cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf-fediz git commit: Adding support to pass the custom STS parameters through on the second call from the IdP
Date Fri, 27 Jan 2017 17:29:13 GMT
Adding support to pass the custom STS parameters through on the second call from the IdP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d049d7a2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d049d7a2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d049d7a2

Branch: refs/heads/master
Commit: d049d7a21337c231eba7a012b1d82e3d26f96c2e
Parents: b8d88d1
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jan 27 17:28:52 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jan 27 17:28:52 2017 +0000

----------------------------------------------------------------------
 .../service/idp/beans/STSClientAction.java      |  18 +++
 systests/custom/pom.xml                         |  48 +++++-
 .../test/java/custom/CustomClaimsHandler.java   | 135 ++++++++++++++++
 .../src/test/resources/realma/idp-servlet.xml   |  40 +++++
 .../custom/src/test/resources/userClaims.xml    | 161 +++++++++++++++++++
 5 files changed, 401 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 0d6c37d..c2a8e26 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -104,6 +104,8 @@ public class STSClientAction {
     private boolean isPortSet;
     
     private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER;
+    
+    private String customSTSParameter;
 
 
     public String getWsdlLocation() {
@@ -172,6 +174,14 @@ public class STSClientAction {
         this.ttl = ttl;
     }
     
+    public String getCustomSTSParameter() {
+        return customSTSParameter;
+    }
+
+    public void setCustomSTSParameter(String customSTSParameter) {
+        this.customSTSParameter = customSTSParameter;
+    }
+    
     /**
      * @param context the webflow request context
      * @param realm The client/application realm
@@ -277,6 +287,14 @@ public class STSClientAction {
             sts.setProperties(properties);
         }
         
