You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by di...@apache.org on 2004/05/17 06:15:01 UTC
cvs commit: ws-fx/wss4j/test/interop TestSTScenario1.java PackageTests.java
dims 2004/05/16 21:15:01
Modified: wss4j build.xml
wss4j/interop ping.wsdl
wss4j/interop/org/apache/ws/axis/oasis Client_deploy.wsdd
wss4j/interop/org/apache/ws/axis/oasis/ping
PingBindingImpl.java deploy.wsdd
wss4j/src/org/apache/ws/axis/security WSDoAllConstants.java
WSDoAllSender.java
wss4j/src/org/apache/ws/axis/security/util AxisUtil.java
wss4j/src/org/apache/ws/security WSConstants.java
WSSecurityEngine.java
wss4j/src/org/apache/ws/security/message
WSSAddUsernameToken.java
wss4j/test/interop PackageTests.java
Added: wss4j/endorsed dom3-xercesImpl-2_6_2.jar
dom3-xml-apis-2_6_2.jar
wss4j/interop/org/apache/ws/axis/oasis STScenario1.java
wss4j/lib opensaml.jar
wss4j/src/org/apache/ws/security/message
WSSAddSAMLToken.java
wss4j/test/interop TestSTScenario1.java
Removed: wss4j/lib xercesImpl.jar xml-apis.jar
Log:
bare minimum support for saml interop #1
Revision Changes Path
1.12 +7 -3 ws-fx/wss4j/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/build.xml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- build.xml 12 Apr 2004 15:52:58 -0000 1.11
+++ build.xml 17 May 2004 04:15:00 -0000 1.12
@@ -67,6 +67,7 @@
<property name="dir.doc" value="./doc"/>
<property name="dir.dist" value="./dist"/>
<property name="dir.libs" value="./lib"/>
+ <property name="dir.endorsed.libs" value="./endorsed"/>
<property name="dir.src" value="./src"/>
<property name="dir.samples" value="./samples"/>
<property name="dir.test" value="./test"/>
@@ -104,6 +105,10 @@
<include name="**/*.jar"/>
<!-- <pathelement path="${java.class.path}"/> -->
</fileset>
+ <fileset dir="${dir.endorsed.libs}">
+ <include name="**/*.jar"/>
+ <!-- <pathelement path="${java.class.path}"/> -->
+ </fileset>
</path>
<path id="classpath.wss4j" description="wss4j classes; first try pure class files, then jars">
@@ -391,6 +396,7 @@
<target name="start-functional-test-http-server" if="junit.present">
<echo message="Starting http server."/>
<java classname="org.apache.axis.transport.http.SimpleAxisServer" fork="yes" dir="${build.dir}">
+ <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
<classpath refid="classpath.library"/>
</java>
</target>
@@ -442,9 +448,7 @@
haltonfailure="yes"
fork="yes"
dir="${basedir}">
- <!-- See if this helps with Gump test failures -->
- <sysproperty key="build.clonevm" value="true"/>
-
+ <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
<jvmarg value="-Dhttp.proxyHost=${http.proxyHost}"/>
<jvmarg value="-Dhttp.proxyPort=${http.proxyPort}"/>
<jvmarg value="-Dhttp.nonProxyHosts=${http.nonProxyHosts}"/>
1.1 ws-fx/wss4j/endorsed/dom3-xercesImpl-2_6_2.jar
<<Binary file>>
1.1 ws-fx/wss4j/endorsed/dom3-xml-apis-2_6_2.jar
<<Binary file>>
1.6 +3 -0 ws-fx/wss4j/interop/ping.wsdl
Index: ping.wsdl
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/interop/ping.wsdl,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ping.wsdl 18 Apr 2004 17:22:56 -0000 1.5
+++ ping.wsdl 17 May 2004 04:15:01 -0000 1.6
@@ -82,5 +82,8 @@
<port name="Ping7" binding="tns:PingBinding">
<soap:address location="http://localhost:9080/pingservice/Ping7"/>
</port>
+ <port name="STPing1" binding="tns:PingBinding">
+ <soap:address location="http://localhost:9080/pingservice/STPing1"/>
+ </port>
</service>
