ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1150105 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/saml/ext/bean/ main/java/org/apache/ws/security/saml/ext/builder/ test/java/org/apache/ws/security/common/ test/java/org/apache/ws/security/saml/
Date Sat, 23 Jul 2011 13:49:23 GMT
Author: coheigea
Date: Sat Jul 23 13:49:22 2011
New Revision: 1150105

URL: http://svn.apache.org/viewvc?rev=1150105&view=rev
Log:
[WSS-296] - SubjectLocality is missing from AuthenticationStatementBean
 - Patch applied, thanks.
 - Also added in some tests.

Added:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
Sat Jul 23 13:49:22 2011
@@ -32,6 +32,8 @@ public class AuthenticationStatementBean
     private SubjectBean subject;
     DateTime authenticationInstant;
     private String authenticationMethod;
+    private SubjectLocalityBean subjectLocality;
+    private String sessionIndex;
 
     /**
      * Default constructor
@@ -103,6 +105,42 @@ public class AuthenticationStatementBean
     public void setAuthenticationInstant(DateTime authenticationInstant) {
         this.authenticationInstant = authenticationInstant;
     }
+    
+    /**
+     * Get Subject Locality.
+     * 
+     * @return the subjectLocality
+     */
+    public final SubjectLocalityBean getSubjectLocality() {
+        return subjectLocality;
+    }
+
+    /**
+     * Set Subject Locality.
+     * 
+     * @param subjectLocality the subjectLocality to set
+     */
+    public final void setSubjectLocality(final SubjectLocalityBean subjectLocality) {
+        this.subjectLocality = subjectLocality;
+    }
+    
+    /**
+     * Get the session index.
+     * 
+     * @return the sessionIndex
+     */
+    public final String getSessionIndex() {
+        return sessionIndex;
+    }
+
+    /**
+     * Set the session index.
+     * 
+     * @param sessionIndex the sessionIndex to set
+     */
+    public final void setSessionIndex(final String sessionIndex) {
+        this.sessionIndex = sessionIndex;
+    }
 
     @Override
     public boolean equals(Object o) {
@@ -131,6 +169,18 @@ public class AuthenticationStatementBean
             && !subject.equals(that.subject)) {
             return false;
         }
+        
+        if (subjectLocality == null && that.subjectLocality != null) {
+            return false;
+        } else if (subjectLocality != null && !subjectLocality.equals(that.subjectLocality))
{
+            return false;
+        }
+
+        if (sessionIndex == null && that.sessionIndex != null) {
+            return false;
+        } else if (sessionIndex != null && !sessionIndex.equals(that.sessionIndex))
{
+            return false;
+        }
 
         return true;
     }
@@ -140,6 +190,8 @@ public class AuthenticationStatementBean
         int result = subject != null ? subject.hashCode() : 0;
         result = 31 * result + (authenticationInstant != null ? authenticationInstant.hashCode()
: 0);
         result = 31 * result + (authenticationMethod != null ? authenticationMethod.hashCode()
: 0);
+        result = 31 * result + (subjectLocality != null ? subjectLocality.hashCode() : 0);
+        result = 31 * result + (sessionIndex != null ? sessionIndex.hashCode() : 0);
         return result;
     }
 }

Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java?rev=1150105&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java
(added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java
Sat Jul 23 13:49:22 2011
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.saml.ext.bean;
+
+/**
+ * This class represents a SubjectLocality.
+ */
+public class SubjectLocalityBean {
+
+    /** The ipAddress. */
+    private String ipAddress;
+
+    /** The DNS Address. */
+    private String dnsAddress;
+
+    /**
+     * Default constructor explicitly provided since other constructors would
+     * prevent its automatic creation.
+     */
+    public SubjectLocalityBean() {
+        //
+    }
+
+    /**
+     * Constructor for creating a SubjectLocalityBean with ip and dns addresses.
+     * 
+     * @param ipAddress ip address
+     * @param dnsAddress dns address
+     */
+    public SubjectLocalityBean(final String ipAddress, final String dnsAddress) {
+        this.ipAddress = ipAddress;
+        this.dnsAddress = dnsAddress;
+    }
+
+    /**
+     * Get the ip address.
+     * 
+     * @return the ipAddress
+     */
+    public final String getIpAddress() {
+        return ipAddress;
+    }
+
+    /**
+     * Set the ip address.
+     * 
+     * @param ipAddress the ipAddress to set
+     */
+    public final void setIpAddress(final String ipAddress) {
+        this.ipAddress = ipAddress;
+    }
+
+    /**
+     * Get the dns address.
+     * 
+     * @return the dnsAddress
+     */
+    public final String getDnsAddress() {
+        return dnsAddress;
+    }
+
+    /**
+     * Set the dns address.
+     * 
+     * @param dnsAddress the dnsAddress to set
+     */
+    public final void setDnsAddress(final String dnsAddress) {
+        this.dnsAddress = dnsAddress;
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see java.lang.Object#equals(java.lang.Object)
+     */
+    @Override
+    public boolean equals(final Object o) {
+        if (this == o) {
+            return true;
+        }
+
+        if (!(o instanceof SubjectLocalityBean)) {
+            return false;
+        }
+
+        SubjectLocalityBean that = (SubjectLocalityBean) o;
+
+        if (ipAddress == null && that.ipAddress != null) {
+            return false;
+        } else if (ipAddress != null && !ipAddress.equals(that.ipAddress)) {
+            return false;
+        }
+
+        if (dnsAddress == null && that.dnsAddress != null) {
+            return false;
+        } else if (dnsAddress != null && !dnsAddress.equals(that.dnsAddress)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see java.lang.Object#hashCode()
+     */
+    @Override
+    public int hashCode() {
+        int result = 0;
+        if (ipAddress != null) {
+            result = 31 * result + ipAddress.hashCode();
+        }
+        if (dnsAddress != null) {
+            result = 31 * result + dnsAddress.hashCode();
+        }
+
+        return result;
+    }
+}

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
Sat Jul 23 13:49:22 2011
@@ -29,6 +29,7 @@ import org.apache.ws.security.saml.ext.b
 import org.apache.ws.security.saml.ext.bean.ConditionsBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
 import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
 import org.apache.ws.security.util.UUIDGenerator;
 
 import org.joda.time.DateTime;
@@ -52,6 +53,7 @@ import org.opensaml.saml1.core.Evidence;
 import org.opensaml.saml1.core.NameIdentifier;
 import org.opensaml.saml1.core.Subject;
 import org.opensaml.saml1.core.SubjectConfirmation;
+import org.opensaml.saml1.core.SubjectLocality;
 
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.schema.XSString;
@@ -103,6 +105,8 @@ public class SAML1ComponentBuilder {
     private static SAMLObjectBuilder<Action> actionElementV1Builder;
     
     private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    
+    private static SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
 
     /**
      * Create a new SAML 1.1 assertion
@@ -319,6 +323,10 @@ public class SAML1ComponentBuilder {
             authenticationStatementV1Builder = (SAMLObjectBuilder<AuthenticationStatement>)

                 builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
         }
+        if (subjectLocalityBuilder == null) {
+            subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) 
+                builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME);
+        }
 
         if (authBeans != null && authBeans.size() > 0) {
             for (AuthenticationStatementBean statementBean : authBeans) {
@@ -342,6 +350,16 @@ public class SAML1ComponentBuilder {
                 authenticationStatement.setAuthenticationMethod(
                     transformAuthenticationMethod(statementBean.getAuthenticationMethod())
                 );
+                
+                SubjectLocalityBean subjectLocalityBean = statementBean.getSubjectLocality();
+                if (subjectLocalityBean != null) {
+                    SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+                    subjectLocality.setDNSAddress(subjectLocalityBean.getDnsAddress());
+                    subjectLocality.setIPAddress(subjectLocalityBean.getIpAddress());
+
+                    authenticationStatement.setSubjectLocality(subjectLocality);
+                }
+                
                 authenticationStatements.add(authenticationStatement);
             }
         }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
Sat Jul 23 13:49:22 2011
@@ -28,6 +28,7 @@ import org.apache.ws.security.saml.ext.b
 import org.apache.ws.security.saml.ext.bean.ConditionsBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
 import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
 import org.apache.ws.security.util.UUIDGenerator;
 
 import org.joda.time.DateTime;
@@ -55,6 +56,7 @@ import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.core.SubjectConfirmation;
 import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.SubjectLocality;
 
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.schema.XSString;
@@ -109,6 +111,8 @@ public class SAML2ComponentBuilder {
     private static SAMLObjectBuilder<Action> actionElementBuilder;
     
     private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    
+    private static SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
 
