cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Record older ActAs attributes in the newer token
Date Tue, 25 Oct 2016 12:37:43 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 160618509 -> e6d2a5121


Record older ActAs attributes in the newer token


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cec1a13
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cec1a13
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cec1a13

Branch: refs/heads/master
Commit: 6cec1a13d90d93f26017453836b2d759f7437165
Parents: 1606185
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Oct 25 11:15:02 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Oct 25 11:15:02 2016 +0100

----------------------------------------------------------------------
 .../ActAsAttributeStatementProvider.java        | 30 ++++++
 .../token/provider/SAMLProviderActAsTest.java   | 96 ++++++++++++++++++++
 2 files changed, 126 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6cec1a13/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
index 808cad2..cd0e837 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ActAsAttributeStatementProvider.java
@@ -34,6 +34,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.dom.WSConstants;
+import org.opensaml.core.xml.XMLObject;
 
 /**
  * An AttributeStatementProvider implementation to handle "ActAs". It adds an "ActAs "attribute"
with the name of
@@ -94,6 +95,35 @@ public class ActAsAttributeStatementProvider implements AttributeStatementProvid
             SamlAssertionWrapper wrapper = new SamlAssertionWrapper((Element)parameter);
             SAMLTokenPrincipal principal = new SAMLTokenPrincipalImpl(wrapper);
             parameterBean.addAttributeValue(principal.getName());
+            
+            // Check for other ActAs attributes here + add them in
+            if (wrapper.getSaml2() != null) {
+                for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement 
+                    : wrapper.getSaml2().getAttributeStatements()) {
+                    for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes())
{
+                        if ("ActAs".equals(attribute.getName())) {
+                            for (XMLObject attributeValue : attribute.getAttributeValues())
{
+                                Element attributeValueElement = attributeValue.getDOM();
+                                String text = attributeValueElement.getTextContent();
+                                parameterBean.addAttributeValue(text);
+                            }
+                        }
+                    }
+                }
+            } else if (wrapper.getSaml1() != null) {
+                for (org.opensaml.saml.saml1.core.AttributeStatement attributeStatement 
+                    : wrapper.getSaml1().getAttributeStatements()) {
+                    for (org.opensaml.saml.saml1.core.Attribute attribute : attributeStatement.getAttributes())
{
+                        if ("ActAs".equals(attribute.getAttributeName())) {
+                            for (XMLObject attributeValue : attribute.getAttributeValues())
{
+                                Element attributeValueElement = attributeValue.getDOM();
+                                String text = attributeValueElement.getTextContent();
+                                parameterBean.addAttributeValue(text);
+                            }
+                        }
+                    }
+                }
+            }
         }
 
         return parameterBean;

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cec1a13/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
index 768da57..ad90fe4 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
@@ -288,6 +288,102 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
     }
     
+    @org.junit.Test
+    public void testIncludeOtherActAsAttributesInTheToken() throws Exception {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        
+        UsernameTokenType usernameToken = new UsernameTokenType();
+        AttributedString username = new AttributedString();
+        username.setValue("bob");
+        usernameToken.setUsername(username);
+        JAXBElement<UsernameTokenType> usernameTokenType = 
+            new JAXBElement<UsernameTokenType>(
+                QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
+            );
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(
+                WSConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType
+            );
+        //Principal must be set in ReceivedToken/ActAs
+        providerParameters.getTokenRequirements().getActAs().setPrincipal(
+                new CustomTokenPrincipal(username.getValue()));
+        
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+        
+        // Verify the token
+        Element token = (Element)providerResponse.getToken();
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
+        Assert.assertEquals("technical-user", assertion.getSubjectName());
+        
+        boolean foundActAsAttribute = false;
+        for (org.opensaml.saml.saml1.core.AttributeStatement attributeStatement 
+            : assertion.getSaml1().getAttributeStatements()) {
+            for (org.opensaml.saml.saml1.core.Attribute attribute : attributeStatement.getAttributes())
{
+                if ("ActAs".equals(attribute.getAttributeName())) {
+                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                        Element attributeValueElement = attributeValue.getDOM();
+                        String text = attributeValueElement.getTextContent();
+                        if (text.contains("bob")) {
+                            foundActAsAttribute = true;
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        
+        Assert.assertTrue(foundActAsAttribute);
+        
+        // Now get another token "ActAs" the previous token
+        providerParameters = 
+            createProviderParameters(
+                WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, token
+            );
+        //Principal must be set in ReceivedToken/ActAs
+        providerParameters.getTokenRequirements().getActAs().setPrincipal(
+                new CustomTokenPrincipal("service-A"));
+        providerParameters.setPrincipal(new CustomTokenPrincipal("service-A"));
+        
+        assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+        providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+        
+        // Verify the token
+        token = (Element)providerResponse.getToken();
+        assertion = new SamlAssertionWrapper(token);
+        Assert.assertEquals("service-A", assertion.getSubjectName());
+        
+        String tokenString = DOM2Writer.nodeToString(token);
+        System.out.println(tokenString);
+        
+        boolean foundBob = false;
+        boolean foundTechnical = false;
+        for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement 
+            : assertion.getSaml2().getAttributeStatements()) {
+            for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes())
{
+                if ("ActAs".equals(attribute.getName())) {
+                    for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                        Element attributeValueElement = attributeValue.getDOM();
+                        String text = attributeValueElement.getTextContent();
+                        if (text.contains("bob")) {
+                            foundBob = true;
+                        } else if (text.contains("technical-user")) {
+                            foundTechnical = true;
+                        }
+                    }
+                }
+            }
+        }
+        
+        Assert.assertTrue(foundBob);
+        Assert.assertTrue(foundTechnical);
+    }
+    
     private Element getSAMLAssertion() throws Exception {
         TokenProvider samlTokenProvider = new SAMLTokenProvider();
         TokenProviderParameters providerParameters = 


Mime
View raw message