You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/11/29 12:23:31 UTC
svn commit: r1415126 - in /cxf/trunk/services/sts/sts-core/src:
main/java/org/apache/cxf/sts/claims/ main/java/org/apache/cxf/sts/operation/
main/java/org/apache/cxf/sts/request/
main/java/org/apache/cxf/sts/token/provider/ test/java/org/apache/cxf/sts...
Author: coheigea
Date: Thu Nov 29 11:23:30 2012
New Revision: 1415126
URL: http://svn.apache.org/viewvc?rev=1415126&view=rev
Log:
[CXF-4664] - Support primary and secondary Claims in the STS
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java Thu Nov 29 11:23:30 2012
@@ -59,7 +59,8 @@ public class ClaimsAttributeStatementPro
params.setWebServiceContext(providerParameters.getWebServiceContext());
retrievedClaims =
claimsManager.retrieveClaimValues(
- providerParameters.getRequestedClaims(),
+ providerParameters.getRequestedPrimaryClaims(),
+ providerParameters.getRequestedSecondaryClaims(),
params
);
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java Thu Nov 29 11:23:30 2012
@@ -75,6 +75,40 @@ public class ClaimsManager {
}
}
+ public ClaimCollection retrieveClaimValues(
+ RequestClaimCollection primaryClaims,
+ RequestClaimCollection secondaryClaims,
+ ClaimsParameters parameters
+ ) {
+ if (primaryClaims == null && secondaryClaims == null) {
+ return null;
+ } else if (primaryClaims != null && secondaryClaims == null) {
+ return retrieveClaimValues(primaryClaims, parameters);
+ } else if (secondaryClaims != null && primaryClaims == null) {
+ return retrieveClaimValues(secondaryClaims, parameters);
+ }
+
+ // Here we have two sets of claims
+ if (primaryClaims.getDialect() != null
+ && primaryClaims.getDialect().equals(secondaryClaims.getDialect())) {
+ // Matching dialects - so we must merge them
+ RequestClaimCollection mergedClaims = mergeClaims(primaryClaims, secondaryClaims);
+ return retrieveClaimValues(mergedClaims, parameters);
+ } else {
+ // If the dialects don't match then just return all Claims
+ ClaimCollection claims = retrieveClaimValues(primaryClaims, parameters);
+ ClaimCollection claims2 = retrieveClaimValues(secondaryClaims, parameters);
+ ClaimCollection returnedClaims = new ClaimCollection();
+ if (claims != null) {
+ returnedClaims.addAll(claims);
+ }
+ if (claims2 != null) {
+ returnedClaims.addAll(claims2);
+ }
+ return returnedClaims;
+ }
+ }
+
public ClaimCollection retrieveClaimValues(RequestClaimCollection claims, ClaimsParameters parameters) {
Relationship relationship = null;
if (parameters.getAdditionalProperties() != null) {
@@ -251,5 +285,54 @@ public class ClaimsManager {
}
+ /**
+ * This method merges the primary claims with the secondary claims (of the same dialect).
+ * This facilitates handling claims from a service via wst:SecondaryParameters/wst:Claims
+ * with any client-specific claims sent in wst:RequestSecurityToken/wst:Claims
+ */
+ private RequestClaimCollection mergeClaims(
+ RequestClaimCollection primaryClaims, RequestClaimCollection secondaryClaims
+ ) {
+ RequestClaimCollection parsedClaims = new RequestClaimCollection();
+ parsedClaims.addAll(secondaryClaims);
+
+ // Merge claims
+ RequestClaimCollection mergedClaims = new RequestClaimCollection();
+ for (RequestClaim claim : primaryClaims) {
+ RequestClaim matchingClaim = null;
+ // Search for a matching claim via the ClaimType URI
+ for (RequestClaim secondaryClaim : parsedClaims) {
+ if (secondaryClaim.getClaimType().equals(claim.getClaimType())) {
+ matchingClaim = secondaryClaim;
+ break;
+ }
+ }
+
+ if (matchingClaim == null) {
+ mergedClaims.add(claim);
+ } else {
+ RequestClaim mergedClaim = new RequestClaim();
+ mergedClaim.setClaimType(claim.getClaimType());
+ if (claim.getClaimValue() != null) {
+ mergedClaim.setClaimValue(claim.getClaimValue());
+ if (matchingClaim.getClaimValue() != null) {
+ LOG.log(Level.WARNING, "Secondary claim value " + matchingClaim.getClaimValue()
+ + " ignored in favour of primary claim value");
+ }
+ } else if (matchingClaim.getClaimValue() != null) {
+ mergedClaim.setClaimValue(matchingClaim.getClaimValue());
+ }
+ mergedClaims.add(mergedClaim);
+
+ // Remove from parsed Claims
+ parsedClaims.remove(matchingClaim);
+ }
+ }
+
+ // Now add in any claims from the parsed claims that weren't merged
+ mergedClaims.addAll(parsedClaims);
+
+ return mergedClaims;
+ }
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java Thu Nov 29 11:23:30 2012
