You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/05/09 10:20:03 UTC
[cxf] branch 3.4.x-fixes updated (562d2d7afa -> d89e66afc7)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
from 562d2d7afa Recording .gitmergeinfo Changes
new f11cdbc128 Update AbstractSTSClient.java (#944)
new 007c8813f1 Adding a test for the NPE fix in AbstractSTSClient
new 71d414ea9f Recording .gitmergeinfo Changes
new d89e66afc7 Fixing test
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 3 +++
.../cxf/ws/security/trust/AbstractSTSClient.java | 2 +-
.../systest/sts/claims/ClaimsCallbackHandler.java | 30 ++++++++++++++++++++--
.../apache/cxf/systest/sts/claims/ClaimsTest.java | 26 +++++++++++++++++++
...ent-cbhandler.xml => cxf-client-cbhandler2.xml} | 4 ++-
5 files changed, 61 insertions(+), 4 deletions(-)
copy services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/{cxf-client-cbhandler.xml => cxf-client-cbhandler2.xml} (97%)
[cxf] 02/04: Adding a test for the NPE fix in AbstractSTSClient
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 007c8813f1b74459624fb03ed734e2c56b8b50c1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon May 9 10:15:22 2022 +0100
Adding a test for the NPE fix in AbstractSTSClient
(cherry picked from commit 5d72c8df422e453c414a8c8c839c46ae05c43e4d)
(cherry picked from commit ed938a1b97445d17eb6db2ca8938bc78fd1d911a)
---
.../systest/sts/claims/ClaimsCallbackHandler.java | 30 +++++++++-
.../apache/cxf/systest/sts/claims/ClaimsTest.java | 26 ++++++++
.../systest/sts/claims/cxf-client-cbhandler2.xml | 69 ++++++++++++++++++++++
3 files changed, 123 insertions(+), 2 deletions(-)
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
index 457e2802e3..358405e05b 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
@@ -29,6 +29,8 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
/**
@@ -37,13 +39,18 @@ import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
*/
public class ClaimsCallbackHandler implements CallbackHandler {
+ private boolean createClaimCollection;
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof ClaimsCallback) {
ClaimsCallback callback = (ClaimsCallback) callbacks[i];
- callback.setClaims(createClaims());
-
+ if (isCreateClaimCollection()) {
+ callback.setClaims(createClaimCollection());
+ } else {
+ callback.setClaims(createClaims());
+ }
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
@@ -65,4 +72,23 @@ public class ClaimsCallbackHandler implements CallbackHandler {
return claimsElement;
}
+ /**
+ * Create a Claims Element for a "role"
+ */
+ private ClaimCollection createClaimCollection() {
+ ClaimCollection claimCollection = new ClaimCollection();
+ Claim claim = new Claim();
+ claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+ claimCollection.add(claim);
+
+ return claimCollection;
+ }
+
+ public boolean isCreateClaimCollection() {
+ return createClaimCollection;
+ }
+
+ public void setCreateClaimCollection(boolean createClaimCollection) {
+ this.createClaimCollection = createClaimCollection;
+ }
}
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index d48f4ffd43..454e69ba2f 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -374,6 +374,32 @@ public class ClaimsTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // In this test, the WSDL the client is using has no Claims Element (however the service
+ // is using a WSDL that requires Claims). A CallbackHandler is used to send the Claims
+ // Element to the STS.
