ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1150638 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/saml/ext/bean/ main/java/org/apache/ws/security/saml/ext/builder/ test/java/org/apache/ws/security/common/ test/java/org/apache/ws/security/saml/
Date Mon, 25 Jul 2011 11:38:21 GMT
Author: coheigea
Date: Mon Jul 25 11:38:20 2011
New Revision: 1150638

URL: http://svn.apache.org/viewvc?rev=1150638&view=rev
Log:
[WSS-295] - Added support to specify custom (non-String) AttributeValues
 - Added a test-case.

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AttributeBean.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AttributeBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AttributeBean.java?rev=1150638&r1=1150637&r2=1150638&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AttributeBean.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AttributeBean.java
Mon Jul 25 11:38:20 2011
@@ -22,7 +22,6 @@ package org.apache.ws.security.saml.ext.
 import java.util.List;
 import java.util.ArrayList;
 
-
 /**
  * Class SamlAttribute represents an instance of a SAML attribute.
  * <p/>
@@ -33,6 +32,7 @@ public class AttributeBean {
     private String qualifiedName;
     private String nameFormat;
     private List<String> attributeValues;
+    private List<?> customAttributeValues;
 
     /**
      * Constructor SamlAttribute creates a new SamlAttribute instance.
@@ -111,7 +111,7 @@ public class AttributeBean {
     /**
      * Method getAttributeValues returns the attributeValues of this SamlAttribute object.
      *
-     * @return the attributeValues (type Map) of this SamlAttribute object.
+     * @return the attributeValues (type List) of this SamlAttribute object.
      */
     public List<String> getAttributeValues() {
         return attributeValues;
@@ -125,6 +125,25 @@ public class AttributeBean {
     public void setAttributeValues(List<String> attributeValues) {
         this.attributeValues = attributeValues;
     }
+    
+    /**
+     * Method setCustomAttributeValues sets the attributeValues of this SamlAttribute object.
+     * This method allows the user to specify OpenSAML XMLObject attributes.
+     *
+     * @param customAttributeValues the attributeValues of this SamlAttribute object.
+     */
+    public void setCustomAttributeValues(List<?> customAttributeValues) {
+        this.customAttributeValues = customAttributeValues;
+    }
+    
+    /**
+     * Method getCustomAttributeValues returns the attributeValues of this SamlAttribute
object.
+     *
+     * @return the attributeValues (type List) of this SamlAttribute object.
+     */
+    public List<?> getCustomAttributeValues() {
+        return customAttributeValues;
+    }
 
     @Override
     public boolean equals(Object o) {
@@ -139,6 +158,13 @@ public class AttributeBean {
             return false;
         }
         
+        if (customAttributeValues == null && that.customAttributeValues != null)
{
+            return false;
+        } else if (customAttributeValues != null 
+                && !customAttributeValues.equals(that.customAttributeValues)) {
+            return false;
+        }
+        
         if (qualifiedName == null && that.qualifiedName != null) {
             return false;
         } else if (qualifiedName != null && !qualifiedName.equals(that.qualifiedName))
{
@@ -175,6 +201,9 @@ public class AttributeBean {
         if (attributeValues != null) {
             result = 31 * result + attributeValues.hashCode();
         }
+        if (customAttributeValues != null) {
+            result = 31 * result + customAttributeValues.hashCode();
+        }
         return result;
     }
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java?rev=1150638&r1=1150637&r2=1150638&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
Mon Jul 25 11:38:20 2011
@@ -55,6 +55,7 @@ import org.opensaml.saml1.core.Subject;
 import org.opensaml.saml1.core.SubjectConfirmation;
 import org.opensaml.saml1.core.SubjectLocality;
 
