You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/07/17 16:17:10 UTC
[2/5] cxf git commit: Refactoring of XACML code
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java
deleted file mode 100644
index 53cd863..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/RequestComponentBuilderTest.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.joda.time.DateTime;
-import org.opensaml.xacml.ctx.ActionType;
-import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.AttributeValueType;
-import org.opensaml.xacml.ctx.EnvironmentType;
-import org.opensaml.xacml.ctx.RequestType;
-import org.opensaml.xacml.ctx.ResourceType;
-import org.opensaml.xacml.ctx.SubjectType;
-
-
-/**
- * Some unit tests to create a XACML Request using the RequestComponentBuilder.
- */
-public class RequestComponentBuilderTest extends org.junit.Assert {
-
- private DocumentBuilder docBuilder;
- static {
- OpenSAMLUtil.initSamlEngine();
- }
-
- public RequestComponentBuilderTest() throws ParserConfigurationException {
- DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
- docBuilderFactory.setNamespaceAware(true);
- docBuilder = docBuilderFactory.newDocumentBuilder();
- }
-
- @org.junit.Test
- public void testCreateXACMLRequest() throws Exception {
- Document doc = docBuilder.newDocument();
-
- // Subject
- AttributeValueType subjectIdAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "alice-user@apache.org"
- );
- AttributeType subjectIdAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.SUBJECT_ID,
- XACMLConstants.RFC_822_NAME,
- null,
- Collections.singletonList(subjectIdAttributeValue)
- );
-
- AttributeValueType subjectGroupAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "manager"
- );
- AttributeType subjectGroupAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.SUBJECT_ROLE,
- XACMLConstants.XS_ANY_URI,
- "admin-user@apache.org",
- Collections.singletonList(subjectGroupAttributeValue)
- );
- List<AttributeType> attributes = new ArrayList<AttributeType>();
- attributes.add(subjectIdAttribute);
- attributes.add(subjectGroupAttribute);
- SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
-
- // Resource
- AttributeValueType resourceAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "{http://www.example.org/contract/DoubleIt}DoubleIt"
- );
- AttributeType resourceAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.RESOURCE_ID,
- XACMLConstants.XS_STRING,
- null,
- Collections.singletonList(resourceAttributeValue)
- );
- attributes.clear();
- attributes.add(resourceAttribute);
- ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
-
- // Action
- AttributeValueType actionAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "execute"
- );
- AttributeType actionAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.ACTION_ID,
- XACMLConstants.XS_STRING,
- null,
- Collections.singletonList(actionAttributeValue)
- );
- attributes.clear();
- attributes.add(actionAttribute);
- ActionType action = RequestComponentBuilder.createActionType(attributes);
-
- // Request
- RequestType request =
- RequestComponentBuilder.createRequestType(
- Collections.singletonList(subject),
- Collections.singletonList(resource),
- action,
- null
- );
-
- Element policyElement = OpenSAMLUtil.toDom(request, doc);
- // String outputString = DOM2Writer.nodeToString(policyElement);
- assertNotNull(policyElement);
- }
-
- @org.junit.Test
- public void testEnvironment() throws Exception {
- Document doc = docBuilder.newDocument();
-
- // Subject
- AttributeValueType subjectIdAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "alice-user@apache.org"
- );
- AttributeType subjectIdAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.SUBJECT_ID,
- XACMLConstants.RFC_822_NAME,
- null,
- Collections.singletonList(subjectIdAttributeValue)
- );
-
- List<AttributeType> attributes = new ArrayList<AttributeType>();
- attributes.add(subjectIdAttribute);
- SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
-
- // Resource
- AttributeValueType resourceAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "{http://www.example.org/contract/DoubleIt}DoubleIt"
- );
- AttributeType resourceAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.RESOURCE_ID,
- XACMLConstants.XS_STRING,
- null,
- Collections.singletonList(resourceAttributeValue)
- );
- attributes.clear();
- attributes.add(resourceAttribute);
- ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
-
- // Action
- AttributeValueType actionAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "execute"
- );
- AttributeType actionAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.ACTION_ID,
- XACMLConstants.XS_STRING,
- null,
- Collections.singletonList(actionAttributeValue)
- );
- attributes.clear();
- attributes.add(actionAttribute);
- ActionType action = RequestComponentBuilder.createActionType(attributes);
-
- // Environment
- DateTime dateTime = new DateTime();
- AttributeValueType environmentAttributeValue =
- RequestComponentBuilder.createAttributeValueType(dateTime.toString());
- AttributeType environmentAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.CURRENT_DATETIME,
- XACMLConstants.XS_DATETIME,
- null,
- Collections.singletonList(environmentAttributeValue)
- );
- attributes.clear();
- attributes.add(environmentAttribute);
- EnvironmentType environmentType =
- RequestComponentBuilder.createEnvironmentType(attributes);
-
- // Request
- RequestType request =
- RequestComponentBuilder.createRequestType(
- Collections.singletonList(subject),
- Collections.singletonList(resource),
- action,
- environmentType
- );
-
- Element policyElement = OpenSAMLUtil.toDom(request, doc);
- // String outputString = DOM2Writer.nodeToString(policyElement);
- assertNotNull(policyElement);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java
deleted file mode 100644
index 526be4a..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/SamlRequestComponentBuilderTest.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.opensaml.xacml.ctx.ActionType;
-import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.AttributeValueType;
-import org.opensaml.xacml.ctx.RequestType;
-import org.opensaml.xacml.ctx.ResourceType;
-import org.opensaml.xacml.ctx.SubjectType;
-import org.opensaml.xacml.profile.saml.SAMLProfileConstants;
-import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;
-
-
-/**
- * Some unit tests for creating a SAML XACML Request.
