From commits-return-48541-archive-asf-public=cust-asf.ponee.io@cxf.apache.org  Tue Jan 30 11:53:29 2018
Return-Path: <commits-return-48541-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public@eu.ponee.io
Delivered-To: archive-asf-public@eu.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by mx-eu-01.ponee.io (Postfix) with ESMTP id 7371318066D
	for <archive-asf-public@eu.ponee.io>; Tue, 30 Jan 2018 11:53:29 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 6343B160C53; Tue, 30 Jan 2018 10:53:29 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3A05B160C42
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 30 Jan 2018 11:53:28 +0100 (CET)
Received: (qmail 40850 invoked by uid 500); 30 Jan 2018 10:53:27 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 40841 invoked by uid 99); 30 Jan 2018 10:53:27 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Jan 2018 10:53:27 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id 48CF882215; Tue, 30 Jan 2018 10:53:26 +0000 (UTC)
Date: Tue, 30 Jan 2018 10:53:26 +0000
To: "commits@cxf.apache.org" <commits@cxf.apache.org>
Subject: [cxf] branch master updated: Adding custom Claims test using
 OpenSAML APIs
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <151730960621.27950.6132785997825556024@gitbox.apache.org>
From: coheigea@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: cxf
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: 388b202bc40a4697eb619ceaa6c651e5dd1cfc01
X-Git-Newrev: eeab4b986adadb894dc25d9c50b26fdcd28b38ab
X-Git-Rev: eeab4b986adadb894dc25d9c50b26fdcd28b38ab
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new eeab4b9  Adding custom Claims test using OpenSAML APIs
eeab4b9 is described below

commit eeab4b986adadb894dc25d9c50b26fdcd28b38ab
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Tue Jan 30 10:53:11 2018 +0000

    Adding custom Claims test using OpenSAML APIs
---
 .../apache/cxf/systest/sts/claims/ClaimsTest.java  | 30 ++++++++
 .../sts/deployment/CustomClaimsHandler.java        | 23 +++++-
 .../apache/cxf/systest/sts/claims/DoubleIt.wsdl    | 86 ++++++++++++++++++++++
 .../apache/cxf/systest/sts/claims/cxf-client.xml   |  5 ++
 .../apache/cxf/systest/sts/claims/cxf-service.xml  |  9 +++
 .../cxf/systest/sts/claims/stax-cxf-service.xml    | 10 +++
 6 files changed, 161 insertions(+), 2 deletions(-)

diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index e7e58ab..3f3c2d4 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -174,6 +174,36 @@ public class ClaimsTest extends AbstractBusClientServerTestBase {
     }
 
     @org.junit.Test
+    public void testSaml2CustomClaims() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ClaimsTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ClaimsTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2CustomClaimsPort");
+        DoubleItPortType transportClaimsPort =
+            service.getPort(portQName, DoubleItPortType.class);
+
+        updateAddressPort(transportClaimsPort, test.getPort());
+
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
+
+        doubleIt(transportClaimsPort, 25);
+
+        ((java.io.Closeable)transportClaimsPort).close();
+        bus.shutdown(true);
+    }
+
+    @org.junit.Test
     public void testSaml1WrongClaims() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
index 25092b8..e7a717e 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
@@ -28,6 +28,12 @@ import org.apache.cxf.sts.claims.ClaimsHandler;
 import org.apache.cxf.sts.claims.ClaimsParameters;
 import org.apache.cxf.sts.claims.ProcessedClaim;
 import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.opensaml.core.xml.XMLObjectBuilder;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSInteger;
+import org.opensaml.saml.saml2.core.AttributeValue;
 
 /**
  * A custom ClaimsHandler implementation for use in the tests.
@@ -40,6 +46,8 @@ public class CustomClaimsHandler implements ClaimsHandler {
         URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
     public static final URI LANGUAGE =
         URI.create("http://schemas.mycompany.com/claims/language");
+    public static final URI NUMBER =
+        URI.create("http://schemas.mycompany.com/claims/number");
 