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.schema.XSString;
 import org.opensaml.xml.schema.impl.XSStringBuilder;
@@ -411,11 +412,16 @@ public class SAML1ComponentBuilder {
                 attributeStatement.setSubject(attributeSubject);
                 // Add the individual attributes
                 for (AttributeBean values : statementBean.getSamlAttributes()) {
+                    List<?> attributeValues = values.getAttributeValues();
+                    if (attributeValues == null || attributeValues.isEmpty()) {
+                        attributeValues = values.getCustomAttributeValues();
+                    }
+                    
                     Attribute samlAttribute = 
                         createSamlv1Attribute(
                             values.getSimpleName(),
                             values.getQualifiedName(), 
-                            values.getAttributeValues()
+                            attributeValues
                         );
                     attributeStatement.getAttributes().add(samlAttribute);
                 }
@@ -439,7 +445,7 @@ public class SAML1ComponentBuilder {
     public static Attribute createSamlv1Attribute(
         String attributeName, 
         String attributeUrn,
-        List<String> values
+        List<?> values
     ) {
         if (attributeV1Builder == null) {
             attributeV1Builder = (SAMLObjectBuilder<Attribute>) 
@@ -453,11 +459,15 @@ public class SAML1ComponentBuilder {
         attribute.setAttributeName(attributeName);
         attribute.setAttributeNamespace(attributeUrn);
         
-        for (String value : values) {
-            XSString attribute1 = 
-                stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-            attribute1.setValue(value);
-            attribute.getAttributeValues().add(attribute1);
+        for (Object value : values) {
+            if (value instanceof String) {
+                XSString attribute1 = 
+                    stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+                attribute1.setValue((String)value);
+                attribute.getAttributeValues().add(attribute1);
+            } else if (value instanceof XMLObject) {
+                attribute.getAttributeValues().add((XMLObject)value);
+            }
         }
 
         return attribute;
@@ -473,7 +483,8 @@ public class SAML1ComponentBuilder {
     public static List<AuthorizationDecisionStatement> createSamlv1AuthorizationDecisionStatement(
             List<AuthDecisionStatementBean> decisionData) 
         throws org.opensaml.xml.security.SecurityException, WSSecurityException {
-        List<AuthorizationDecisionStatement> authDecisionStatements = new ArrayList();
+        List<AuthorizationDecisionStatement> authDecisionStatements = 
+                new ArrayList<AuthorizationDecisionStatement>();
         if (authorizationDecisionStatementV1Builder == null) {
             authorizationDecisionStatementV1Builder = 
                 (SAMLObjectBuilder<AuthorizationDecisionStatement>) 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1150638&r1=1150637&r2=1150638&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
Mon Jul 25 11:38:20 2011
@@ -58,6 +58,7 @@ import org.opensaml.saml2.core.SubjectCo
 import org.opensaml.saml2.core.SubjectConfirmationData;
 import org.opensaml.saml2.core.SubjectLocality;
 
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.schema.XSString;
 import org.opensaml.xml.schema.impl.XSStringBuilder;
@@ -336,17 +337,22 @@ public class SAML2ComponentBuilder {
      * @return a SAML2 Attribute
      */
     public static Attribute createAttribute(
-        String friendlyName, String name, String nameFormat, List<String> values
+        String friendlyName, String name, String nameFormat, List<?> values
     ) {
         if (stringBuilder == null) {
             stringBuilder = (XSStringBuilder)builderFactory.getBuilder(XSString.TYPE_NAME);
         }
         Attribute attribute = createAttribute(friendlyName, name, nameFormat);
-        for (String value : values) {
-            XSString attributeValue = 
-                stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-            attributeValue.setValue(value);
-            attribute.getAttributeValues().add(attributeValue);
+        
+        for (Object value : values) {
+            if (value instanceof String) {
+                XSString attributeValue = 
+                    stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+                attributeValue.setValue((String)value);
+                attribute.getAttributeValues().add(attributeValue);
+            } else if (value instanceof XMLObject) {
+                attribute.getAttributeValues().add((XMLObject)value);
+            }
         }
 
         return attribute;
@@ -517,12 +523,16 @@ public class SAML2ComponentBuilder {
             for (AttributeStatementBean statementBean : attributeData) {
                 AttributeStatement attributeStatement = attributeStatementBuilder.buildObject();
                 for (AttributeBean values : statementBean.getSamlAttributes()) {
+                    List<?> attributeValues = values.getAttributeValues();
+                    if (attributeValues == null || attributeValues.isEmpty()) {
+                        attributeValues = values.getCustomAttributeValues();
+                    }
                     Attribute samlAttribute = 
                         createAttribute(
                             values.getSimpleName(), 
                             values.getQualifiedName(),
                             values.getNameFormat(),
-                            values.getAttributeValues()
+                            attributeValues
                         );
                     attributeStatement.getAttributes().add(samlAttribute);
                 }
@@ -585,7 +595,8 @@ public class SAML2ComponentBuilder {
     public static List<AuthzDecisionStatement> createAuthorizationDecisionStatement(
         List<AuthDecisionStatementBean> decisionData
     ) {
-        List<AuthzDecisionStatement> authDecisionStatements = new ArrayList();
+        List<AuthzDecisionStatement> authDecisionStatements = 
+                new ArrayList<AuthzDecisionStatement>();
         if (authorizationDecisionStatementBuilder == null) {
             authorizationDecisionStatementBuilder = 
                 (SAMLObjectBuilder<AuthzDecisionStatement>)

