You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/07/08 12:33:32 UTC
svn commit: r1144242 - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/saml/ext/bean/
main/java/org/apache/ws/security/saml/ext/builder/
test/java/org/apache/ws/security/common/
test/java/org/apache/ws/security/saml/
Author: coheigea
Date: Fri Jul 8 10:33:31 2011
New Revision: 1144242
URL: http://svn.apache.org/viewvc?rev=1144242&view=rev
Log:
[WSS-297] - Subject Bean is missing NameID Format variable
- Applied patch after some modifications
- Added some tests for this feature.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectBean.java Fri Jul 8 10:33:31 2011
@@ -19,6 +19,8 @@
package org.apache.ws.security.saml.ext.bean;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
+
/**
* Class SubjectBean represents a SAML subject (can be used to create
* both SAML v1.1 and v2.0 statements)
@@ -27,6 +29,7 @@ package org.apache.ws.security.saml.ext.
*/
public class SubjectBean {
private String subjectName;
+ private String subjectNameIDFormat = SAML1Constants.NAMEID_FORMAT_UNSPECIFIED;
private String subjectNameQualifier;
private String subjectConfirmationMethod;
private KeyInfoBean keyInfo;
@@ -53,6 +56,24 @@ public class SubjectBean {
this.subjectNameQualifier = subjectNameQualifier;
this.subjectConfirmationMethod = subjectConfirmationMethod;
}
+
+ /**
+ * Constructor SubjectBean creates a new SubjectBean instance.
+ *
+ * @param subjectName of type String
+ * @param subjectNameQualifier of type String
+ * @param subjectConfirmationMethod of type String
+ * @param subjectNameIDFormat of type String
+ */
+ public SubjectBean(
+ String subjectName,
+ String subjectNameQualifier,
+ String subjectConfirmationMethod,
+ String subjectNameIDFormat
+ ) {
+ this(subjectName, subjectNameQualifier, subjectConfirmationMethod);
+ this.subjectNameIDFormat = subjectNameIDFormat;
+ }
/**
* Method getSubjectName returns the subjectName of this SubjectBean object.
@@ -112,6 +133,26 @@ public class SubjectBean {
}
/**
+ * Method getSubjectNameIDFormat returns the subjectNameIDFormat of this SubjectBean
+ * object.
+ *
+ * @return the subjectNameIDFormat (type String) of this SubjectBean object.
+ */
+ public String getSubjectNameIDFormat() {
+ return subjectNameIDFormat;
+ }
+
+ /**
+ * Method setSubjectNameIDFormat sets the subjectNameIDFormat of this SubjectBean
+ * object.
+ *
+ * @param subjectNameIDFormat the subjectNameIDFormat of this SubjectBean object.
+ */
+ public void setSubjectNameIDFormat(String subjectNameIDFormat) {
+ this.subjectNameIDFormat = subjectNameIDFormat;
+ }
+
+ /**
* Method getKeyInfo returns the keyInfo of this SubjectBean object.
*
* @return the keyInfo (type KeyInfoBean) of this SubjectBean object.
@@ -162,6 +203,13 @@ public class SubjectBean {
return false;
}
+ if (subjectNameIDFormat == null && that.subjectNameIDFormat != null) {
+ return false;
+ } else if (subjectNameIDFormat != null
+ && !subjectNameIDFormat.equals(that.subjectNameIDFormat)) {
+ return false;
+ }
+
if (keyInfo == null && that.keyInfo != null) {
return false;
} else if (keyInfo != null && !keyInfo.equals(that.keyInfo)) {
@@ -186,6 +234,9 @@ public class SubjectBean {
if (subjectConfirmationMethod != null) {
result = 31 * result + subjectConfirmationMethod.hashCode();
}
+ if (subjectNameIDFormat != null) {
+ result = 31 * result + subjectNameIDFormat.hashCode();
+ }
if (keyInfo != null) {
result = 31 * result + keyInfo.hashCode();
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java Fri Jul 8 10:33:31 2011
@@ -169,7 +169,7 @@ public class SAML1ComponentBuilder {
nameIdentifier.setNameQualifier(subjectBean.getSubjectNameQualifier());
nameIdentifier.setNameIdentifier(subjectBean.getSubjectName());
- nameIdentifier.setFormat(SAML1Constants.NAMEID_FORMAT_UNSPECIFIED);
+ nameIdentifier.setFormat(subjectBean.getSubjectNameIDFormat());
String confirmationMethodStr = subjectBean.getSubjectConfirmationMethod();
if (confirmationMethodStr == null) {
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java Fri Jul 8 10:33:31 2011
@@ -472,7 +472,7 @@ public class SAML2ComponentBuilder {
}
NameID nameID = nameIdBuilder.buildObject();
nameID.setNameQualifier(subject.getSubjectNameQualifier());
- nameID.setFormat(NameID.UNSPECIFIED);
+ nameID.setFormat(subject.getSubjectNameIDFormat());
nameID.setValue(subject.getSubjectName());
return nameID;
}
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java Fri Jul 8 10:33:31 2011
@@ -58,6 +58,7 @@ public abstract class AbstractSAMLCallba
protected CERT_IDENTIFIER certIdentifier = CERT_IDENTIFIER.X509_CERT;
protected byte[] ephemeralKey = null;
protected String issuer = null;
+ protected String subjectNameIDFormat = null;
public void setConfirmationMethod(String confMethod) {
confirmationMethod = confMethod;
@@ -83,6 +84,10 @@ public abstract class AbstractSAMLCallba
this.issuer = issuer;
}
+ public void setSubjectNameIDFormat(String subjectNameIDFormat) {
+ this.subjectNameIDFormat = subjectNameIDFormat;
+ }
+
/**
* Note that the SubjectBean parameter should be null for SAML2.0
*/
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java Fri Jul 8 10:33:31 2011
@@ -63,6 +63,9 @@ public class SAML1CallbackHandler extend
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
+ if (subjectNameIDFormat != null) {
+ subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
+ }
if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java Fri Jul 8 10:33:31 2011
@@ -62,6 +62,9 @@ public class SAML2CallbackHandler extend
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
+ if (subjectNameIDFormat != null) {
+ subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
+ }
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1144242&r1=1144241&r2=1144242&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Fri Jul 8 10:33:31 2011
@@ -35,6 +35,7 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecSAMLToken;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -432,6 +433,86 @@ public class SamlTokenTest extends org.j
}
/**
+ * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion with
+ * a user-specified SubjectNameIDFormat.
+ */
+ @org.junit.Test
+ public void testSAML1SubjectNameIDFormat() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setSubjectNameIDFormat(SAML1Constants.NAMEID_FORMAT_EMAIL_ADDRESS);
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.contains(SAML1Constants.NAMEID_FORMAT_EMAIL_ADDRESS));
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ assertTrue(!receivedAssertion.isSigned());
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion with
+ * a user-specified SubjectNameIDFormat.
+ */
+ @org.junit.Test
+ public void testSAML2SubjectNameIDFormat() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setSubjectNameIDFormat(SAML1Constants.NAMEID_FORMAT_EMAIL_ADDRESS);
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.contains(SAML1Constants.NAMEID_FORMAT_EMAIL_ADDRESS));
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ assertTrue(!receivedAssertion.isSigned());
+ }
+
+ /**
* Verifies the soap envelope
* <p/>
*