- */
-public class SamlRequestComponentBuilderTest extends org.junit.Assert {
-
- private DocumentBuilder docBuilder;
- static {
- OpenSAMLUtil.initSamlEngine();
- }
-
- public SamlRequestComponentBuilderTest() throws ParserConfigurationException {
- DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
- docBuilderFactory.setNamespaceAware(true);
- docBuilder = docBuilderFactory.newDocumentBuilder();
- }
-
- @org.junit.Test
- public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
- Document doc = docBuilder.newDocument();
-
- //
- // Create XACML request
- //
-
- // Subject
- AttributeValueType subjectIdAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "alice-user@apache.org"
- );
- AttributeType subjectIdAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.SUBJECT_ID,
- XACMLConstants.RFC_822_NAME,
- null,
- Collections.singletonList(subjectIdAttributeValue)
- );
-
- AttributeValueType subjectGroupAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "manager"
- );
- AttributeType subjectGroupAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.SUBJECT_ROLE,
- XACMLConstants.XS_ANY_URI,
- "admin-user@apache.org",
- Collections.singletonList(subjectGroupAttributeValue)
- );
- List<AttributeType> attributes = new ArrayList<AttributeType>();
- attributes.add(subjectIdAttribute);
- attributes.add(subjectGroupAttribute);
- SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
-
- // Resource
- AttributeValueType resourceAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "{http://www.example.org/contract/DoubleIt}DoubleIt"
- );
- AttributeType resourceAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.RESOURCE_ID,
- XACMLConstants.XS_STRING,
- null,
- Collections.singletonList(resourceAttributeValue)
- );
- attributes.clear();
- attributes.add(resourceAttribute);
- ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
-
- // Action
- AttributeValueType actionAttributeValue =
- RequestComponentBuilder.createAttributeValueType(
- "execute"
- );
- AttributeType actionAttribute =
- RequestComponentBuilder.createAttributeType(
- XACMLConstants.ACTION_ID,
- XACMLConstants.XS_STRING,
- null,
- Collections.singletonList(actionAttributeValue)
- );
- attributes.clear();
- attributes.add(actionAttribute);
- ActionType action = RequestComponentBuilder.createActionType(attributes);
-
- // Request
- RequestType request =
- RequestComponentBuilder.createRequestType(
- Collections.singletonList(subject),
- Collections.singletonList(resource),
- action,
- null
- );
-
- //
- // Create SAML wrapper
- //
-
- XACMLAuthzDecisionQueryType authzQuery =
- SamlRequestComponentBuilder.createAuthzDecisionQuery(
- "Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS
- );
-
- Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
- // String outputString = DOM2Writer.nodeToString(policyElement);
- assertNotNull(policyElement);
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java
deleted file mode 100644
index 30fb821..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptorTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.apache.cxf.rt.security.saml.xacml.pdp.api.PolicyDecisionPoint;
-import org.apache.cxf.security.LoginSecurityContext;
-import org.apache.cxf.security.SecurityContext;
-
-
-/**
- * Some unit tests to test the AbstractXACMLAuthorizingInterceptor.