+ @org.junit.Test
+ public void testSaml2ClaimsCallbackHandler2() throws Exception {
+ createBus(getClass().getResource("cxf-client-cbhandler2.xml").toString());
+
+ URL wsdl = ClaimsTest.class.getResource("DoubleItNoClaims.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
+ DoubleItPortType transportClaimsPort =
+ service.getPort(portQName, DoubleItPortType.class);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ SecurityTestUtil.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
+
+ doubleIt(transportClaimsPort, 25);
+
+ ((java.io.Closeable)transportClaimsPort).close();
+ }
+
@org.junit.Test
public void testSaml2ChildClaims() throws Exception {
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
new file mode 100644
index 0000000000..f55f083de3
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler">
+ <property name="createClaimCollection" value="true"/>
+ </bean>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+ <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+ <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+ <property name="properties">
+ <map>
+ <entry key="security.username" value="alice"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.token.username" value="myclientkey"/>
+ <entry key="security.sts.token.properties" value="clientKeystore.properties"/>
+ <entry key="security.sts.token.usecert" value="true"/>
+ </map>
+ </property>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="ckpass">
+ <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+ </sec:keyManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
\ No newline at end of file
[cxf] 01/04: Update AbstractSTSClient.java (#944)
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit f11cdbc1286db8798494850143827bd392e8d85a
Author: Ćukasz Pasek <lu...@gmail.com>
AuthorDate: Mon May 9 11:14:35 2022 +0200
Update AbstractSTSClient.java (#944)
Fixed NPE in addClaims() when claims callback returns claim collection.
(cherry picked from commit 6a6c2b6b59c6dbe9406ab9297f92af470ca1bf2f)
(cherry picked from commit 7ac9789e7b505f9d3921f4555d88c04c221f4f79)
---
.../main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 11d38f8b17..2966b04567 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -1453,7 +1453,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
if (claimsToSerialize instanceof Element) {
StaxUtils.copy((Element)claimsToSerialize, writer);
} else if (claimsToSerialize instanceof ClaimCollection) {
- ClaimCollection claimCollection = (ClaimCollection)claims;
+ ClaimCollection claimCollection = (ClaimCollection)claimsToSerialize;
claimCollection.serialize(writer, "wst", namespace);
}
}
[cxf] 04/04: Fixing test
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit d89e66afc74aade8123afb1ea6263e1c2fc7019a
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon May 9 11:19:48 2022 +0100
Fixing test
---
.../src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index 454e69ba2f..12a6950d26 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -389,7 +389,7 @@ public class ClaimsTest extends AbstractBusClientServerTestBase {
updateAddressPort(transportClaimsPort, test.getPort());
- SecurityTestUtil.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(transportClaimsPort);
[cxf] 03/04: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 71d414ea9fa5d153fe1f5cf7d9a6bbc827d6eee6
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon May 9 10:38:26 2022 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index ad42a30031..ab0234f705 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -11,6 +11,7 @@ B 0dce4cd3c0362da3a9864a1a93da0f6e5d480d7f
B 0e235a4d7ca094ebd2a8afc6b22c00a841e2e554
B 0e96fca5e25a68971b7944276af029b0f0df801c
B 124fae280460ca911c6040868271328e6ca8fe98
+B 1496f441b221c540c6e4260b757da09e2460e2db
B 14add09ab01626d5af2d341aabf503ab5953ce6d
B 178db0d8fa34d98783d255d2beabd6e6faab4f0c
B 193718a9a0f34739dcb0cf0b13a9e680d1b9a39b
@@ -71,6 +72,7 @@ B 7cfda87f43d41fddb0e2d0e2501cb3918807e88f
B 7dcda069b57ee9732a2fb089df35c91c040527f0
B 7f49050d5a01af413486ae488594cf89b5bbe9ca
B 837401d8b08449ea34304df68600514d1132c499
+B 842272447a054cf89a2ed7da0d100fc05a0508ae
B 86c22f928f138c7f7cb2fc5fd7188b5e4dbe23d8
B 8897a9b5e815ff165b8ebd89997c50f60d709158
B 8a7aa1bad47f0a1d4b86e172cabc240f2bc9f008
@@ -382,6 +384,7 @@ M e758de3e60501bd33ca1b9ef3df685128d4a443a
M e775237e6dcb16b647d102bcbb3908d3e9fce1de
M ea7ea0c32683af9973f9897049f024c50ec6afa3
M eb4bab9983a287bf9dc0574d22077cc783bc88ac
+M ed938a1b97445d17eb6db2ca8938bc78fd1d911a
M edd3f1a8d578cb2876213fc5a2c325f35a328858
M ee1994710cedf7c860e82cd6f34cac63042d8fde
M ef90164f48e6cea81f98bcda3dcce3b33c053ea0