cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Morris Jr, David P" <david.p.morris...@lmco.com>
Subject RE: SAMLCallBackHandler callback.setAuthDecisionStatementData
Date Wed, 18 May 2011 19:16:50 GMT
Resolved issue. Need committer to create JIRA issue, review and update WS4J 1.6.x. (Colm?)
- Thanks!!

Changed the following method in org.apache.ws.security.saml.ext.builder. SAML2ComponentBuilder

    /**
     * Create SAML2 AuthorizationDecisionStatement(s)
     *
     * @param decisionData A list of AuthDecisionStatementBean instances
     * @return SAML2 AuthorizationDecisionStatement(s)
     */
    @SuppressWarnings("unchecked")
    public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
        List<AuthDecisionStatementBean> decisionData
    ) {

        List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
        if (authorizationDecisionStatementBuilder == null) {
            authorizationDecisionStatementBuilder =
                (SAMLObjectBuilder<AuthzDecisionStatement>)
                    builderFactory.getBuilder(AuthzDecisionStatement.DEFAULT_ELEMENT_NAME);
        }

        if (decisionData != null && decisionData.size() > 0) {
            for (AuthDecisionStatementBean decisionStatementBean : decisionData) {
                AuthzDecisionStatement authDecision =
                    authorizationDecisionStatementBuilder.buildObject();
                authDecision.setResource(decisionStatementBean.getResource());
                authDecision.setDecision(
                    transformDecisionType(decisionStatementBean.getDecision())
                );

                for (ActionBean actionBean : decisionStatementBean.getActions()) {
                      Action actionElement = createSamlAction(actionBean);
                    authDecision.getActions().add(actionElement);
                }

                //Check for Evidence - Dave Morris
                if (decisionStatementBean.getEvidence()!=null && decisionStatementBean.getEvidence()
instanceof Evidence)
                {
                    authDecision.setEvidence((Evidence)decisionStatementBean.getEvidence());
                }

                authDecisionStatements.add(authDecision);
            }
        }

        return authDecisionStatements;
    }



From: Morris Jr, David P
Sent: Wednesday, May 18, 2011 2:08 PM
To: dev@cxf.apache.org
Subject: SAMLCallBackHandler callback.setAuthDecisionStatementData

Running SOAPUI test, the evidence element is not present. I may need an example. The code
did work with openSAML2.0 and CXF 2.3.x (via interceptors) before SAMLCallBackHandler in CXF
2.4.0 -Thanks!

<saml2:AuthzDecisionStatement>
   <saml2:Action.../>
   <saml2:Evidence...> <!-this is missing -- >
       <saml2:Assertion...>
   </saml2:Evidence>
</saml2:AuthzDecisionStatement>

Environment: CXF 2.4.0, WS4J 1.6.0, Windows XP, Apache Tomcat 7.0.5

Code snippet:

//Build Evidence
EvidenceBuilder evidenceBuilder = new EvidenceBuilder();
Evidence evidence = evidenceBuilder.buildObject();

//Build assertion for Evidence
AssertionBuilder assertionBuilder = new AssertionBuilder();
Assertion assertion = assertionBuilder.buildObject();
assertion.setVersion(SAMLVersion.VERSION_20);

...
authDecisionStatementBean.setEvidence(evidence);

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message