- */
-public class XACMLAuthorizingInterceptorTest extends org.junit.Assert {
-
- static {
- org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
- }
-
- @SuppressWarnings("deprecation")
- @org.junit.Test
- public void testPermit() throws Exception {
- // Mock up a Security Context
- SecurityContext sc = createSecurityContext("alice", "manager");
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURI = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URI, resourceURI);
- msg.put(SecurityContext.class, sc);
-
- PolicyDecisionPoint pdp = new DummyPDP();
- XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
- authorizingInterceptor.handleMessage(msg);
- }
-
- @SuppressWarnings("deprecation")
- @org.junit.Test
- public void testDeny() throws Exception {
- // Mock up a Security Context
- SecurityContext sc = createSecurityContext("alice", "boss");
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURI = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URI, resourceURI);
- msg.put(SecurityContext.class, sc);
-
- PolicyDecisionPoint pdp = new DummyPDP();
- XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
-
- try {
- authorizingInterceptor.handleMessage(msg);
- fail("Failure expected on deny");
- } catch (Exception ex) {
- // Failure expected
- }
- }
-
- private SecurityContext createSecurityContext(final String user, final String role) {
- return new LoginSecurityContext() {
-
- @Override
- public Principal getUserPrincipal() {
- return new Principal() {
- public String getName() {
- return user;
- }
- };
- }
-
- @Override
- public boolean isUserInRole(String role) {
- return false;
- }
-
- @Override
- public Subject getSubject() {
- return null;
- }
-
- @Override
- public Set<Principal> getUserRoles() {
- Set<Principal> principals = new HashSet<Principal>();
- principals.add(new Principal() {
- public String getName() {
- return role;
- }
- });
- return principals;
- }
-
- };
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java
deleted file mode 100644
index baccaeb..0000000
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml/XACMLRequestBuilderTest.java
+++ /dev/null
@@ -1,308 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rt.security.saml.xacml;
-
-import java.security.Principal;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.opensaml.xacml.ctx.AttributeType;
-import org.opensaml.xacml.ctx.RequestType;
-import org.opensaml.xacml.ctx.ResourceType;
-
-
-/**
- * Some unit tests to create a XACML Request via the XACMLRequestBuilder interface.
- */
-@SuppressWarnings("deprecation")
-public class XACMLRequestBuilderTest extends org.junit.Assert {
-
- static {
- org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
- }
-
- @org.junit.Test
- public void testXACMLRequestBuilder() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URI, resourceURL);
-
- XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
- }
-
-
- @org.junit.Test
- public void testAction() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URI, resourceURL);
-
- DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
-
- String action =
- request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
- assertEquals("execute", action);
-
- builder.setAction("write");
- request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
-
- action =
- request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
- assertEquals("write", action);
- }
-
- @org.junit.Test
- public void testEnvironment() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URL, resourceURL);
-
- XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
- assertFalse(request.getEnvironment().getAttributes().isEmpty());
-
- ((DefaultXACMLRequestBuilder)builder).setSendDateTime(false);
- request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
- assertTrue(request.getEnvironment().getAttributes().isEmpty());
- }
-
- @org.junit.Test
- public void testSOAPResource() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URL, resourceURL);
-
- XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
-
- List<ResourceType> resources = request.getResources();
- assertNotNull(resources);
- assertEquals(1, resources.size());
-
- ResourceType resource = resources.get(0);
- assertEquals(4, resource.getAttributes().size());
-
- boolean resourceIdSatisfied = false;
- boolean soapServiceSatisfied = false;
- boolean soapOperationSatisfied = false;
- boolean resourceURISatisfied = false;
- for (AttributeType attribute : resource.getAttributes()) {
- String attributeValue = attribute.getAttributeValues().get(0).getValue();
- if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
- && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals(
- attributeValue)) {
- resourceIdSatisfied = true;
- } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
- && service.equals(attributeValue)) {
- soapServiceSatisfied = true;
- } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
- && operation.equals(attributeValue)) {
- soapOperationSatisfied = true;
- } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
- && resourceURL.equals(attributeValue)) {
- resourceURISatisfied = true;
- }
- }
-
- assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
- && resourceURISatisfied);
- }
-
- @org.junit.Test
- public void testSOAPResourceDifferentNamespace() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
- MessageImpl msg = new MessageImpl();
- msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
- String service = "{http://www.example.org/contract/DoubleItService}DoubleItService";
- msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URL, resourceURL);
-
- XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
-
- List<ResourceType> resources = request.getResources();
- assertNotNull(resources);
- assertEquals(1, resources.size());
-
- ResourceType resource = resources.get(0);
- assertEquals(4, resource.getAttributes().size());
-
- boolean resourceIdSatisfied = false;
- boolean soapServiceSatisfied = false;
- boolean soapOperationSatisfied = false;
- boolean resourceURISatisfied = false;
- String expectedResourceId =
- service + "#" + operation;
- for (AttributeType attribute : resource.getAttributes()) {
- String attributeValue = attribute.getAttributeValues().get(0).getValue();
- if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