</definitions>
1.19 +7 -0 ws-fx/wss4j/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd
Index: Client_deploy.wsdd
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- Client_deploy.wsdd 18 Apr 2004 17:22:56 -0000 1.18
+++ Client_deploy.wsdd 17 May 2004 04:15:01 -0000 1.19
@@ -175,4 +175,11 @@
</responseFlow>
</service>
+ <service name="STPing1">
+ <requestFlow>
+ <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+ <parameter name="action" value="SAMLToken"/>
+ </handler>
+ </requestFlow>
+ </service>
</deployment>
1.1 ws-fx/wss4j/interop/org/apache/ws/axis/oasis/STScenario1.java
Index: STScenario1.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.axis.oasis;
import org.apache.axis.utils.Options;
import org.apache.ws.axis.oasis.ping.PingPort;
import org.apache.ws.axis.oasis.ping.PingServiceLocator;
import javax.xml.rpc.holders.StringHolder;
/**
* Class Scenario1
*/
public class STScenario1 {
/** Field address */
private static final String address =
"http://localhost:9080/axis/services/STPing1";
/**
* Method main
*
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
Options opts = new Options(args);
opts.setDefaultURL(address);
/*
* Start to prepare service call. Once this is done, several
* calls can be made on the port (see below)
*
* Fist: get the service locator. This implements the functionality
* to get a client stub (aka port).
*/
PingServiceLocator service = new PingServiceLocator();
/*
* this is a JAX-RPC compliant call. It uses a preconfigured
* endpoint address (usually contained in the WSDL). Note the
* cast.
*
* SecPort port = (SwaPort)service.getPort(SwaPortType.class);
*/
/*
* Here we use an Axis specific call that allows to override the
* port address (service endpoint address) with an own URL. Comes
* in handy for testing.
*/
java.net.URL endpoint;
try {
endpoint = new java.net.URL(opts.getURL());
} catch (java.net.MalformedURLException e) {
throw new javax.xml.rpc.ServiceException(e);
}
PingPort port = (PingPort) service.getSTPing1(endpoint);
/*
* At this point all preparations are done. Using the port we can
* now perform as many calls as necessary.
*/
// perform call
StringHolder text =
new StringHolder("WSS4J - ST Scenario 1 text");
port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
System.out.println(text.value);
if (opts.isFlagSet('t') > 0) {
long startTime = System.currentTimeMillis();
for (int i = 0; i < 20; i++) {
port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
}
long endTime = System.currentTimeMillis();
System.out.println("Time used: " + (endTime - startTime) + "ms");
}
}
}
1.8 +1 -1 ws-fx/wss4j/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java
Index: PingBindingImpl.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- PingBindingImpl.java 18 Mar 2004 20:14:24 -0000 1.7
+++ PingBindingImpl.java 17 May 2004 04:15:01 -0000 1.8
@@ -59,7 +59,7 @@
for (int j = 0; j < wsSecEngineResults.size(); j++) {
WSSecurityEngineResult wser =
(WSSecurityEngineResult) wsSecEngineResults.get(j);
- if (wser.getAction() != WSConstants.ENCR) {
+ if (wser.getAction() != WSConstants.ENCR && wser.getPrincipal() != null) {
System.out.println(wser.getPrincipal().getName());
}
}
1.18 +27 -0 ws-fx/wss4j/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd
Index: deploy.wsdd
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- deploy.wsdd 18 Mar 2004 14:30:38 -0000 1.17