@@ -452,8 +452,10 @@ public abstract class AbstractOperation
}
// Set the requested Claims
- RequestClaimCollection claims = tokenRequirements.getClaims();
- providerParameters.setRequestedClaims(claims);
+ RequestClaimCollection claims = tokenRequirements.getPrimaryClaims();
+ providerParameters.setRequestedPrimaryClaims(claims);
+ claims = tokenRequirements.getSecondaryClaims();
+ providerParameters.setRequestedSecondaryClaims(claims);
EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
if (address != null) {
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Thu Nov 29 11:23:30 2012
@@ -96,7 +96,9 @@ public class TokenIssueOperation extends
TokenProviderParameters providerParameters = createTokenProviderParameters(requestParser, context);
// Check if the requested claims can be handled by the configured claim handlers
- RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
+ RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
+ checkClaimsSupport(requestedClaims);
+ requestedClaims = providerParameters.getRequestedSecondaryClaims();
checkClaimsSupport(requestedClaims);
providerParameters.setClaimsManager(claimsManager);
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java Thu Nov 29 11:23:30 2012
@@ -107,7 +107,9 @@ public class TokenValidateOperation exte
processValidToken(providerParameters, validateTarget, tokenResponse);
// Check if the requested claims can be handled by the configured claim handlers
- RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
+ RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
+ checkClaimsSupport(requestedClaims);
+ requestedClaims = providerParameters.getRequestedSecondaryClaims();
checkClaimsSupport(requestedClaims);
providerParameters.setClaimsManager(claimsManager);
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java Thu Nov 29 11:23:30 2012
@@ -298,8 +298,8 @@ public class RequestParser {
} else if (QNameConstants.CLAIMS.equals(jaxbElement.getName())) {
ClaimsType claimsType = (ClaimsType)jaxbElement.getValue();
RequestClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
- tokenRequirements.setClaims(requestedClaims);
- LOG.fine("Found Claims token");
+ tokenRequirements.setPrimaryClaims(requestedClaims);
+ LOG.fine("Found Primary Claims token");
} else if (QNameConstants.RENEWING.equals(jaxbElement.getName())) {
RenewingType renewingType = (RenewingType)jaxbElement.getValue();
Renewing renewing = new Renewing();
@@ -552,11 +552,10 @@ public class RequestParser {
String keyType = child.getTextContent().trim();
LOG.fine("Found KeyType: " + keyType);
keyRequirements.setKeyType(keyType);
- } else if (tokenRequirements.getClaims() == null
- && "Claims".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
- LOG.fine("Found Claims element");
+ } else if ("Claims".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
+ LOG.fine("Found Secondary Claims element");
RequestClaimCollection requestedClaims = parseClaims(child, claimsParsers);
- tokenRequirements.setClaims(requestedClaims);
+ tokenRequirements.setSecondaryClaims(requestedClaims);
} else {
LOG.fine("Found unknown element: " + localName + " " + namespace);
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java Thu Nov 29 11:23:30 2012
@@ -36,7 +36,8 @@ public class TokenRequirements {
private ReceivedToken cancelTarget;
private ReceivedToken renewTarget;
private Lifetime lifetime;
- private RequestClaimCollection claims;
+ private RequestClaimCollection primaryClaims;
+ private RequestClaimCollection secondaryClaims;
private Renewing renewing;
public Renewing getRenewing() {
@@ -119,12 +120,28 @@ public class TokenRequirements {
this.lifetime = lifetime;
}
+ @Deprecated
public RequestClaimCollection getClaims() {
- return claims;
+ if (primaryClaims != null) {
+ return primaryClaims;
+ }
+ return secondaryClaims;
}
- public void setClaims(RequestClaimCollection claims) {
- this.claims = claims;
+ public RequestClaimCollection getPrimaryClaims() {
+ return primaryClaims;
+ }
+
+ public void setPrimaryClaims(RequestClaimCollection primaryClaims) {
+ this.primaryClaims = primaryClaims;
+ }
+
+ public RequestClaimCollection getSecondaryClaims() {
+ return secondaryClaims;
+ }
+
+ public void setSecondaryClaims(RequestClaimCollection secondaryClaims) {
+ this.secondaryClaims = secondaryClaims;
}
}
\ No newline at end of file
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java Thu Nov 29 11:23:30 2012