- && expectedResourceId.equals(attributeValue)) {
- resourceIdSatisfied = true;
- } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
- && service.equals(attributeValue)) {
- soapServiceSatisfied = true;
- } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
- && operation.equals(attributeValue)) {
- soapOperationSatisfied = true;
- } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
- && resourceURL.equals(attributeValue)) {
- resourceURISatisfied = true;
- }
- }
-
- assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
- && resourceURISatisfied);
- }
-
- @org.junit.Test
- public void testRESTResource() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- MessageImpl msg = new MessageImpl();
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URL, resourceURL);
-
- XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
-
- List<ResourceType> resources = request.getResources();
- assertNotNull(resources);
- assertEquals(1, resources.size());
-
- ResourceType resource = resources.get(0);
- assertEquals(1, resource.getAttributes().size());
-
- for (AttributeType attribute : resource.getAttributes()) {
- String attributeValue = attribute.getAttributeValues().get(0).getValue();
- assertEquals(attributeValue, resourceURL);
- }
- }
-
- @org.junit.Test
- public void testRESTResourceTruncatedURI() throws Exception {
- // Mock up a request
- Principal principal = new Principal() {
- public String getName() {
- return "alice";
- }
- };
-
- MessageImpl msg = new MessageImpl();
- String resourceURL = "https://localhost:8080/doubleit";
- msg.put(Message.REQUEST_URL, resourceURL);
- String resourceURI = "/doubleit";
- msg.put(Message.REQUEST_URI, resourceURI);
-
- XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
- ((DefaultXACMLRequestBuilder)builder).setSendFullRequestURL(false);
- RequestType request =
- builder.createRequest(principal, Collections.singletonList("manager"), msg);
- assertNotNull(request);
-
- List<ResourceType> resources = request.getResources();
- assertNotNull(resources);
- assertEquals(1, resources.size());
-
- ResourceType resource = resources.get(0);
- assertEquals(1, resource.getAttributes().size());
-
- for (AttributeType attribute : resource.getAttributes()) {
- String attributeValue = attribute.getAttributeValues().get(0).getValue();
- assertEquals(attributeValue, resourceURI);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java
new file mode 100644
index 0000000..3481598
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/DummyPDP.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.util.List;
+
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.xacml.XACMLObjectBuilder;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.DecisionType;
+import org.opensaml.xacml.ctx.DecisionType.DECISION;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResponseType;
+import org.opensaml.xacml.ctx.ResultType;
+import org.opensaml.xacml.ctx.StatusCodeType;
+import org.opensaml.xacml.ctx.StatusType;
+import org.opensaml.xacml.ctx.SubjectType;
+
+/**
+ * A test implementation of AbstractXACMLAuthorizingInterceptor. It just mocks up a Response
+ * object based on the role of the Subject. If the role is "manager" then it permits the
+ * request, otherwise it denies it.
+ */
+public class DummyPDP implements PolicyDecisionPoint {
+
+ public ResponseType evaluate(RequestType request) {
+ String role = getSubjectRole(request);
+ DECISION decision = "manager".equals(role) ? DecisionType.DECISION.Permit : DecisionType.DECISION.Deny;
+ return createResponse(decision);
+ }
+
+ private ResponseType createResponse(DECISION decision) {
+ XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
+
+ @SuppressWarnings("unchecked")
+ XACMLObjectBuilder<ResponseType> responseTypeBuilder =
+ (XACMLObjectBuilder<ResponseType>)
+ builderFactory.getBuilder(ResponseType.DEFAULT_ELEMENT_NAME);
+
+ @SuppressWarnings("unchecked")
+ XACMLObjectBuilder<ResultType> resultTypeBuilder =
+ (XACMLObjectBuilder<ResultType>)
+ builderFactory.getBuilder(ResultType.DEFAULT_ELEMENT_NAME);
+
+ @SuppressWarnings("unchecked")
+ XACMLObjectBuilder<DecisionType> decisionTypeBuilder =
+ (XACMLObjectBuilder<DecisionType>)
+ builderFactory.getBuilder(DecisionType.DEFAULT_ELEMENT_NAME);
+
+ @SuppressWarnings("unchecked")
+ XACMLObjectBuilder<StatusType> statusTypeBuilder =
+ (XACMLObjectBuilder<StatusType>)
+ builderFactory.getBuilder(StatusType.DEFAULT_ELEMENT_NAME);
+
+ @SuppressWarnings("unchecked")
+ XACMLObjectBuilder<StatusCodeType> statusCodeTypeBuilder =
+ (XACMLObjectBuilder<StatusCodeType>)
+ builderFactory.getBuilder(StatusCodeType.DEFAULT_ELEMENT_NAME);
+
+ ResultType result = resultTypeBuilder.buildObject();
+
+ DecisionType decisionType = decisionTypeBuilder.buildObject();
+ decisionType.setDecision(decision);
+ result.setDecision(decisionType);
+
+ StatusType status = statusTypeBuilder.buildObject();
+ StatusCodeType statusCode = statusCodeTypeBuilder.buildObject();
+ statusCode.setValue("urn:oasis:names:tc:xacml:1.0:status:ok");
+ status.setStatusCode(statusCode);
+ result.setStatus(status);
+
+ ResponseType response = responseTypeBuilder.buildObject();
+ response.getResults().add(result);
+ return response;
+ }
+
+ private String getSubjectRole(RequestType request) {
+ List<SubjectType> subjects = request.getSubjects();
+ if (subjects != null) {
+ for (SubjectType subject : subjects) {
+ List<AttributeType> attributes = subject.getAttributes();
+ if (attributes != null) {
+ for (AttributeType attribute : attributes) {
+ if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeId())) {
+ return attribute.getAttributeValues().get(0).getValue();
+ }
+ }
+ }
+ }
+ }
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
new file mode 100644
index 0000000..3a2bc3c
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
@@ -0,0 +1,222 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.joda.time.DateTime;
+import org.opensaml.xacml.ctx.ActionType;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.AttributeValueType;
+import org.opensaml.xacml.ctx.EnvironmentType;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResourceType;
+import org.opensaml.xacml.ctx.SubjectType;
+
+
+/**
+ * Some unit tests to create a XACML Request using the RequestComponentBuilder.