+++ deploy.wsdd 17 May 2004 04:15:01 -0000 1.18
@@ -274,5 +274,32 @@
</responseFlow>
</service>
+
+ <service name="STPing1" provider="java:RPC" style="wrapped" use="literal">
+ <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+ <parameter name="wsdlServiceElement" value="PingService"/>
+ <parameter name="wsdlServicePort" value="STPing1"/>
+ <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+ <parameter name="wsdlPortType" value="PingPort"/>
+ <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping">
+ <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+ <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+ </operation>
+ <parameter name="allowedMethods" value="ping"/>
+ <typeMapping
+ xmlns:ns="http://xmlsoap.org/Ping"
+ qname="ns:ticketType"
+ type="java:org.apache.ws.axis.oasis.ping.TicketType"
+ serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+ deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+ encodingStyle=""
+ />
+ <requestFlow>
+ <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+ <parameter name="action" value="SAMLToken"/>
+ </handler>
+ </requestFlow>
+ </service>
+
</deployment>
1.1 ws-fx/wss4j/lib/opensaml.jar
<<Binary file>>
1.7 +6 -1 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllConstants.java
Index: WSDoAllConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllConstants.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- WSDoAllConstants.java 24 Mar 2004 19:22:48 -0000 1.6
+++ WSDoAllConstants.java 17 May 2004 04:15:01 -0000 1.7
@@ -56,9 +56,14 @@
public static final String NO_SECURITY = "NoSecurity";
/**
- * Perform a UsernameToken identifiaction only.
+ * Perform a UsernameToken identification only.
*/
public static final String USERNAME_TOKEN = "UsernameToken";
+
+ /**
+ * Perform a SAML Token identification only.
+ */
+ public static final String SAML_TOKEN = "SAMLToken";
/**
* Perform a Signature only.
1.14 +126 -99 ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java
Index: WSDoAllSender.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllSender.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- WSDoAllSender.java 5 May 2004 09:35:52 -0000 1.13
+++ WSDoAllSender.java 17 May 2004 04:15:01 -0000 1.14
@@ -37,6 +37,7 @@
import org.apache.ws.security.message.WSEncryptBody;
import org.apache.ws.security.message.WSSAddUsernameToken;
import org.apache.ws.security.message.WSSignEnvelope;
+import org.apache.ws.security.message.WSSAddSAMLToken;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.StringUtil;
import org.apache.xml.security.utils.XMLUtils;
@@ -246,107 +247,20 @@
String password = null;
switch (actionToDo) {
case WSConstants.UT :
- password =
- getPassword(
- username,
- actionToDo,
- WSDoAllConstants.PW_CALLBACK_CLASS,
- WSDoAllConstants.PW_CALLBACK_REF)
- .getPassword();
-
- WSSAddUsernameToken builder =
- new WSSAddUsernameToken(actor, mu);
- builder.setPasswordType(pwType);
- // add the UsernameToken to the SOAP Enevelope
- builder.build(doc, username, password);
-
- if (utElements != null && utElements.length > 0) {
- for (int j = 0; j < utElements.length; j++) {
- utElements[j].trim();
- if (utElements[j].equals("Nonce")) {
- builder.addNonce(doc);
- }
- if (utElements[j].equals("Created")) {
- builder.addCreated(doc);
- }
- }
- }
- break;
+ performUTAction(actionToDo, mu, doc);
+ break;
case WSConstants.ENCR :
- WSEncryptBody wsEncrypt = new WSEncryptBody(actor, mu);
