You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/09/11 19:15:48 UTC
svn commit: r1521942 - in
/cxf/branches/2.6.x-fixes/services/sts/sts-core/src:
main/java/org/apache/cxf/sts/operation/
main/java/org/apache/cxf/sts/token/delegation/
main/java/org/apache/cxf/sts/token/validator/
test/java/org/apache/cxf/sts/token/valid...
Author: coheigea
Date: Wed Sep 11 17:15:47 2013
New Revision: 1521942
URL: http://svn.apache.org/r1521942
Log:
Reverting last commit. SAMLTokenValidator will only return roles in 2.7.x
Removed:
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLRoleParser.java
Modified:
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java
Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java (original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java Wed Sep 11 17:15:47 2013
@@ -26,7 +26,6 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
-import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -581,16 +580,13 @@ public abstract class AbstractOperation
}
protected void performDelegationHandling(
- RequestParser requestParser, WebServiceContext context, ReceivedToken token,
- Principal tokenPrincipal, Set<Principal> tokenRoles
+ RequestParser requestParser, WebServiceContext context, ReceivedToken token
) {
TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
delegationParameters.setStsProperties(stsProperties);
delegationParameters.setPrincipal(context.getUserPrincipal());
delegationParameters.setWebServiceContext(context);
delegationParameters.setTokenStore(getTokenStore());
- delegationParameters.setTokenPrincipal(tokenPrincipal);
- delegationParameters.setTokenRoles(tokenRoles);
KeyRequirements keyRequirements = requestParser.getKeyRequirements();
TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Wed Sep 11 17:15:47 2013
@@ -124,30 +124,23 @@ public class TokenIssueOperation extends
// the STS trusts the token sent in OnBehalfOf element
}
- Principal tokenPrincipal = null;
- Set<Principal> tokenRoles = null;
-
if (tokenResponse != null) {
Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
if (additionalProperties != null) {
providerParameters.setAdditionalProperties(additionalProperties);
}
- tokenPrincipal = tokenResponse.getPrincipal();
- tokenRoles = tokenResponse.getRoles();
}
// See whether OnBehalfOf is allowed or not
performDelegationHandling(requestParser, context,
- providerParameters.getTokenRequirements().getOnBehalfOf(),
- tokenPrincipal, tokenRoles);
+ providerParameters.getTokenRequirements().getOnBehalfOf());
}
// See whether ActAs is allowed or not
// TODO Validate ActAs
if (providerParameters.getTokenRequirements().getActAs() != null) {
performDelegationHandling(requestParser, context,
- providerParameters.getTokenRequirements().getActAs(),
- null, null);
+ providerParameters.getTokenRequirements().getActAs());
}
Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java (original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java Wed Sep 11 17:15:47 2013
@@ -20,7 +20,6 @@
package org.apache.cxf.sts.token.delegation;
import java.security.Principal;
-import java.util.Set;
import javax.xml.ws.WebServiceContext;
@@ -45,8 +44,6 @@ public class TokenDelegationParameters {
private TokenStore tokenStore;
private ReceivedToken token;
private String appliesToAddress;
- private Principal tokenPrincipal;
- private Set<Principal> tokenRoles;
public ReceivedToken getToken() {
return token;
@@ -112,20 +109,4 @@ public class TokenDelegationParameters {
this.appliesToAddress = appliesToAddress;
}
- public Principal getTokenPrincipal() {
- return tokenPrincipal;
- }
-
- public void setTokenPrincipal(Principal tokenPrincipal) {
- this.tokenPrincipal = tokenPrincipal;
- }
-
- public Set<Principal> getTokenRoles() {
- return tokenRoles;
- }
-
- public void setTokenRoles(Set<Principal> tokenRoles) {
- this.tokenRoles = tokenRoles;
- }
-
}
Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java (original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java Wed Sep 11 17:15:47 2013
@@ -25,7 +25,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -71,8 +70,6 @@ public class SAMLTokenValidator implemen
private SAMLRealmCodec samlRealmCodec;
- private SAMLRoleParser samlRoleParser = new DefaultSAMLRoleParser();
-
/**
* Set a list of Strings corresponding to regular expression constraints on the subject DN
* of a certificate that was used to sign a received Assertion
@@ -203,13 +200,6 @@ public class SAMLTokenValidator implemen
}
- // Parse roles from the validated token
- if (samlRoleParser != null) {
- Set<Principal> roles =
- samlRoleParser.parseRolesFromAssertion(samlPrincipal, null, assertion);
- response.setRoles(roles);
- }
-
// Get the realm of the SAML token
String tokenRealm = null;
if (samlRealmCodec != null) {
@@ -338,11 +328,4 @@ public class SAMLTokenValidator implemen
}
}
- public SAMLRoleParser getSamlRoleParser() {
- return samlRoleParser;
- }
-
- public void setSamlRoleParser(SAMLRoleParser samlRoleParser) {
- this.samlRoleParser = samlRoleParser;
- }
}
Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java (original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java Wed Sep 11 17:15:47 2013
@@ -20,7 +20,6 @@ package org.apache.cxf.sts.token.validat
import java.security.Principal;
import java.util.Map;
-import java.util.Set;
import org.apache.cxf.sts.request.ReceivedToken;
@@ -33,7 +32,6 @@ public class TokenValidatorResponse {
private Map<String, Object> additionalProperties;
private String realm;
private ReceivedToken token;
- private Set<Principal> roles;
public ReceivedToken getToken() {
return token;
@@ -67,12 +65,4 @@ public class TokenValidatorResponse {
return realm;
}
- public Set<Principal> getRoles() {
- return roles;
- }
-
- public void setRoles(Set<Principal> roles) {
- this.roles = roles;
- }
-
}