+        if (getCustomSTSParameter() != null) {
+            String authRealmParameter = context.getRequestParameters().get(getCustomSTSParameter());
+            LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
+            if (authRealmParameter != null) {
+                sts.setCustomContent(authRealmParameter);
+            }
+        }
+        
         Element rpToken = null;
         try {
             rpToken = sts.requestSecurityTokenResponse(realm);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/pom.xml
----------------------------------------------------------------------
diff --git a/systests/custom/pom.xml b/systests/custom/pom.xml
index b91e849..82ffd18 100644
--- a/systests/custom/pom.xml
+++ b/systests/custom/pom.xml
@@ -77,6 +77,12 @@
             <scope>test</scope>
         </dependency>
         <dependency>
+            <groupId>org.apache.cxf.services.sts</groupId>
+            <artifactId>cxf-services-sts-core</artifactId>
+            <version>${cxf.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
             <groupId>org.apache.cxf.fediz.systests</groupId>
             <artifactId>fediz-systests-tests</artifactId>
             <version>${project.version}</version>
@@ -196,6 +202,26 @@
                         </configuration>            
                     </execution>
                     <execution>
+                        <id>copy-customised-sts-client</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources/realma</directory>
+                                    <includes>
+                                        <include>idp-servlet.xml</include>
+                                    </includes>
+                                    <filtering>false</filtering>
+                                </resource>
+                            </resources>       
+                            <overwrite>true</overwrite>       
+                        </configuration>            
+                    </execution>
+                    <execution>
                         <id>copy-customised-sts-config</id>
                         <phase>generate-test-sources</phase>
                         <goals>
@@ -216,6 +242,26 @@
                         </configuration>            
                     </execution>
                     <execution>
+                        <id>copy-customised-sts-config2</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/data</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources</directory>
+                                    <includes>
+                                        <include>userClaims.xml</include>
+                                    </includes>
+                                    <filtering>false</filtering>
+                                </resource>
+                            </resources>              
+                            <overwrite>true</overwrite>       
+                        </configuration>            
+                    </execution>
+                    <execution>
                         <id>copy-custom-validator</id>
                         <phase>process-test-classes</phase>
                         <goals>
@@ -227,7 +273,7 @@
                                 <resource>
                                     <directory>${basedir}/target/test-classes/custom</directory>
                                     <includes>
-                                        <include>CustomUTValidator.class</include>
+                                        <include>*.class</include>
                                     </includes>
                                     <filtering>false</filtering>
                                 </resource>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/src/test/java/custom/CustomClaimsHandler.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/custom/CustomClaimsHandler.java b/systests/custom/src/test/java/custom/CustomClaimsHandler.java
new file mode 100644
index 0000000..fa4ddee
--- /dev/null
+++ b/systests/custom/src/test/java/custom/CustomClaimsHandler.java
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package custom;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.ProcessedClaim;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+import org.apache.wss4j.common.util.XMLUtils;
+
+/**
+ * A custom ClaimsHandler implementation for use with "userClaims.xml"
+ */
+public class CustomClaimsHandler implements ClaimsHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(CustomClaimsHandler.class);
+    
+    private Map<String, Map<String, String>> userClaims;
+    private List<URI> supportedClaims;
+    private String realm;
+
+    public void setUserClaims(Map<String, Map<String, String>> userClaims) {
+        this.userClaims = userClaims;
+    }
+
+    public Map<String, Map<String, String>> getUserClaims() {
+        return userClaims;
+    }
+    
+    public void setSupportedClaims(List<URI> supportedClaims) {
+        this.supportedClaims = supportedClaims;
+    }
+    
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+
+    public String getRealm() {
+        return realm;
+    }
+    
+    @Override
+    public List<URI> getSupportedClaimTypes() {
+        return Collections.unmodifiableList(this.supportedClaims);
+    }
+    
+
+    @Override
+    public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims,
+            ClaimsParameters parameters) {
+        
+        // Insist that a "realm" Custom Content is available in the RST with a value equal
to "custom-realm"
+        List<Element> customContent = parameters.getTokenRequirements().getCustomContent();
+        boolean foundRealm = false;
+        for (Element customContentElement : customContent) {
+            Element customRealm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom");
+            if (customRealm != null) {
+                String realmStr = customRealm.getTextContent();
+                if ("custom-realm".equals(realmStr)) {
+                    foundRealm = true;
+                    break;
+                }
+            }
+        }
+        
+        if (!foundRealm || parameters.getRealm() == null || !parameters.getRealm().equalsIgnoreCase(getRealm()))
{
+            LOG.fine("Realm '" + parameters.getRealm() + "' doesn't match with configured
realm '" + getRealm() + "'");
+            return new ProcessedClaimCollection();
+        }
+        if (getUserClaims() == null || parameters.getPrincipal() == null) {
+            return new ProcessedClaimCollection();
+        }
+
+        if (claims == null || claims.size() == 0) {
+            LOG.fine("No claims requested");
+            return new ProcessedClaimCollection();
+        }
+
+        Map<String, String> claimMap = getUserClaims().get(parameters.getPrincipal().getName());
+        if (claimMap == null || claimMap.size() == 0) {
+            LOG.fine("Claims requested for principal '" + parameters.getPrincipal().getName()
+                     + "' but not found");
+            return new ProcessedClaimCollection();
+        }
+        LOG.fine("Claims found for principal '" + parameters.getPrincipal().getName() + "'");
+
+        if (claims.size() > 0) {
+            ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
+            for (Claim requestClaim : claims) { 
+                String claimValue = claimMap.get(requestClaim.getClaimType().toString());
+                if (claimValue != null) {
+                    ProcessedClaim claim = new ProcessedClaim();
+                    claim.setClaimType(requestClaim.getClaimType());
+                    claim.setIssuer("Test Issuer");
+                    claim.setOriginalIssuer("Original Issuer");
+                    claim.addValue(claimValue);
+                    claimCollection.add(claim);
+                }   
+            }
+            return claimCollection;
+        }
+        return null;
+
+    }
+
+
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/src/test/resources/realma/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/realma/idp-servlet.xml b/systests/custom/src/test/resources/realma/idp-servlet.xml
new file mode 100644
index 0000000..fc28a83
--- /dev/null
+++ b/systests/custom/src/test/resources/realma/idp-servlet.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-4.3.xsd">
+
+    <import resource="config/idp-core-servlet.xml" />
+
+    <!-- Define some mutable properties for the IdP -->
+    <context:property-placeholder location="classpath:realm.properties" />
+
+    <bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransport?wsdl"
/>
+        <property name="wsdlEndpoint" value="Transport_Port" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
+        <property name="customSTSParameter" value="auth_realm" />
+    </bean>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/src/test/resources/userClaims.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/userClaims.xml b/systests/custom/src/test/resources/userClaims.xml
new file mode 100644
index 0000000..6032340
--- /dev/null
+++ b/systests/custom/src/test/resources/userClaims.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-4.3.xsd">
+        
+    <util:list id="claimHandlerList">
+        <ref bean="claimsHandlerA" />
+        <ref bean="claimsHandlerB" />
+    </util:list>
+
+    <bean id="claimsHandlerA"
+        class="custom.CustomClaimsHandler">
+        <property name="userClaims" ref="userClaimsREALMA" />
+        <property name="supportedClaims" ref="supportedClaims" />
+        <property name="realm" value="REALMA" />
+    </bean>
+
+    <bean id="claimsHandlerB"
+        class="custom.CustomClaimsHandler">
+        <property name="userClaims" ref="userClaimsREALMB" />
+        <property name="supportedClaims" ref="supportedClaims" />
+        <property name="realm" value="REALMB" />
+    </bean>
+
+    <util:map id="userClaimsREALMA">
+        <entry key="alice" value-ref="REALMA_aliceClaims" />
+        <entry key="CN=alice,OU=Unknown,O=Apache,L=Dublin,ST=Unknown,C=IE" value-ref="REALMA_aliceClaims"
/>
+        <entry key="alice@WS.APACHE.ORG" value-ref="REALMA_aliceClaims" />
+        <entry key="bob" value-ref="REALMA_bobClaims" />
+        <entry key="bob/service.ws.apache.org@WS.APACHE.ORG" value-ref="REALMA_bobClaims"
/>
+        <entry key="ted" value-ref="REALMA_tedClaims" />
+        <entry key="ted@WS.APACHE.ORG" value-ref="REALMA_tedClaims" />
+    </util:map>
+
+    <util:map id="REALMA_aliceClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Alice" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Smith" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="alice@realma.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="User" />
+    </util:map>
+
+    <util:map id="REALMA_bobClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Bob" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Windsor" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="bobwindsor@realma.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="User,Manager,Admin" />
+    </util:map>
+
+    <util:map id="REALMA_tedClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Ted" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Cooper" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="tcooper@realma.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="Secretary" />
+    </util:map>
+
+    <util:map id="userClaimsREALMB">
+        <entry key="ALICE" value-ref="REALMB_aliceClaims" />
+        <entry key="BOB" value-ref="REALMB_bobClaims" />
+        <entry key="TED" value-ref="REALMB_tedClaims" />
+    </util:map>
+
+    <util:map id="REALMB_aliceClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Alice" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Smith" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="alice@realmb.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="USER" />
+    </util:map>
+
+    <util:map id="REALMB_bobClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Bob" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Windsor" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="bobwindsor@realmb.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="USER,MANAGER,ADMIN" />
+    </util:map>
+
+    <util:map id="REALMB_tedClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Ted" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Cooper" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="tcooper@realmb.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="Secretary" />
+    </util:map>
+
+    <util:list id="supportedClaims">
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
+    </util:list>
+
+</beans>


Mime
View raw message