addressingNamespace, "Address"); + addressElement.setTextContent(appliesTo); + + eprElement.appendChild(addressElement); + appliesToElement.appendChild(eprElement); + + request.getAny().add(appliesToElement); + } // OnBehalfOf // User Authentication done with JWT or SAML? http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java index de6981c..e0ed538 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java @@ -58,6 +58,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase { "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"; private static final String BEARER_KEYTYPE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer"; + private static final String DEFAULT_ADDRESS = + "https://localhost:8081/doubleit/services/doubleittransportsaml1"; static final String STSPORT = allocatePort(STSRESTServer.class); @@ -267,6 +269,66 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase { } @org.junit.Test + public void testIssueSAML2TokenAppliesTo() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = RESTUnitTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token"; + WebClient client = WebClient.create(address, busFile.toString()); + + client.type("application/xml").accept("application/xml"); + client.path("saml2.0"); + client.query("appliesTo", DEFAULT_ADDRESS); + + Response response = client.get(); + Document assertionDoc = response.readEntity(Document.class); + assertNotNull(assertionDoc); + + // Process the token + List results = processToken(assertionDoc.getDocumentElement()); + + assertTrue(results != null && results.size() == 1); + SamlAssertionWrapper assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(assertion != null); + assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null); + assertTrue(assertion.isSigned()); + + bus.shutdown(true); + } + + @org.junit.Test + public void testIssueSAML2TokenUnknownAppliesTo() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = RESTUnitTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token"; + WebClient client = WebClient.create(address, busFile.toString()); + + client.type("application/xml").accept("application/xml"); + client.path("saml2.0"); + client.query("appliesTo", "https://localhost:8081/tripleit/"); + + Response response = client.get(); + try { + response.readEntity(Document.class); + fail("Failure expected on an unknown AppliesTo address"); + } catch (Exception ex) { + // expected + } + + bus.shutdown(true); + } + + @org.junit.Test @org.junit.Ignore public void testIssueJWTToken() throws Exception { SpringBusFactory bf = new SpringBusFactory();