cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject cxf git commit: Extracted STSAuthParams from STSTokenOutInterceptor
Date Sun, 08 Jan 2017 21:52:42 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 7e952df66 -> a81534d66


Extracted STSAuthParams from STSTokenOutInterceptor


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a81534d6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a81534d6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a81534d6

Branch: refs/heads/master
Commit: a81534d6655e046e7d316e6de38095fe3f4949cb
Parents: 7e952df
Author: Andrei Shakirin <andrei.shakirin@gmail.com>
Authored: Sun Jan 8 22:52:16 2017 +0100
Committer: Andrei Shakirin <andrei.shakirin@gmail.com>
Committed: Sun Jan 8 22:52:16 2017 +0100

----------------------------------------------------------------------
 .../interceptors/STSTokenOutInterceptor.java    | 61 +++++--------
 .../cxf/ws/security/trust/STSAuthParams.java    | 90 ++++++++++++++++++++
 .../apache/cxf/ws/security/trust/STSUtils.java  | 40 ++++++++-
 .../stsclient/STSTokenOutInterceptorTest.java   | 12 +--
 4 files changed, 154 insertions(+), 49 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a81534d6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
index ac71eac..c5a2f7c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
@@ -19,8 +19,6 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
-import java.util.HashMap;
-import java.util.Map;
 import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
@@ -33,30 +31,30 @@ import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSAuthParams;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSTokenRetriever;
 import org.apache.cxf.ws.security.trust.STSTokenRetriever.TokenRequestParams;
+import org.apache.cxf.ws.security.trust.STSUtils;
 
 public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
     private static final Logger LOG = LogUtils.getL7dLogger(STSTokenOutInterceptor.class);
-    private static final String TOKEN_TYPE_SAML_2_0 = 
-        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
     private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
     private static final String WS_TRUST_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-    private static final QName STS_SERVICE_NAME = new QName(WS_TRUST_NS, "SecurityTokenService");
     private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, "X509_Port");
     private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, "Transport_Port");
+    private static final QName UT_ENDPOINT = new QName(WS_TRUST_NS, "UT_Port");
     
     private STSClient stsClient;
     private TokenRequestParams tokenParams;
 
-    public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus)
{
+    public STSTokenOutInterceptor(STSAuthParams authParams, String stsWsdlLocation, Bus bus)
{
         this(Phase.PREPARE_SEND, authParams, stsWsdlLocation, bus);
     }
     
-    public STSTokenOutInterceptor(String phase, AuthParams authParams, String stsWsdlLocation,
Bus bus) {
+    public STSTokenOutInterceptor(String phase, STSAuthParams authParams, String stsWsdlLocation,
Bus bus) {
         super(phase);
-        this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus);
+        this.stsClient = STSUtils.createSTSClient(authParams, stsWsdlLocation, bus);
         this.tokenParams = new TokenRequestParams();
     }
 
@@ -95,9 +93,15 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         return stsClient;
     }
     
+    /**
+     * A enumeration to specify authentication mode in communication with STS.
+     * @deprecated use {@link org.apache.cxf.ws.security.trust.STSAuthParams.AuthMode}
+     */
+    @Deprecated
     public enum AuthMode {
-        X509(X509_ENDPOINT, KEY_TYPE_X509), 
-        TRANSPORT(TRANSPORT_ENDPOINT, null);
+        X509_ASSYMETRIC(X509_ENDPOINT, KEY_TYPE_X509), 
+        UT_TRANSPORT(TRANSPORT_ENDPOINT, null),
+        UT_SYMMETRIC(UT_ENDPOINT, null);
         
         private final QName endpointName;
         private final String keyType;
@@ -116,6 +120,11 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         }
     }
     