- if (encKeyId != 0) {
- wsEncrypt.setKeyIdentifierType(encKeyId);
- }
- if (encKeyId == WSConstants.EMBEDDED_KEYNAME) {
- String encKeyName = null;
- if ((encKeyName =
- (String) getOption(WSDoAllConstants.ENC_KEY_NAME))
- == null) {
- encKeyName =
- (String) msgContext.getProperty(
- WSDoAllConstants.ENC_KEY_NAME);
- }
- wsEncrypt.setEmbeddedKeyName(encKeyName);
- byte[] embeddedKey =
- getPassword(
- encUser,
- actionToDo,
- WSDoAllConstants.ENC_CALLBACK_CLASS,
- WSDoAllConstants.ENC_CALLBACK_REF)
- .getKey();
- wsEncrypt.setKey(embeddedKey);
- }
- if (encSymmAlgo != null) {
- wsEncrypt.setSymmetricEncAlgorithm(encSymmAlgo);
- }
- if (encKeyTransport != null) {
- wsEncrypt.setKeyEnc(encKeyTransport);
- }
- wsEncrypt.setUserInfo(encUser);
- wsEncrypt.setUseThisCert(encCert);
- if (encryptParts.size() > 0) {
- wsEncrypt.setParts(encryptParts);
- }
- try {
- wsEncrypt.build(doc, encCrypto);
- } catch (WSSecurityException e) {
- throw new AxisFault(
- "WSDoAllSender: Encryption: error during message processing"
- + e);
- }
- break;
+ performENCRAction(mu, actionToDo, doc);
+ break;
case WSConstants.SIGN :
- password =
- getPassword(
- username,
- actionToDo,
- WSDoAllConstants.PW_CALLBACK_CLASS,
- WSDoAllConstants.PW_CALLBACK_REF)
- .getPassword();
-
- WSSignEnvelope wsSign = new WSSignEnvelope(actor, mu);
- if (sigKeyId != 0) {
- wsSign.setKeyIdentifierType(sigKeyId);
- }
- if (sigAlgorithm != null) {
- wsSign.setSignatureAlgorithm(sigAlgorithm);
- }
-
- wsSign.setUserInfo(username, password);
- if (signatureParts.size() > 0) {
- wsSign.setParts(signatureParts);
- }
-
- try {
- wsSign.build(doc, sigCrypto);
- } catch (WSSecurityException e) {
- throw new AxisFault(
- "WSDoAllSender: Signature: error during message procesing"
- + e);
- }
- break;
+ performSIGNAction(actionToDo, mu, doc);
+ break;
+
+ case WSConstants.ST :
+ performSTAction(actionToDo, mu, doc);
+ break;
case WSConstants.NO_SERIALIZE :
noSerialization = true;
@@ -390,8 +304,121 @@
log.debug("WSDoAllSender: exit invoke()");
}
}
-
- /**
+
+ private void performSIGNAction(int actionToDo, boolean mu, Document doc) throws AxisFault {
+ String password;
+ password =
+ getPassword(username,
+ actionToDo,
+ WSDoAllConstants.PW_CALLBACK_CLASS,
+ WSDoAllConstants.PW_CALLBACK_REF)
+ .getPassword();
+
+ WSSignEnvelope wsSign = new WSSignEnvelope(actor, mu);
+ if (sigKeyId != 0) {
+ wsSign.setKeyIdentifierType(sigKeyId);
+ }
+ if (sigAlgorithm != null) {
+ wsSign.setSignatureAlgorithm(sigAlgorithm);
+ }
+
+ wsSign.setUserInfo(username, password);
+ if (signatureParts.size() > 0) {
+ wsSign.setParts(signatureParts);
+ }
+
+ try {
+ wsSign.build(doc, sigCrypto);
+ } catch (WSSecurityException e) {
+ throw new AxisFault("WSDoAllSender: Signature: error during message procesing"
+ + e);
+ }
+ }
+
+ private void performENCRAction(boolean mu, int actionToDo, Document doc) throws AxisFault {
+ WSEncryptBody wsEncrypt = new WSEncryptBody(actor, mu);
+ if (encKeyId != 0) {
+ wsEncrypt.setKeyIdentifierType(encKeyId);
+ }
+ if (encKeyId == WSConstants.EMBEDDED_KEYNAME) {
+ String encKeyName = null;
+ if ((encKeyName =
+ (String) getOption(WSDoAllConstants.ENC_KEY_NAME))
+ == null) {
+ encKeyName =
+ (String) msgContext.getProperty(WSDoAllConstants.ENC_KEY_NAME);
+ }
+ wsEncrypt.setEmbeddedKeyName(encKeyName);
+ byte[] embeddedKey =
+ getPassword(encUser,
+ actionToDo,