@@ -43,7 +43,8 @@ public class TokenProviderParameters {
private EncryptionProperties encryptionProperties;
private Principal principal;
private WebServiceContext webServiceContext;
- private RequestClaimCollection requestedClaims;
+ private RequestClaimCollection requestedPrimaryClaims;
+ private RequestClaimCollection requestedSecondaryClaims;
private KeyRequirements keyRequirements;
private TokenRequirements tokenRequirements;
private String appliesToAddress;
@@ -92,12 +93,12 @@ public class TokenProviderParameters {
this.keyRequirements = keyRequirements;
}
+ @Deprecated
public RequestClaimCollection getRequestedClaims() {
- return requestedClaims;
- }
-
- public void setRequestedClaims(RequestClaimCollection requestedClaims) {
- this.requestedClaims = requestedClaims;
+ if (requestedPrimaryClaims != null) {
+ return requestedPrimaryClaims;
+ }
+ return requestedSecondaryClaims;
}
public STSPropertiesMBean getStsProperties() {
@@ -147,5 +148,21 @@ public class TokenProviderParameters {
public String getRealm() {
return realm;
}
+
+ public RequestClaimCollection getRequestedPrimaryClaims() {
+ return requestedPrimaryClaims;
+ }
+
+ public void setRequestedPrimaryClaims(RequestClaimCollection requestedPrimaryClaims) {
+ this.requestedPrimaryClaims = requestedPrimaryClaims;
+ }
+
+ public RequestClaimCollection getRequestedSecondaryClaims() {
+ return requestedSecondaryClaims;
+ }
+
+ public void setRequestedSecondaryClaims(RequestClaimCollection requestedSecondaryClaims) {
+ this.requestedSecondaryClaims = requestedSecondaryClaims;
+ }
}
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java Thu Nov 29 11:23:30 2012
@@ -73,7 +73,8 @@ public class CustomAttributeProvider imp
params.setWebServiceContext(providerParameters.getWebServiceContext());
retrievedClaims =
claimsManager.retrieveClaimValues(
- providerParameters.getRequestedClaims(),
+ providerParameters.getRequestedPrimaryClaims(),
+ providerParameters.getRequestedSecondaryClaims(),
params
);
}
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java Thu Nov 29 11:23:30 2012
@@ -45,6 +45,7 @@ public class CustomClaimsHandler impleme
knownURIs.add(ClaimTypes.FIRSTNAME);
knownURIs.add(ClaimTypes.LASTNAME);
knownURIs.add(ClaimTypes.EMAILADDRESS);
+ knownURIs.add(ClaimTypes.STREETADDRESS);
knownURIs.add(ROLE_CLAIM);
}
@@ -72,6 +73,8 @@ public class CustomClaimsHandler impleme
claim.addValue("doe");
} else if (ClaimTypes.EMAILADDRESS.equals(requestClaim.getClaimType())) {
claim.addValue("alice@cxf.apache.org");
+ } else if (ClaimTypes.STREETADDRESS.equals(requestClaim.getClaimType())) {
+ claim.addValue("1234 1st Street");
} else if (ROLE_CLAIM.equals(requestClaim.getClaimType())) {
String requestedRole = requestClaim.getClaimValue();
if (isUserInRole(parameters.getPrincipal(), requestedRole)) {
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java Thu Nov 29 11:23:30 2012
@@ -865,7 +865,7 @@ public class IssueSamlClaimsUnitTest ext
requestClaim.setClaimType(ClaimTypes.LASTNAME);
requestClaim.setOptional(false);
requestedClaims.add(requestClaim);
- providerParameters.setRequestedClaims(requestedClaims);
+ providerParameters.setRequestedSecondaryClaims(requestedClaims);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java Thu Nov 29 11:23:30 2012
@@ -866,7 +866,7 @@ public class ValidateTokenTransformation
requestClaim.setClaimType(ClaimTypes.LASTNAME);
requestClaim.setOptional(false);
requestedClaims.add(requestClaim);
- providerParameters.setRequestedClaims(requestedClaims);
+ providerParameters.setRequestedSecondaryClaims(requestedClaims);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java?rev=1415126&r1=1415125&r2=1415126&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java Thu Nov 29 11:23:30 2012
@@ -91,7 +91,7 @@ public class SAMLClaimsTest extends org.
providerParameters.setClaimsManager(claimsManager);
RequestClaimCollection claims = createClaims();
- providerParameters.setRequestedClaims(claims);
+ providerParameters.setRequestedPrimaryClaims(claims);
List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
customProviderList.add(new CustomAttributeProvider());
@@ -114,6 +114,101 @@ public class SAMLClaimsTest extends org.
}
/**
+ * Test the creation of a SAML2 Assertion with various Attributes set by a ClaimsHandler.
+ * We have both a primary claim (sent in wst:RequestSecurityToken) and a secondary claim
+ * (send in wst:RequestSecurityToken/wst:SecondaryParameters).