Modified: cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java?rev=1521942&r1=1521941&r2=1521942&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java (original)
+++ cxf/branches/2.6.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java Wed Sep 11 17:15:47 2013
@@ -19,14 +19,12 @@
package org.apache.cxf.sts.token.validator;
import java.io.IOException;
-import java.net.URI;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Properties;
-import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -34,6 +32,7 @@ import javax.security.auth.callback.Unsu
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+
import org.apache.cxf.jaxws.context.WebServiceContextImpl;
import org.apache.cxf.jaxws.context.WrappedMessageContext;
import org.apache.cxf.message.MessageImpl;
@@ -41,11 +40,6 @@ import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.StaticSTSProperties;
import org.apache.cxf.sts.cache.DefaultInMemoryTokenStore;
import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
-import org.apache.cxf.sts.claims.ClaimsHandler;
-import org.apache.cxf.sts.claims.ClaimsManager;
-import org.apache.cxf.sts.claims.RequestClaim;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
-import org.apache.cxf.sts.common.CustomClaimsHandler;
import org.apache.cxf.sts.common.PasswordCallbackHandler;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.Lifetime;
@@ -354,77 +348,6 @@ public class SAMLTokenValidatorTest exte
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
- @org.junit.Test
- public void testSAML2AssertionWithRolesNoCaching() throws Exception {
- TokenValidator samlTokenValidator = new SAMLTokenValidator();
- TokenValidatorParameters validatorParameters = createValidatorParameters();
- TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
-
- // Create a ValidateTarget consisting of a SAML Assertion
- Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
- CallbackHandler callbackHandler = new PasswordCallbackHandler();
- Element samlToken =
- createSAMLAssertionWithRoles(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",
- callbackHandler, "manager");
- Document doc = samlToken.getOwnerDocument();
- samlToken = (Element)doc.appendChild(samlToken);
-
- ReceivedToken validateTarget = new ReceivedToken(samlToken);
- tokenRequirements.setValidateTarget(validateTarget);
- validatorParameters.setToken(validateTarget);
-
- // Disable caching
- validatorParameters.setTokenStore(null);
-
- assertTrue(samlTokenValidator.canHandleToken(validateTarget));
-
- TokenValidatorResponse validatorResponse =
- samlTokenValidator.validateToken(validatorParameters);
- assertTrue(validatorResponse != null);
- assertTrue(validatorResponse.getToken() != null);
- assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
-
- Principal principal = validatorResponse.getPrincipal();
- assertTrue(principal != null && principal.getName() != null);
- Set<Principal> roles = validatorResponse.getRoles();
- assertTrue(roles != null && !roles.isEmpty());
- assertTrue(roles.iterator().next().getName().equals("manager"));
- }
-
- @org.junit.Test
- public void testSAML2AssertionWithRolesCaching() throws Exception {
- TokenValidator samlTokenValidator = new SAMLTokenValidator();
- TokenValidatorParameters validatorParameters = createValidatorParameters();
- TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
-
- // Create a ValidateTarget consisting of a SAML Assertion
- Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
- CallbackHandler callbackHandler = new PasswordCallbackHandler();
- Element samlToken =
- createSAMLAssertionWithRoles(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",
- callbackHandler, "employee");
- Document doc = samlToken.getOwnerDocument();
- samlToken = (Element)doc.appendChild(samlToken);
-
- ReceivedToken validateTarget = new ReceivedToken(samlToken);
- tokenRequirements.setValidateTarget(validateTarget);
- validatorParameters.setToken(validateTarget);
-
- assertTrue(samlTokenValidator.canHandleToken(validateTarget));
-
- TokenValidatorResponse validatorResponse =
- samlTokenValidator.validateToken(validatorParameters);
- assertTrue(validatorResponse != null);
- assertTrue(validatorResponse.getToken() != null);
- assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
-
- Principal principal = validatorResponse.getPrincipal();
- assertTrue(principal != null && principal.getName() != null);
- Set<Principal> roles = validatorResponse.getRoles();
- assertTrue(roles != null && !roles.isEmpty());
- assertTrue(roles.iterator().next().getName().equals("employee"));
- }
-
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
@@ -472,36 +395,6 @@ public class SAMLTokenValidatorTest exte
return providerResponse.getToken();
}
- private Element createSAMLAssertionWithRoles(
- String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
- String role
- ) throws WSSecurityException {
- TokenProvider samlTokenProvider = new SAMLTokenProvider();
- TokenProviderParameters providerParameters =
- createProviderParameters(
- tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
- );
-
- ClaimsManager claimsManager = new ClaimsManager();
- ClaimsHandler claimsHandler = new CustomClaimsHandler();
- claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
- providerParameters.setClaimsManager(claimsManager);
-
- RequestClaimCollection claims = new RequestClaimCollection();
- RequestClaim claim = new RequestClaim();
- claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"));
- claim.setClaimValue(role);
- claims.add(claim);
-
- providerParameters.setRequestedPrimaryClaims(claims);
-
- TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
- assertTrue(providerResponse != null);
- assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-
- return providerResponse.getToken();
- }
-
private Element createSAMLAssertionWithClaimsProvider(
String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler
) throws WSSecurityException {