+ WSDoAllConstants.ENC_CALLBACK_CLASS,
+ WSDoAllConstants.ENC_CALLBACK_REF)
+ .getKey();
+ wsEncrypt.setKey(embeddedKey);
+ }
+ if (encSymmAlgo != null) {
+ wsEncrypt.setSymmetricEncAlgorithm(encSymmAlgo);
+ }
+ if (encKeyTransport != null) {
+ wsEncrypt.setKeyEnc(encKeyTransport);
+ }
+ wsEncrypt.setUserInfo(encUser);
+ wsEncrypt.setUseThisCert(encCert);
+ if (encryptParts.size() > 0) {
+ wsEncrypt.setParts(encryptParts);
+ }
+ try {
+ wsEncrypt.build(doc, encCrypto);
+ } catch (WSSecurityException e) {
+ throw new AxisFault("WSDoAllSender: Encryption: error during message processing"
+ + e);
+ }
+ }
+
+ private void performUTAction(int actionToDo, boolean mu, Document doc) throws AxisFault {
+ String password;
+ password =
+ getPassword(username,
+ actionToDo,
+ WSDoAllConstants.PW_CALLBACK_CLASS,
+ WSDoAllConstants.PW_CALLBACK_REF)
+ .getPassword();
+
+ WSSAddUsernameToken builder =
+ new WSSAddUsernameToken(actor, mu);
+ builder.setPasswordType(pwType);
+ // add the UsernameToken to the SOAP Enevelope
+ builder.build(doc, username, password);
+
+ if (utElements != null && utElements.length > 0) {
+ for (int j = 0; j < utElements.length; j++) {
+ utElements[j].trim();
+ if (utElements[j].equals("Nonce")) {
+ builder.addNonce(doc);
+ }
+ if (utElements[j].equals("Created")) {
+ builder.addCreated(doc);
+ }
+ }
+ }
+ }
+
+ private void performSTAction(int actionToDo, boolean mu, Document doc) throws AxisFault {
+ WSSAddSAMLToken builder =
+ new WSSAddSAMLToken(actor, mu);
+
+ // add the SAMLAssertion Token to the SOAP Enevelope
+ builder.build(doc, username);
+
+ if (utElements != null && utElements.length > 0) {
+ for (int j = 0; j < utElements.length; j++) {
+ utElements[j].trim();
+ }
+ }
+ }
+
+ /**
* Hook to allow subclasses to load their Signature Crypto however they see fit.
*/
protected Crypto loadSignatureCrypto() throws AxisFault {
1.3 +3 -0 ws-fx/wss4j/src/org/apache/ws/axis/security/util/AxisUtil.java
Index: AxisUtil.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/util/AxisUtil.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- AxisUtil.java 6 Mar 2004 11:53:11 -0000 1.2
+++ AxisUtil.java 17 May 2004 04:15:01 -0000 1.3
@@ -133,6 +133,9 @@
} else if (single[i].equals(WSDoAllConstants.ENCRYPT)) {
doAction |= WSConstants.ENCR;
actions.add(new Integer(WSConstants.ENCR));
+ } else if (single[i].equals(WSDoAllConstants.SAML_TOKEN)) {
+ doAction |= WSConstants.ST;
+ actions.add(new Integer(WSConstants.ST));
} else if (single[i].equals(WSDoAllConstants.NO_SERIALIZATION)) {
doAction |= WSConstants.NO_SERIALIZE;
actions.add(new Integer(WSConstants.NO_SERIALIZE));
1.17 +5 -0 ws-fx/wss4j/src/org/apache/ws/security/WSConstants.java
Index: WSConstants.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSConstants.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- WSConstants.java 14 May 2004 14:48:34 -0000 1.16
+++ WSConstants.java 17 May 2004 04:15:01 -0000 1.17
@@ -87,6 +87,10 @@
public static final String CREATED_LN = "Created";
public static final String EXPIRES_LN ="Expires";
+ public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
+ public static final String SAMLP_NS = "urn:oasis:names:tc:SAML:1.0:protocol";
+ public static final String ASSERTION_LN = "Assertion";
+
//
// SOAP-ENV Namespaces
//
@@ -287,6 +291,7 @@
public static final int UT = 0x1; // perform UsernameToken only
public static final int SIGN = 0x2; // Perform Signature