+ */
+public class RequestComponentBuilderTest extends org.junit.Assert {
+
+ private DocumentBuilder docBuilder;
+ static {
+ OpenSAMLUtil.initSamlEngine();
+ }
+
+ public RequestComponentBuilderTest() throws ParserConfigurationException {
+ DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+ docBuilderFactory.setNamespaceAware(true);
+ docBuilder = docBuilderFactory.newDocumentBuilder();
+ }
+
+ @org.junit.Test
+ public void testCreateXACMLRequest() throws Exception {
+ Document doc = docBuilder.newDocument();
+
+ // Subject
+ AttributeValueType subjectIdAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "alice-user@apache.org"
+ );
+ AttributeType subjectIdAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.SUBJECT_ID,
+ XACMLConstants.RFC_822_NAME,
+ null,
+ Collections.singletonList(subjectIdAttributeValue)
+ );
+
+ AttributeValueType subjectGroupAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "manager"
+ );
+ AttributeType subjectGroupAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.SUBJECT_ROLE,
+ XACMLConstants.XS_ANY_URI,
+ "admin-user@apache.org",
+ Collections.singletonList(subjectGroupAttributeValue)
+ );
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
+ attributes.add(subjectIdAttribute);
+ attributes.add(subjectGroupAttribute);
+ SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
+
+ // Resource
+ AttributeValueType resourceAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "{http://www.example.org/contract/DoubleIt}DoubleIt"
+ );
+ AttributeType resourceAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.RESOURCE_ID,
+ XACMLConstants.XS_STRING,
+ null,
+ Collections.singletonList(resourceAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(resourceAttribute);
+ ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
+
+ // Action
+ AttributeValueType actionAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "execute"
+ );
+ AttributeType actionAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.ACTION_ID,
+ XACMLConstants.XS_STRING,
+ null,
+ Collections.singletonList(actionAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(actionAttribute);
+ ActionType action = RequestComponentBuilder.createActionType(attributes);
+
+ // Request
+ RequestType request =
+ RequestComponentBuilder.createRequestType(
+ Collections.singletonList(subject),
+ Collections.singletonList(resource),
+ action,
+ null
+ );
+
+ Element policyElement = OpenSAMLUtil.toDom(request, doc);
+ // String outputString = DOM2Writer.nodeToString(policyElement);
+ assertNotNull(policyElement);
+ }
+
+ @org.junit.Test
+ public void testEnvironment() throws Exception {
+ Document doc = docBuilder.newDocument();
+
+ // Subject
+ AttributeValueType subjectIdAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "alice-user@apache.org"
+ );
+ AttributeType subjectIdAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.SUBJECT_ID,
+ XACMLConstants.RFC_822_NAME,
+ null,
+ Collections.singletonList(subjectIdAttributeValue)
+ );
+
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
+ attributes.add(subjectIdAttribute);
+ SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
+
+ // Resource
+ AttributeValueType resourceAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "{http://www.example.org/contract/DoubleIt}DoubleIt"
+ );
+ AttributeType resourceAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.RESOURCE_ID,
+ XACMLConstants.XS_STRING,
+ null,
+ Collections.singletonList(resourceAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(resourceAttribute);
+ ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
+
+ // Action
+ AttributeValueType actionAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "execute"
+ );
+ AttributeType actionAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.ACTION_ID,
+ XACMLConstants.XS_STRING,
+ null,
+ Collections.singletonList(actionAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(actionAttribute);
+ ActionType action = RequestComponentBuilder.createActionType(attributes);
+
+ // Environment
+ DateTime dateTime = new DateTime();
+ AttributeValueType environmentAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(dateTime.toString());
+ AttributeType environmentAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.CURRENT_DATETIME,
+ XACMLConstants.XS_DATETIME,
+ null,
+ Collections.singletonList(environmentAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(environmentAttribute);
+ EnvironmentType environmentType =
+ RequestComponentBuilder.createEnvironmentType(attributes);
+
+ // Request
+ RequestType request =
+ RequestComponentBuilder.createRequestType(
+ Collections.singletonList(subject),
+ Collections.singletonList(resource),
+ action,
+ environmentType
+ );
+
+ Element policyElement = OpenSAMLUtil.toDom(request, doc);
+ // String outputString = DOM2Writer.nodeToString(policyElement);
+ assertNotNull(policyElement);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java
new file mode 100644
index 0000000..7d594dc
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/SamlRequestComponentBuilderTest.java
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.opensaml.xacml.ctx.ActionType;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.AttributeValueType;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResourceType;
+import org.opensaml.xacml.ctx.SubjectType;
+import org.opensaml.xacml.profile.saml.SAMLProfileConstants;
+import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;
+
+
+/**
+ * Some unit tests for creating a SAML XACML Request.