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1150638&r1=1150637&r2=1150638&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
Mon Jul 25 11:38:20 2011
@@ -40,6 +40,7 @@ import javax.xml.parsers.DocumentBuilder
 
 import java.security.cert.X509Certificate;
 import java.util.Collections;
+import java.util.List;
 
 /**
  * A base implementation of a Callback Handler for a SAML assertion. By default it creates
an
@@ -63,6 +64,7 @@ public abstract class AbstractSAMLCallba
     protected String subjectLocalityIpAddress = null;
     protected String subjectLocalityDnsAddress = null;
     protected String resource = null;
+    protected List<?> customAttributeValues = null;
     
     public void setConfirmationMethod(String confMethod) {
         confirmationMethod = confMethod;
@@ -101,6 +103,10 @@ public abstract class AbstractSAMLCallba
         this.resource = resource;
     }
     
+    public void setCustomAttributeValues(List<?> customAttributeValues) {
+        this.customAttributeValues = customAttributeValues;
+    }
+    
     /**
      * Note that the SubjectBean parameter should be null for SAML2.0
      */
@@ -125,7 +131,11 @@ public abstract class AbstractSAMLCallba
             }
             AttributeBean attributeBean = new AttributeBean();
             attributeBean.setSimpleName("role");
-            attributeBean.setAttributeValues(Collections.singletonList("user"));
+            if (customAttributeValues != null) {
+                attributeBean.setCustomAttributeValues(customAttributeValues);   
+            } else {
+                attributeBean.setAttributeValues(Collections.singletonList("user"));
+            }
             attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
             callback.setAttributeStatementData(Collections.singletonList(attrBean));
         } else {

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1150638&r1=1150637&r2=1150638&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Mon
Jul 25 11:38:20 2011
@@ -38,8 +38,17 @@ import org.apache.ws.security.saml.ext.S
 import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.util.WSSecurityUtil;
 
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObjectBuilder;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.schema.XSAny;
 import org.w3c.dom.Document;
 
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -635,6 +644,61 @@ public class SamlTokenTest extends org.j
     }
     
     /**
+     * Test that creates, sends and processes an unsigned SAML 2 attribute assertion. The
attributeValue
+     * has a custom XMLObject (not a String) value.
+     */
+    @org.junit.Test
+    @SuppressWarnings("unchecked")
+    public void testSAML2AttrAssertionCustomAttribute() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setIssuer("www.example.com");
+        
+        // Create and add a custom Attribute (conditions Object)
+        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+        
+        SAMLObjectBuilder<Conditions> conditionsV2Builder = 
+                (SAMLObjectBuilder<Conditions>)builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
+        Conditions conditions = conditionsV2Builder.buildObject();
+        DateTime newNotBefore = new DateTime();
+        conditions.setNotBefore(newNotBefore);
+        conditions.setNotOnOrAfter(newNotBefore.plusMinutes(5));
+        
+        XMLObjectBuilder<XSAny> xsAnyBuilder = builderFactory.getBuilder(XSAny.TYPE_NAME);
+        XSAny attributeValue = xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
+        attributeValue.getUnknownXMLObjects().add(conditions);
+        
+        callbackHandler.setCustomAttributeValues(Collections.singletonList(attributeValue));
+
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 2 Attr Assertion (sender vouches):");
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+            LOG.debug(outputString);
+        }
+        
+        List<WSSecurityEngineResult> results = verify(unsignedDoc);
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null);
+        assertTrue(!receivedAssertion.isSigned());
+    }
+    
+    /**
      * Verifies the soap envelope
      * <p/>
      * 



Mime
View raw message