public static final int ENCR = 0x4; // Perform Encryption
+ public static final int ST = 0x8; // perform SAMLToken only
public static final int NO_SERIALIZE = 0x100;
public static final int SERIALIZE = 0x200;
1.21 +33 -1 ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java
Index: WSSecurityEngine.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- WSSecurityEngine.java 14 May 2004 14:48:34 -0000 1.20
+++ WSSecurityEngine.java 17 May 2004 04:15:01 -0000 1.21
@@ -44,6 +44,8 @@
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
@@ -109,6 +111,10 @@
* <code>wsu:Timestamp</code> as defined by OASIS WS Security specification,
*/
protected static final QName TIMESTAMP = new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN);
+ /**
+ * <code>saml:Assertion</code> as defined by SAML specification
+ */
+ protected static final QName SAML_TOKEN = new QName(WSConstants.SAML_NS, WSConstants.ASSERTION_LN);
static {
org.apache.xml.security.Init.init();
@@ -249,7 +255,7 @@
* verified. The functions returns <code>null</code> if no
* Signature or UsernameToken were found and only a decryption
* was done.
- * @throws Exception
+ * @throws WSSecurityException
*/
protected Vector processSecurityHeader(Element securityHeader,
CallbackHandler cb,
@@ -353,6 +359,13 @@
lastPrincipalFound,
WSConstants.UT,
null));
+ } else if (el.equals(SAML_TOKEN)) {
+ if (doDebug) {
+ log.debug("Found SAML Assertion element");
+ }
+ handleSAMLToken((Element) elem);
+ returnResults.add(0,
+ new WSSecurityEngineResult(null, WSConstants.ST, null));
} else if (el.equals(TIMESTAMP)) {
if (doDebug) {
log.debug("Found Timestamp list element");
@@ -649,6 +662,25 @@
return principal;
}
+ public void handleSAMLToken(Element token) throws WSSecurityException {
+ boolean result = false;
+ SAMLAssertion assertion = null;
+ try {
+ assertion = new SAMLAssertion(token);
+ result = true;
+ if (doDebug) {
+ log.debug("SAML Assertion issuer " + assertion.getIssuer());
+ }
+ } catch (SAMLException e) {
+ // TODO: Fix me.
+ e.printStackTrace();
+ }
+ if (!result) {
+ throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+ }
+ return;
+ }
+
public void handleEncryptedKey(Element xencEncryptedKey, CallbackHandler cb, Crypto crypto) throws WSSecurityException {
long t0=0, t1=0, t2=0;
if( tlog.isDebugEnabled() ) {
1.3 +0 -1 ws-fx/wss4j/src/org/apache/ws/security/message/WSSAddUsernameToken.java
Index: WSSAddUsernameToken.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSSAddUsernameToken.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WSSAddUsernameToken.java 14 May 2004 14:55:45 -0000 1.2
+++ WSSAddUsernameToken.java 17 May 2004 04:15:01 -0000 1.3
@@ -104,7 +104,6 @@
* @param username The username to set in the UsernameToken
* @param password The password of the user
* @return Document with UsernameToken added
- * @throws Exception
*/
public Document build(Document doc, String username, String password) { // throws Exception {
log.debug("Begin add username token...");
1.1 ws-fx/wss4j/src/org/apache/ws/security/message/WSSAddSAMLToken.java
Index: WSSAddSAMLToken.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.security.message;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
/**
* Builds a WS SAML Assertion and inserts it into the SOAP Envelope.
* Refer to the WS specification, SAML Token profile
*
* @author Davanum Srinivas (dims@yahoo.com).