+    /**
+     * A class to specify authentication parameters for communication with STS.
+     * @deprecated use {@link org.apache.cxf.ws.security.trust.STSAuthParams}
+     */
+    @Deprecated
     public static class AuthParams {
         private final AuthMode authMode;
         private final String userName;
@@ -152,36 +161,4 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
             return keystoreProperties;
         }
     }
-    
-    private STSClient configureBasicSTSClient(AuthParams authParams, String stsWsdlLocation,
Bus bus) {
-        STSClient basicStsClient = new STSClient(bus);
-        basicStsClient.setWsdlLocation(stsWsdlLocation);
-        basicStsClient.setServiceName(STS_SERVICE_NAME.toString());
-        basicStsClient.setEndpointName(authParams.getAuthMode().endpointName.toString());
-        if (authParams.getAuthMode().getKeyType() != null) {
-            basicStsClient.setKeyType(authParams.getAuthMode().getKeyType());
-        } else {
-            basicStsClient.setSendKeyType(false);
-        }
-        basicStsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
-        basicStsClient.setAllowRenewingAfterExpiry(true);
-        basicStsClient.setEnableLifetime(true);
-
-        Map<String, Object> props = new HashMap<String, Object>();
-        if (authParams.getUserName() != null) {
-            props.put(SecurityConstants.USERNAME, authParams.getUserName());
-        }
-        props.put(SecurityConstants.CALLBACK_HANDLER, authParams.getCallbackHandler());
-        if (authParams.getKeystoreProperties() != null) {
-            props.put(SecurityConstants.ENCRYPT_USERNAME, authParams.getAlias());
-            props.put(SecurityConstants.ENCRYPT_PROPERTIES, authParams.getKeystoreProperties());
-            props.put(SecurityConstants.SIGNATURE_PROPERTIES, authParams.getKeystoreProperties());
-            props.put(SecurityConstants.STS_TOKEN_USERNAME, authParams.getAlias());
-            props.put(SecurityConstants.STS_TOKEN_PROPERTIES, authParams.getKeystoreProperties());
-            props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-        }
-        basicStsClient.setProperties(props);
-        
-        return basicStsClient;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a81534d6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSAuthParams.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSAuthParams.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSAuthParams.java
new file mode 100644
index 0000000..8ea3749
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSAuthParams.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.trust;
+
+import javax.xml.namespace.QName;
+
+/**
+ * Authentication parameters to obtain SAML token from STS.
+ */
+public class STSAuthParams {
+    private static final String WS_TRUST_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+    private static final String KEY_TYPE_X509 = WS_TRUST_NS + "PublicKey";
+    private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, "X509_Port");
+    private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, "Transport_Port");
+    private static final QName UT_ENDPOINT = new QName(WS_TRUST_NS, "UT_Port");
+
+    private final AuthMode authMode;
+    private final String userName;
+    private final String callbackHandler;
+    private final String alias;
+    private final String keystoreProperties;
+    
+    public STSAuthParams(AuthMode authMode, String userName, String callbackHandler) {
+        this(authMode, userName, callbackHandler, null, null);
+    }
+
+    public STSAuthParams(AuthMode authMode, String userName, String callbackHandler, String
alias,
+                      String keystoreProperties) {
+        this.authMode = authMode;
+        this.userName = userName;
+        this.callbackHandler = callbackHandler;
+        this.alias = alias;
+        this.keystoreProperties = keystoreProperties;
+    }
+    
+    public AuthMode getAuthMode() {
+        return authMode;
+    }
+    public String getUserName() {
+        return userName;
+    }
+    public String getCallbackHandler() {
+        return callbackHandler;
+    }
+    public String getAlias() {
+        return alias;
+    }
+    public String getKeystoreProperties() {
+        return keystoreProperties;
+    }
+
+    public enum AuthMode {
+        X509_ASSYMETRIC(X509_ENDPOINT, KEY_TYPE_X509), 
+        UT_TRANSPORT(TRANSPORT_ENDPOINT, null),
+        UT_SYMMETRIC(UT_ENDPOINT, null);
+        
+        private final QName endpointName;
+        private final String keyType;
+        
+        AuthMode(QName endpointName, String keyType) {
+            this.endpointName = endpointName;
+            this.keyType = keyType;
+        }
+        
+        public QName getEndpointName() {
+            return endpointName;
+        }
+
+        public String getKeyType() {
+            return keyType;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a81534d6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
index 3cb4f3a..bd87000 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.ws.security.trust;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import javax.xml.bind.JAXBException;
 import javax.xml.namespace.QName;
 
@@ -77,6 +80,10 @@ public final class STSUtils {
     public static final String TOKEN_TYPE_SCT_05_02 = SCT_NS_05_02 + "/sct";
     public static final String TOKEN_TYPE_SCT_05_12 = SCT_NS_05_12 + "/sct";
 