+ */
+public class SamlRequestComponentBuilderTest extends org.junit.Assert {
+
+ private DocumentBuilder docBuilder;
+ static {
+ OpenSAMLUtil.initSamlEngine();
+ }
+
+ public SamlRequestComponentBuilderTest() throws ParserConfigurationException {
+ DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+ docBuilderFactory.setNamespaceAware(true);
+ docBuilder = docBuilderFactory.newDocumentBuilder();
+ }
+
+ @org.junit.Test
+ public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
+ Document doc = docBuilder.newDocument();
+
+ //
+ // Create XACML request
+ //
+
+ // Subject
+ AttributeValueType subjectIdAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "alice-user@apache.org"
+ );
+ AttributeType subjectIdAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.SUBJECT_ID,
+ XACMLConstants.RFC_822_NAME,
+ null,
+ Collections.singletonList(subjectIdAttributeValue)
+ );
+
+ AttributeValueType subjectGroupAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "manager"
+ );
+ AttributeType subjectGroupAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.SUBJECT_ROLE,
+ XACMLConstants.XS_ANY_URI,
+ "admin-user@apache.org",
+ Collections.singletonList(subjectGroupAttributeValue)
+ );
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
+ attributes.add(subjectIdAttribute);
+ attributes.add(subjectGroupAttribute);
+ SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
+
+ // Resource
+ AttributeValueType resourceAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "{http://www.example.org/contract/DoubleIt}DoubleIt"
+ );
+ AttributeType resourceAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.RESOURCE_ID,
+ XACMLConstants.XS_STRING,
+ null,
+ Collections.singletonList(resourceAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(resourceAttribute);
+ ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
+
+ // Action
+ AttributeValueType actionAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(
+ "execute"
+ );
+ AttributeType actionAttribute =
+ RequestComponentBuilder.createAttributeType(
+ XACMLConstants.ACTION_ID,
+ XACMLConstants.XS_STRING,
+ null,
+ Collections.singletonList(actionAttributeValue)
+ );
+ attributes.clear();
+ attributes.add(actionAttribute);
+ ActionType action = RequestComponentBuilder.createActionType(attributes);
+
+ // Request
+ RequestType request =
+ RequestComponentBuilder.createRequestType(
+ Collections.singletonList(subject),
+ Collections.singletonList(resource),
+ action,
+ null
+ );
+
+ //
+ // Create SAML wrapper
+ //
+
+ XACMLAuthzDecisionQueryType authzQuery =
+ SamlRequestComponentBuilder.createAuthzDecisionQuery(
+ "Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS
+ );
+
+ Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
+ // String outputString = DOM2Writer.nodeToString(policyElement);
+ assertNotNull(policyElement);
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java
new file mode 100644
index 0000000..7c6589c
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLAuthorizingInterceptorTest.java
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.security.LoginSecurityContext;
+import org.apache.cxf.security.SecurityContext;
+
+
+/**
+ * Some unit tests to test the AbstractXACMLAuthorizingInterceptor.
