You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2011/03/02 22:18:21 UTC
svn commit: r1076386 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
policy/interceptors/IssuedTokenInterceptorProvider.java trust/STSClient.java
Author: dkulp
Date: Wed Mar 2 21:18:20 2011
New Revision: 1076386
URL: http://svn.apache.org/viewvc?rev=1076386&view=rev
Log:
[CXF-3375] Start to implement the validate methods of STSClient
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1076386&r1=1076385&r2=1076386&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Wed Mar 2 21:18:20 2011
@@ -96,9 +96,6 @@ public class IssuedTokenInterceptorProvi
client.setBeanName(ep.getEndpointInfo().getName().toString() + ".sts-client");
}
- // Transpose ActAs info from original request to the STS client.
- client.setActAs(message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS));
-
return client;
}
static class IssuedTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
@@ -134,6 +131,10 @@ public class IssuedTokenInterceptorProvi
}
synchronized (client) {
try {
+ // Transpose ActAs info from original request to the STS client.
+ client.setActAs(
+ message.getContextualProperty(SecurityConstants.STS_TOKEN_ACT_AS));
+
client.setTrust(getTrust10(aim));
client.setTrust(getTrust13(aim));
client.setTemplate(itok.getRstTemplate());
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1076386&r1=1076385&r2=1076386&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Wed Mar 2 21:18:20 2011
@@ -595,7 +595,12 @@ public class STSClient implements Config
private PrimitiveAssertion getAddressingAssertion() {
String ns = "http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
- return new PrimitiveAssertion(new QName(ns, "UsingAddressing"));
+ String local = "UsingAddressing";
+ if ("http://www.w3.org/2005/08/addressing".equals(addressingNamespace)) {
+ ns = "http://www.w3.org/2007/02/addressing/metadata";
+ local = "Addressing";
+ }
+ return new PrimitiveAssertion(new QName(ns, local), true);
}
public boolean validateSecurityToken(SecurityToken tok) throws Exception {
@@ -615,37 +620,17 @@ public class STSClient implements Config
ExactlyOne one = new ExactlyOne();
validatePolicy.addPolicyComponent(one);
All all = new All();
- PolicyBuilder pbuilder = bus.getExtension(PolicyBuilder.class);
- SymmetricBinding binding = new SymmetricBinding(pbuilder);
- all.addAssertion(binding);
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
- ProtectionToken ptoken = new ProtectionToken(pbuilder);
- binding.setProtectionToken(ptoken);
- binding.setIncludeTimestamp(true);
- binding.setEntireHeadersAndBodySignatures(true);
- binding.setTokenProtection(false);
- AlgorithmSuite suite = new AlgorithmSuite();
- binding.setAlgorithmSuite(suite);
- SecureConversationToken sct = new SecureConversationToken();
- sct.setOptional(true);
- ptoken.setToken(sct);
-
- SignedEncryptedParts parts = new SignedEncryptedParts(true);
- parts.setBody(true);
- parts.addHeader(new Header("To", addressingNamespace));
- parts.addHeader(new Header("From", addressingNamespace));
- parts.addHeader(new Header("FaultTo", addressingNamespace));
- parts.addHeader(new Header("ReplyTo", addressingNamespace));
- parts.addHeader(new Header("Action", addressingNamespace));
- parts.addHeader(new Header("MessageID", addressingNamespace));
- parts.addHeader(new Header("RelatesTo", addressingNamespace));
- all.addPolicyComponent(parts);
-
+
+ client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
- client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, validatePolicy);
client.getRequestContext().put(SecurityConstants.TOKEN, tok);
BindingOperationInfo boi = findOperation("/RST/Validate");
+ if (boi == null) {
+ boi = findOperation("/RST/Issue");
+ client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, validatePolicy);
+ }
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
namespace + "/RST/Validate");
@@ -658,18 +643,35 @@ public class STSClient implements Config
writer.writeCharacters(namespace + "/Validate");
writer.writeEndElement();
+ writer.writeStartElement("wst", "TokenType", namespace);
+ writer.writeCharacters(namespace + "/RSTR/Status");
+ writer.writeEndElement();
+
writer.writeStartElement("wst", "ValidateTarget", namespace);
- Element el = tok.getUnattachedReference();
- if (el == null) {
- el = tok.getAttachedReference();
- }
+
+ Element el = tok.getToken();
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
- client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
-
+ Object o[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
+ el = getDocumentElement((DOMSource)o[0]);
+ if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
+ el = DOMUtils.getFirstElement(el);
+ }
+ if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
+ throw new Fault("Unexpected element " + el.getLocalName(), LOG);
+ }
+ el = DOMUtils.getFirstElement(el);
+ while (el != null) {
+ if ("Status".equals(el.getLocalName())) {
+ Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
+ String s = DOMUtils.getContent(e2);
+ return s.endsWith("/status/valid");
+ }
+ el = DOMUtils.getNextElement(el);
+ }
return false;
}