cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject cxf-fediz git commit: [FEDIZ-168] Support SAML Token without Audience Restriction in Fediz IDP
Date Wed, 01 Jun 2016 13:07:22 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 2d8d8e64e -> e09350a98


[FEDIZ-168] Support SAML Token without Audience Restriction in Fediz IDP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e09350a9
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e09350a9
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e09350a9

Branch: refs/heads/master
Commit: e09350a98cd8e6568b2ed39442494a643a1787bd
Parents: 2d8d8e6
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Wed Jun 1 12:02:43 2016 +0200
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Wed Jun 1 13:02:36 2016 +0200

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/beans/STSClientAction.java   |  2 ++
 .../cxf/fediz/service/idp/domain/Application.java      | 13 ++++++++++++-
 .../service/idp/service/jpa/ApplicationDAOJPAImpl.java |  2 ++
 .../service/idp/service/jpa/ApplicationEntity.java     | 11 +++++++++++
 4 files changed, 27 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e09350a9/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 818c0e3..dbfbed2 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -265,6 +265,8 @@ public class STSClientAction {
         sts.setEnableLifetime(true);
         setLifetime(sts, serviceConfig, realm);
         
+        sts.setEnableAppliesTo(serviceConfig.isEnableAppliesTo());
+        
         sts.setOnBehalfOf(idpToken.getToken());
         if (!(serviceConfig.getProtocol() == null
             || FederationConstants.WS_FEDERATION_NS.equals(serviceConfig.getProtocol())))
{

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e09350a9/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index 63d7a9d..814e342 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -34,7 +34,7 @@ import javax.xml.bind.annotation.XmlType;
 @XmlType(propOrder = {"realm", "role", "serviceDisplayName", "serviceDescription", "protocol",
                       "tokenType", "lifeTime", "encryptionCertificate", "requestedClaims",
                       "policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint",
"id",
-                      "validatingCertificate"})
+                      "validatingCertificate", "enableAppliesTo"})
 public class Application implements Serializable {
         
     private static final long serialVersionUID = 5644327504861846964L;
@@ -85,6 +85,9 @@ public class Application implements Serializable {
     // WS-Policy Namespace for AppliesTo element
     protected String policyNamespace;
     
+    // Request audience restriction in token for this application (default is true)
+    private boolean enableAppliesTo = true;
+    
     private URI href;
     
     //Could be read from Metadata, PassiveRequestorEndpoint
@@ -228,4 +231,12 @@ public class Application implements Serializable {
     public void setValidatingCertificate(String validatingCertificate) {
         this.validatingCertificate = validatingCertificate;
     }
+
+    public boolean isEnableAppliesTo() {
+        return enableAppliesTo;
+    }
+
+    public void setEnableAppliesTo(boolean useAudienceRestriction) {
+        this.enableAppliesTo = useAudienceRestriction;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e09350a9/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
index aa3274f..307e381 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
@@ -202,6 +202,7 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
         entity.setPolicyNamespace(application.getPolicyNamespace());
         entity.setPassiveRequestorEndpoint(application.getPassiveRequestorEndpoint());
         entity.setPassiveRequestorEndpointConstraint(application.getPassiveRequestorEndpointConstraint());
+        entity.setEnableAppliesTo(application.isEnableAppliesTo());
     }
     
     public static Application entity2domain(ApplicationEntity entity, List<String>
expandList) {
@@ -219,6 +220,7 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
         application.setPolicyNamespace(entity.getPolicyNamespace());
         application.setPassiveRequestorEndpoint(entity.getPassiveRequestorEndpoint());
         application.setPassiveRequestorEndpointConstraint(entity.getPassiveRequestorEndpointConstraint());
+        application.setEnableAppliesTo(entity.isEnableAppliesTo());
         
         if (expandList != null && (expandList.contains("all") || expandList.contains("claims")))
{
             for (ApplicationClaimEntity item : entity.getRequestedClaims()) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e09350a9/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
index 7b64712..1397da2 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
@@ -80,6 +80,9 @@ public class ApplicationEntity {
     @Min(value = 1)
     private int lifeTime;
     
+    // Request audience restriction in token for this application (default is true)
+    private boolean enableAppliesTo = true;
+    
     // WS-Policy Namespace in SignIn Response
     private String policyNamespace;
     
@@ -200,4 +203,12 @@ public class ApplicationEntity {
     public void setValidatingCertificate(String validatingCertificate) {
         this.validatingCertificate = validatingCertificate;
     }
+
+    public boolean isEnableAppliesTo() {
+        return enableAppliesTo;
+    }
+
+    public void setEnableAppliesTo(boolean enableAppliesTo) {
+        this.enableAppliesTo = enableAppliesTo;
+    }
 }


Mime
View raw message