+ */
+public class XACMLAuthorizingInterceptorTest extends org.junit.Assert {
+
+ static {
+ org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
+ }
+
+ @org.junit.Test
+ public void testPermit() throws Exception {
+ // Mock up a Security Context
+ SecurityContext sc = createSecurityContext("alice", "manager");
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURI = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URI, resourceURI);
+ msg.put(SecurityContext.class, sc);
+
+ PolicyDecisionPoint pdp = new DummyPDP();
+ XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
+ authorizingInterceptor.handleMessage(msg);
+ }
+
+ @org.junit.Test
+ public void testDeny() throws Exception {
+ // Mock up a Security Context
+ SecurityContext sc = createSecurityContext("alice", "boss");
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURI = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URI, resourceURI);
+ msg.put(SecurityContext.class, sc);
+
+ PolicyDecisionPoint pdp = new DummyPDP();
+ XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp);
+
+ try {
+ authorizingInterceptor.handleMessage(msg);
+ fail("Failure expected on deny");
+ } catch (Exception ex) {
+ // Failure expected
+ }
+ }
+
+ private SecurityContext createSecurityContext(final String user, final String role) {
+ return new LoginSecurityContext() {
+
+ @Override
+ public Principal getUserPrincipal() {
+ return new Principal() {
+ public String getName() {
+ return user;
+ }
+ };
+ }
+
+ @Override
+ public boolean isUserInRole(String role) {
+ return false;
+ }
+
+ @Override
+ public Subject getSubject() {
+ return null;
+ }
+
+ @Override
+ public Set<Principal> getUserRoles() {
+ Set<Principal> principals = new HashSet<Principal>();
+ principals.add(new Principal() {
+ public String getName() {
+ return role;
+ }
+ });
+ return principals;
+ }
+
+ };
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java
new file mode 100644
index 0000000..cefa37a
--- /dev/null
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/XACMLRequestBuilderTest.java
@@ -0,0 +1,308 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml.xacml2;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
+import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.RequestType;
+import org.opensaml.xacml.ctx.ResourceType;
+
+
+/**
+ * Some unit tests to create a XACML Request via the XACMLRequestBuilder interface.
+ */
+public class XACMLRequestBuilderTest extends org.junit.Assert {
+
+ static {
+ org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
+ }
+
+ @org.junit.Test
+ public void testXACMLRequestBuilder() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URI, resourceURL);
+
+ XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+ }
+
+
+ @org.junit.Test
+ public void testAction() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URI, resourceURL);
+
+ DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+
+ String action =
+ request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
+ assertEquals("execute", action);
+
+ builder.setAction("write");
+ request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+
+ action =
+ request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
+ assertEquals("write", action);
+ }
+
+ @org.junit.Test
+ public void testEnvironment() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URL, resourceURL);
+
+ XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+ assertFalse(request.getEnvironment().getAttributes().isEmpty());
+
+ ((DefaultXACMLRequestBuilder)builder).setSendDateTime(false);
+ request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+ assertTrue(request.getEnvironment().getAttributes().isEmpty());
+ }
+
+ @org.junit.Test
+ public void testSOAPResource() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URL, resourceURL);
+
+ XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+
+ List<ResourceType> resources = request.getResources();
+ assertNotNull(resources);
+ assertEquals(1, resources.size());
+
+ ResourceType resource = resources.get(0);
+ assertEquals(4, resource.getAttributes().size());
+
+ boolean resourceIdSatisfied = false;
+ boolean soapServiceSatisfied = false;
+ boolean soapOperationSatisfied = false;
+ boolean resourceURISatisfied = false;
+ for (AttributeType attribute : resource.getAttributes()) {
+ String attributeValue = attribute.getAttributeValues().get(0).getValue();
+ if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
+ && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals(
+ attributeValue)) {
+ resourceIdSatisfied = true;
+ } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
+ && service.equals(attributeValue)) {
+ soapServiceSatisfied = true;
+ } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
+ && operation.equals(attributeValue)) {
+ soapOperationSatisfied = true;
+ } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
+ && resourceURL.equals(attributeValue)) {
+ resourceURISatisfied = true;
+ }
+ }
+
+ assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
+ && resourceURISatisfied);
+ }
+
+ @org.junit.Test
+ public void testSOAPResourceDifferentNamespace() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
+ MessageImpl msg = new MessageImpl();
+ msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
+ String service = "{http://www.example.org/contract/DoubleItService}DoubleItService";
+ msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URL, resourceURL);
+
+ XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+
+ List<ResourceType> resources = request.getResources();
+ assertNotNull(resources);
+ assertEquals(1, resources.size());
+
+ ResourceType resource = resources.get(0);
+ assertEquals(4, resource.getAttributes().size());
+
+ boolean resourceIdSatisfied = false;
+ boolean soapServiceSatisfied = false;
+ boolean soapOperationSatisfied = false;
+ boolean resourceURISatisfied = false;
+ String expectedResourceId =
+ service + "#" + operation;