*/
public class WSSAddSAMLToken extends WSBaseMessage {
private static Log log = LogFactory.getLog(WSSAddSAMLToken.class.getName());
private SAMLAssertion sa = null;
/**
* Constructor.
*/
public WSSAddSAMLToken() {
}
/**
* Constructor.
* <p/>
*
* @param actor the name of the actor of the <code>wsse:Security</code> header
*/
public WSSAddSAMLToken(String actor) {
super(actor);
}
/**
* Constructor.
* <p/>
*
* @param actor The name of the actor of the <code>wsse:Security</code> header
* @param mu Set <code>mustUnderstand</code> to true or false
*/
public WSSAddSAMLToken(String actor, boolean mu) {
super(actor, mu);
}
/**
* Adds a new <code>SAMLAssertion</code> to a soap envelope.
* <p/>
* A complete <code>SAMLAssertion</code> is constructed and added to
* the <code>wsse:Security</code> header.
*
* @param doc The SOAP enevlope as W3C document
* @param username The username to set in the UsernameToken
* @return Document with UsernameToken added
*/
public Document build(Document doc, String username) { // throws Exception {
log.debug("Begin add SAMLAssertion token...");
try {
String issuer = "www.example.com";
SAMLNameIdentifier nameId = new SAMLNameIdentifier("uid=joe,ou=people,ou=saml-demo,o=example.com", "www.example.com", "");
String subjectIP = null;
String authMethod = SAMLAuthenticationStatement.AuthenticationMethod_Password;
Date authInstant = new Date();
Collection bindings = null;
String[] confirmationMethods = {SAMLSubject.CONF_SENDER_VOUCHES};
SAMLSubject subject = new SAMLSubject(nameId, Arrays.asList(confirmationMethods), null, null);
SAMLStatement[] statements =
{new SAMLAuthenticationStatement(subject, authMethod, authInstant, subjectIP, null, bindings)};
SAMLAssertion assertion =
new SAMLAssertion(issuer, null, null,
null, null, Arrays.asList(statements));
Element element = (Element) assertion.toDOM(doc);
Element securityHeader = insertSecurityHeader(doc, false);
WSSecurityUtil.prependChildElement(doc, securityHeader, element, true);
} catch (SAMLException ex) {
ex.printStackTrace();
throw new RuntimeException(ex.toString());
}
return doc;
}
}
1.4 +1 -0 ws-fx/wss4j/test/interop/PackageTests.java
Index: PackageTests.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/test/interop/PackageTests.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- PackageTests.java 15 Mar 2004 17:15:15 -0000 1.3
+++ PackageTests.java 17 May 2004 04:15:01 -0000 1.4
@@ -57,6 +57,7 @@
suite.addTestSuite(TestScenario5.class);
suite.addTestSuite(TestScenario6.class);
suite.addTestSuite(TestScenario7.class);
+ suite.addTestSuite(TestSTScenario1.class);
return suite;
}
1.1 ws-fx/wss4j/test/interop/TestSTScenario1.java
Index: TestSTScenario1.java
===================================================================
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package interop;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.apache.ws.axis.oasis.Scenario1;
import org.apache.ws.axis.oasis.STScenario1;
/**
* WS-Security Test Case
* <p/>
*
* @author Davanum Srinivas (dims@yahoo.com)
*/
public class TestSTScenario1 extends TestCase {
/**
* TestScenario1 constructor
* <p/>
*
* @param name name of the test
*/
public TestSTScenario1(String name) {
super(name);
}
/**
* JUnit suite
* <p/>
*
* @return a junit test suite
*/
public static Test suite() {
return new TestSuite(TestSTScenario1.class);
}
/**
* Main method
* <p/>
*
* @param args command line args
*/
public static void main(String[] args) throws Exception {
STScenario1.main(args);
}
public void testSTScenario1() throws Exception {
STScenario1.main(new String[]{"-lhttp://localhost:8080/axis/services/STPing1"});
}
}