+    private static final String TOKEN_TYPE_SAML_2_0 = 
+            "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+    private static final QName STS_SERVICE_NAME = new QName(WST_NS_05_12 + "/", "SecurityTokenService");
+
     private STSUtils() {
         //utility class
     }
@@ -181,6 +188,38 @@ public final class STSUtils {
         return client;
     }
     
+    public static STSClient createSTSClient(STSAuthParams authParams, String stsWsdlLocation,
Bus bus) {
+        STSClient basicStsClient = new STSClient(bus);
+        basicStsClient.setWsdlLocation(stsWsdlLocation);
+        basicStsClient.setServiceName(STS_SERVICE_NAME.toString());
+        basicStsClient.setEndpointName(authParams.getAuthMode().getEndpointName().toString());
+        if (authParams.getAuthMode().getKeyType() != null) {
+            basicStsClient.setKeyType(authParams.getAuthMode().getKeyType());
+        } else {
+            basicStsClient.setSendKeyType(false);
+        }
+        basicStsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+        basicStsClient.setAllowRenewingAfterExpiry(true);
+        basicStsClient.setEnableLifetime(true);
+
+        Map<String, Object> props = new HashMap<String, Object>();
+        if (authParams.getUserName() != null) {
+            props.put(SecurityConstants.USERNAME, authParams.getUserName());
+        }
+        props.put(SecurityConstants.CALLBACK_HANDLER, authParams.getCallbackHandler());
+        if (authParams.getKeystoreProperties() != null) {
+            props.put(SecurityConstants.ENCRYPT_USERNAME, authParams.getAlias());
+            props.put(SecurityConstants.ENCRYPT_PROPERTIES, authParams.getKeystoreProperties());
+            props.put(SecurityConstants.SIGNATURE_PROPERTIES, authParams.getKeystoreProperties());
+            props.put(SecurityConstants.STS_TOKEN_USERNAME, authParams.getAlias());
+            props.put(SecurityConstants.STS_TOKEN_PROPERTIES, authParams.getKeystoreProperties());
+            props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+        }
+        basicStsClient.setProperties(props);
+        
+        return basicStsClient;
+    }
+    
     public static String findMEXLocation(EndpointReferenceType ref) {
         if (ref.getMetadata() != null && ref.getMetadata().getAny() != null) {
             for (Object any : ref.getMetadata().getAny()) {
@@ -231,7 +270,6 @@ public final class STSUtils {
         return createSTSEndpoint(bus, namespace, transportId, location, soapVersion, policy,
null, true);
     }     
     
-    
     //CHECKSTYLE:OFF
     private static Endpoint createSTSEndpoint(Bus bus, 
                                              String namespace,

http://git-wip-us.apache.org/repos/asf/cxf/blob/a81534d6/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
index 5a78f3e..8b7ab11 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
@@ -60,9 +60,9 @@ import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor;
-import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthMode;
-import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthParams;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSAuthParams;
+import org.apache.cxf.ws.security.trust.STSAuthParams.AuthMode;
 import org.apache.cxf.ws.security.trust.STSClient;
 
 import org.junit.AfterClass;
@@ -119,8 +119,8 @@ public class STSTokenOutInterceptorTest extends AbstractBusClientServerTestBase
     public void testBasicAsymmetricBinding() throws Exception {
         Bus bus = BusFactory.getThreadDefaultBus();        
         
-        AuthParams authParams = new AuthParams(
-                 AuthMode.X509, 
+        STSAuthParams authParams = new STSAuthParams(
+                 AuthMode.X509_ASSYMETRIC, 
                  null,
                  "org.apache.cxf.systest.sts.common.CommonCallbackHandler",
                  "mystskey",
@@ -145,8 +145,8 @@ public class STSTokenOutInterceptorTest extends AbstractBusClientServerTestBase
         configureDefaultHttpsConnection();
         
         Bus bus = BusFactory.getThreadDefaultBus();  
-        AuthParams authParams = new AuthParams(
-                   AuthMode.TRANSPORT, 
+        STSAuthParams authParams = new STSAuthParams(
+                   AuthMode.UT_TRANSPORT, 
                    "alice",
                    "org.apache.cxf.systest.sts.common.CommonCallbackHandler",
                    null,


Mime
View raw message