+ for (AttributeType attribute : resource.getAttributes()) {
+ String attributeValue = attribute.getAttributeValues().get(0).getValue();
+ if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
+ && expectedResourceId.equals(attributeValue)) {
+ resourceIdSatisfied = true;
+ } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
+ && service.equals(attributeValue)) {
+ soapServiceSatisfied = true;
+ } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
+ && operation.equals(attributeValue)) {
+ soapOperationSatisfied = true;
+ } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
+ && resourceURL.equals(attributeValue)) {
+ resourceURISatisfied = true;
+ }
+ }
+
+ assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied
+ && resourceURISatisfied);
+ }
+
+ @org.junit.Test
+ public void testRESTResource() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ MessageImpl msg = new MessageImpl();
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URL, resourceURL);
+
+ XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+
+ List<ResourceType> resources = request.getResources();
+ assertNotNull(resources);
+ assertEquals(1, resources.size());
+
+ ResourceType resource = resources.get(0);
+ assertEquals(1, resource.getAttributes().size());
+
+ for (AttributeType attribute : resource.getAttributes()) {
+ String attributeValue = attribute.getAttributeValues().get(0).getValue();
+ assertEquals(attributeValue, resourceURL);
+ }
+ }
+
+ @org.junit.Test
+ public void testRESTResourceTruncatedURI() throws Exception {
+ // Mock up a request
+ Principal principal = new Principal() {
+ public String getName() {
+ return "alice";
+ }
+ };
+
+ MessageImpl msg = new MessageImpl();
+ String resourceURL = "https://localhost:8080/doubleit";
+ msg.put(Message.REQUEST_URL, resourceURL);
+ String resourceURI = "/doubleit";
+ msg.put(Message.REQUEST_URI, resourceURI);
+
+ XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
+ ((DefaultXACMLRequestBuilder)builder).setSendFullRequestURL(false);
+ RequestType request =
+ builder.createRequest(principal, Collections.singletonList("manager"), msg);
+ assertNotNull(request);
+
+ List<ResourceType> resources = request.getResources();
+ assertNotNull(resources);
+ assertEquals(1, resources.size());
+
+ ResourceType resource = resources.get(0);
+ assertEquals(1, resource.getAttributes().size());
+
+ for (AttributeType attribute : resource.getAttributes()) {
+ String attributeValue = attribute.getAttributeValues().get(0).getValue();
+ assertEquals(attributeValue, resourceURI);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
index d149db1..aac677d 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
@@ -21,20 +21,8 @@ package org.apache.cxf.systest.ws.saml;
import java.util.List;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMResult;
-import javax.xml.transform.dom.DOMSource;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
-import org.apache.cxf.rt.security.saml.xacml.pdp.api.PolicyDecisionPoint;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.cxf.rt.security.saml.xacml2.PolicyDecisionPoint;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.xacml.XACMLObjectBuilder;
@@ -59,8 +47,7 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint {
}
@Override
- public Source evaluate(Source request) {
- RequestType requestType = requestSourceToRequestType(request);
+ public ResponseType evaluate(RequestType requestType) {
XMLObjectBuilderFactory builderFactory =
XMLObjectProviderRegistrySupport.getBuilderFactory();
@@ -111,33 +98,7 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint {
ResponseType response = responseTypeBuilder.buildObject();
response.getResults().add(result);
- return responseType2Source(response);
- }
-
- private RequestType requestSourceToRequestType(Source requestSource) {
- try {
- Transformer trans = TransformerFactory.newInstance().newTransformer();
- DOMResult res = new DOMResult();
- trans.transform(requestSource, res);
- Node nd = res.getNode();
- if (nd instanceof Document) {
- nd = ((Document)nd).getDocumentElement();
- }
- return (RequestType)OpenSAMLUtil.fromDom((Element)nd);
- } catch (Exception e) {
- throw new RuntimeException("Error converting pdp response to ResponseType", e);
- }
- }
-
- private Source responseType2Source(ResponseType response) {
- Document doc = DOMUtils.createDocument();
- Element responseElement;
- try {
- responseElement = OpenSAMLUtil.toDom(response, doc);
- } catch (WSSecurityException e) {
- throw new RuntimeException("Error converting PDP RequestType to Dom", e);
- }
- return new DOMSource(responseElement);
+ return response;
}
private String getSubjectRole(RequestType request) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
index 9d3895f..e0c7c00 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
@@ -230,7 +230,7 @@
</jaxws:features>
</jaxws:endpoint>
<bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
- <bean class="org.apache.cxf.rt.security.saml.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+ <bean class="org.apache.cxf.rt.security.saml.xacml2.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
<constructor-arg ref="MockPDP"/>
</bean>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.saml.Server}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
http://git-wip-us.apache.org/repos/asf/cxf/blob/8176b1b0/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
index 91768b8..6651ff9 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
@@ -253,7 +253,7 @@
</jaxws:features>
</jaxws:endpoint>
<bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
- <bean class="org.apache.cxf.rt.security.saml.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+ <bean class="org.apache.cxf.rt.security.saml.xacml2.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
<constructor-arg ref="MockPDP"/>
</bean>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.saml.StaxServer}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">