+ */
+ @org.junit.Test
+ public void testSaml2MultipleClaims() throws Exception {
+ TokenProvider samlTokenProvider = new SAMLTokenProvider();
+ TokenProviderParameters providerParameters =
+ createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
+
+ ClaimsManager claimsManager = new ClaimsManager();
+ ClaimsHandler claimsHandler = new CustomClaimsHandler();
+ claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+ providerParameters.setClaimsManager(claimsManager);
+
+ RequestClaimCollection primaryClaims = createClaims();
+ providerParameters.setRequestedPrimaryClaims(primaryClaims);
+
+ RequestClaimCollection secondaryClaims = new RequestClaimCollection();
+ RequestClaim claim = new RequestClaim();
+ claim.setClaimType(ClaimTypes.STREETADDRESS);
+ secondaryClaims.add(claim);
+ providerParameters.setRequestedSecondaryClaims(secondaryClaims);
+
+ List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
+ customProviderList.add(new CustomAttributeProvider());
+ ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
+
+ assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+ TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ Element token = providerResponse.getToken();
+ String tokenString = DOM2Writer.nodeToString(token);
+ assertTrue(tokenString.contains(providerResponse.getTokenId()));
+ assertTrue(tokenString.contains("AttributeStatement"));
+ assertTrue(tokenString.contains("alice"));
+ assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+ assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.STREETADDRESS.toString()));
+ }
+
+ /**
+ * Test the creation of a SAML2 Assertion with various Attributes set by a ClaimsHandler.
+ * We have both a primary claim (sent in wst:RequestSecurityToken) and a secondary claim
+ * (send in wst:RequestSecurityToken/wst:SecondaryParameters), and both have the
+ * same dialect in this test.
+ */
+ @org.junit.Test
+ public void testSaml2MultipleClaimsSameDialect() throws Exception {
+ TokenProvider samlTokenProvider = new SAMLTokenProvider();
+ TokenProviderParameters providerParameters =
+ createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
+
+ ClaimsManager claimsManager = new ClaimsManager();
+ ClaimsHandler claimsHandler = new CustomClaimsHandler();
+ claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+ providerParameters.setClaimsManager(claimsManager);
+
+ RequestClaimCollection primaryClaims = createClaims();
+ primaryClaims.setDialect(ClaimTypes.URI_BASE);
+ providerParameters.setRequestedPrimaryClaims(primaryClaims);
+
+ RequestClaimCollection secondaryClaims = new RequestClaimCollection();
+ RequestClaim claim = new RequestClaim();
+ claim.setClaimType(ClaimTypes.STREETADDRESS);
+ secondaryClaims.add(claim);
+ secondaryClaims.setDialect(ClaimTypes.URI_BASE);
+ providerParameters.setRequestedSecondaryClaims(secondaryClaims);
+
+ List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
+ customProviderList.add(new CustomAttributeProvider());
+ ((SAMLTokenProvider)samlTokenProvider).setAttributeStatementProviders(customProviderList);
+
+ assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
+ TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ Element token = providerResponse.getToken();
+ String tokenString = DOM2Writer.nodeToString(token);
+ assertTrue(tokenString.contains(providerResponse.getTokenId()));
+ assertTrue(tokenString.contains("AttributeStatement"));
+ assertTrue(tokenString.contains("alice"));
+ assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+ assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.STREETADDRESS.toString()));
+ }
+
+ /**
* Test the creation of a SAML2 Assertion with StaticClaimsHandler
*/
@org.junit.Test
@@ -134,7 +229,7 @@ public class SAMLClaimsTest extends org.
RequestClaim claim = new RequestClaim();
claim.setClaimType(CLAIM_STATIC_COMPANY);
claims.add(claim);
- providerParameters.setRequestedClaims(claims);
+ providerParameters.setRequestedPrimaryClaims(claims);
List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
customProviderList.add(new ClaimsAttributeStatementProvider());
@@ -191,7 +286,7 @@ public class SAMLClaimsTest extends org.
RequestClaim claim = new RequestClaim();
claim.setClaimType(CLAIM_APPLICATION);
claims.add(claim);
- providerParameters.setRequestedClaims(claims);
+ providerParameters.setRequestedPrimaryClaims(claims);
List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
customProviderList.add(new ClaimsAttributeStatementProvider());
@@ -250,7 +345,7 @@ public class SAMLClaimsTest extends org.
RequestClaim claim = new RequestClaim();
claim.setClaimType(CLAIM_APPLICATION);
claims.add(claim);
- providerParameters.setRequestedClaims(claims);
+ providerParameters.setRequestedPrimaryClaims(claims);
List<AttributeStatementProvider> customProviderList = new ArrayList<AttributeStatementProvider>();
customProviderList.add(new ClaimsAttributeStatementProvider());