     public ProcessedClaimCollection retrieveClaimValues(
             ClaimCollection claims, ClaimsParameters parameters) {
@@ -55,8 +63,18 @@ public class CustomClaimsHandler implements ClaimsHandler {
                     claim.addValue("admin-user");
                 } else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
                     claim.addValue(parameters.getPrincipal().getName());
-                } else if (LANGUAGE.equals(requestClaim.getClaimType())) {
-                    claim.addValue(parameters.getPrincipal().getName());
+                } else if (NUMBER.equals(requestClaim.getClaimType())) {
+                    // Create and add a custom Attribute (Integer)
+                    OpenSAMLUtil.initSamlEngine();
+                    XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
+
+                    XMLObjectBuilder<XSInteger> xsIntegerBuilder =
+                        (XMLObjectBuilder<XSInteger>)builderFactory.getBuilder(XSInteger.TYPE_NAME);
+                    XSInteger attributeValue =
+                        xsIntegerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+                    attributeValue.setValue(5);
+
+                    claim.addValue(attributeValue);
                 }
                 claimCollection.add(claim);
             }
@@ -70,6 +88,7 @@ public class CustomClaimsHandler implements ClaimsHandler {
         list.add(ROLE);
         list.add(GIVEN_NAME);
         list.add(LANGUAGE);
+        list.add(NUMBER);
         return list;
     }
 
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
index a16f990..fdc2a05 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
@@ -49,6 +49,21 @@
             </wsdl:output>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItTransportSAML2CustomClaimsBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2CustomClaimsPolicy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:binding name="DoubleItTransportSAML2ClaimsBinding" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2ClaimsPolicy"/>
         <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -101,6 +116,9 @@
         <wsdl:port name="DoubleItTransportSAML1CustomClaimsPort" binding="tns:DoubleItTransportSAML1CustomClaimsBinding">
             <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1customclaims"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItTransportSAML2CustomClaimsPort" binding="tns:DoubleItTransportSAML2CustomClaimsBinding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2customclaims"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItTransportSAML2ClaimsPort" binding="tns:DoubleItTransportSAML2ClaimsBinding">
             <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2claims"/>
         </wsdl:port>
@@ -247,6 +265,74 @@
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2CustomClaimsPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsam:Addressing wsp:Optional="false">
+                    <wsp:Policy/>
+                </wsam:Addressing>
+                <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                    <sp:RequestSecurityTokenTemplate>
+                                        <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+                                        <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+                                        <t:Claims xmlns:ic="http://schemas.mycompany.com/claims" Dialect="http://schemas.mycompany.com/claims">
+                                            <ic:ClaimType Uri="http://schemas.mycompany.com/claims/number"/>
+                                        </t:Claims>
+                                    </sp:RequestSecurityTokenTemplate>
+                                    <wsp:Policy>
+                                        <sp:RequireInternalReference/>
+                                    </wsp:Policy>
+                                    <sp:Issuer>
+                                        <wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+                                                                                </wsaw:Address>
+                                        <wsaw:Metadata>
+                                            <wsx:Metadata>
+                                                <wsx:MetadataSection>
+                                                    <wsx:MetadataReference>
+                                                        <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+                                                                                                                </wsaw:Address>
+                                                    </wsx:MetadataReference>
+                                                </wsx:MetadataSection>
+                                            </wsx:Metadata>
+                                        </wsaw:Metadata>
+                                    </sp:Issuer>
+                                </sp:IssuedToken>
+                            </wsp:Policy>
+                        </sp:TransportToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDes/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <sp:Wss11>
+                    <wsp:Policy>
+                        <sp:MustSupportRefIssuerSerial/>
+                        <sp:MustSupportRefThumbprint/>
+                        <sp:MustSupportRefEncryptedKey/>
+                    </wsp:Policy>
+                </sp:Wss11>
+                <sp:Trust13>
+                    <wsp:Policy>
+                        <sp:MustSupportIssuedTokens/>
+                        <sp:RequireClientEntropy/>
+                        <sp:RequireServerEntropy/>
+                    </wsp:Policy>
+                </sp:Trust13>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
     <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2ClaimsPolicy">
         <wsp:ExactlyOne>
             <wsp:All>
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
index 2666a8f..55b8c64 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
@@ -49,6 +49,11 @@
             <entry key="security.sts.client" value-ref="stsClient"/>
         </jaxws:properties>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2CustomClaimsPort" createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="security.sts.client" value-ref="stsClient"/>
+        </jaxws:properties>
+    </jaxws:client>
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
index 9ec010d..568762a 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
@@ -37,6 +37,15 @@
             </entry>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2customclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2CustomClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.Server}/doubleit/services/doubleittransportsaml2customclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml2.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.ClaimsValidator"/>
+            </entry>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.Server}/doubleit/services/doubleittransportsaml2claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
index 407c3e7..646523f 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
@@ -39,6 +39,16 @@
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2customclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2CustomClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.StaxServer}/doubleit/services/doubleittransportsaml2customclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml2.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.StaxServer}/doubleit/services/doubleittransportsaml2claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.