     /**
      * Create a SAML 2 assertion
@@ -253,13 +257,19 @@ public class SAML2ComponentBuilder {
             authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>)

                 builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
         }
+        if (subjectLocalityBuilder == null) {
+            subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>) 
+            builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME);
+        }
         
-
         if (authBeans != null && authBeans.size() > 0) {
             for (AuthenticationStatementBean statementBean : authBeans) {
                 AuthnStatement authnStatement = authnStatementBuilder.buildObject();
                 authnStatement.setAuthnInstant(statementBean.getAuthenticationInstant());
-                //authnStatement.setSessionIndex("b07b804c-7c29-ea16-7300-4f3d6f7928ac");
+                
+                if (statementBean.getSessionIndex() != null) {
+                    authnStatement.setSessionIndex(statementBean.getSessionIndex());
+                }
                 
                 AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
                 authnContextClassRef.setAuthnContextClassRef(
@@ -269,6 +279,15 @@ public class SAML2ComponentBuilder {
                 authnContext.setAuthnContextClassRef(authnContextClassRef);
                 authnStatement.setAuthnContext(authnContext);
 
+                SubjectLocalityBean subjectLocalityBean = statementBean.getSubjectLocality();
+                if (subjectLocalityBean != null) {
+                    SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+                    subjectLocality.setDNSName(subjectLocalityBean.getDnsAddress());
+                    subjectLocality.setAddress(subjectLocalityBean.getIpAddress());
+
+                    authnStatement.setSubjectLocality(subjectLocality);
+                }
+                
                 authnStatements.add(authnStatement);
             }
         }

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
Sat Jul 23 13:49:22 2011
@@ -29,6 +29,7 @@ import org.apache.ws.security.saml.ext.b
 import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
 import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -59,6 +60,8 @@ public abstract class AbstractSAMLCallba
     protected byte[] ephemeralKey = null;
     protected String issuer = null;
     protected String subjectNameIDFormat = null;
+    protected String subjectLocalityIpAddress = null;
+    protected String subjectLocalityDnsAddress = null;
     
     public void setConfirmationMethod(String confMethod) {
         confirmationMethod = confMethod;
@@ -88,6 +91,11 @@ public abstract class AbstractSAMLCallba
         this.subjectNameIDFormat = subjectNameIDFormat;
     }
     
+    public void setSubjectLocality(String ipAddress, String dnsAddress) {
+        this.subjectLocalityIpAddress = ipAddress;
+        this.subjectLocalityDnsAddress = dnsAddress;
+    }
+    
     /**
      * Note that the SubjectBean parameter should be null for SAML2.0
      */
@@ -97,6 +105,12 @@ public abstract class AbstractSAMLCallba
             if (subjectBean != null) {
                 authBean.setSubject(subjectBean);
             }
+            if (subjectLocalityIpAddress != null || subjectLocalityDnsAddress != null) {
+                SubjectLocalityBean subjectLocality = new SubjectLocalityBean();
+                subjectLocality.setIpAddress(subjectLocalityIpAddress);
+                subjectLocality.setDnsAddress(subjectLocalityDnsAddress);
+                authBean.setSubjectLocality(subjectLocality);
+            }
             authBean.setAuthenticationMethod("Password");
             callback.setAuthenticationStatementData(Collections.singletonList(authBean));
         } else if (statement == Statement.ATTR) {

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Sat
Jul 23 13:49:22 2011
@@ -513,6 +513,88 @@ public class SamlTokenTest extends org.j
     }
     
     /**
+     * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion
with
+     * a user-specified SubjectLocality statement.
+     */
+    @org.junit.Test
+    public void testSAML1SubjectLocality() throws Exception {
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.contains("12.34.56.780"));
+        assertTrue(outputString.contains("test-dns"));
+        
+        List<WSSecurityEngineResult> results = verify(unsignedDoc);
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null);
+        assertTrue(!receivedAssertion.isSigned());
+    }
+    
+    /**
+     * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
with
+     * a user-specified SubjectLocality statement.
+     */
+    @org.junit.Test
+    public void testSAML2SubjectLocality() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+        String outputString = 
+            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.contains("12.34.56.780"));
+        assertTrue(outputString.contains("test-dns"));
+        
+        List<WSSecurityEngineResult> results = verify(unsignedDoc);
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null);
+        assertTrue(!receivedAssertion.isSigned());
+    }
+    
+    /**
      * Verifies the soap envelope
      * <p/>
      * 



Mime
View raw message