You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/18 19:10:00 UTC
svn commit: r1469456 - in
/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax:
ext/WSSSecurityProperties.java
impl/processor/input/SAMLTokenInputHandler.java
validate/SamlTokenValidatorImpl.java
Author: coheigea
Date: Thu Apr 18 17:10:00 2013
New Revision: 1469456
URL: http://svn.apache.org/r1469456
Log:
Add the ability to turn off SAML Subject Confirmation validation via a property
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1469456&r1=1469455&r2=1469456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Thu Apr 18 17:10:00 2013
@@ -99,6 +99,7 @@ public class WSSSecurityProperties exten
private boolean enableRevocation = false;
private ReplayCache timestampReplayCache;
private ReplayCache nonceReplayCache;
+ private boolean validateSamlSubjectConfirmation = true;
public WSSSecurityProperties() {
super();
@@ -144,6 +145,7 @@ public class WSSSecurityProperties exten
this.useDerivedKeyForMAC = wssSecurityProperties.useDerivedKeyForMAC;
this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
+ this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
}
/**
@@ -751,5 +753,13 @@ public class WSSSecurityProperties exten
public void setSamlCallbackHandler(CallbackHandler samlCallbackHandler) {
this.samlCallbackHandler = samlCallbackHandler;
}
+
+ public boolean isValidateSamlSubjectConfirmation() {
+ return validateSamlSubjectConfirmation;
+ }
+
+ public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
+ this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1469456&r1=1469455&r2=1469456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Thu Apr 18 17:10:00 2013
@@ -253,11 +253,13 @@ public class SAMLTokenInputHandler exten
samlTokenSecurityEvent.setCorrelationID(samlAssertionWrapper.getId());
wsInboundSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
- SAMLTokenVerifierInputProcessor samlTokenVerifierInputProcessor =
- new SAMLTokenVerifierInputProcessor(
- securityProperties, samlAssertionWrapper, subjectSecurityTokenProvider, subjectSecurityToken);
- wsInboundSecurityContext.addSecurityEventListener(samlTokenVerifierInputProcessor);
- inputProcessorChain.addProcessor(samlTokenVerifierInputProcessor);
+ if (wssSecurityProperties.isValidateSamlSubjectConfirmation()) {
+ SAMLTokenVerifierInputProcessor samlTokenVerifierInputProcessor =
+ new SAMLTokenVerifierInputProcessor(
+ securityProperties, samlAssertionWrapper, subjectSecurityTokenProvider, subjectSecurityToken);
+ wsInboundSecurityContext.addSecurityEventListener(samlTokenVerifierInputProcessor);
+ inputProcessorChain.addProcessor(samlTokenVerifierInputProcessor);
+ }
}
private int getSubjectKeyInfoIndex(Deque<XMLSecEvent> eventQueue) {
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java?rev=1469456&r1=1469455&r2=1469456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java Thu Apr 18 17:10:00 2013
@@ -18,14 +18,19 @@
*/
package org.apache.wss4j.stax.validate;
+import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.stax.ext.WSSConfigurationException;
import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
public class SamlTokenValidatorImpl extends SignatureTokenValidatorImpl implements SamlTokenValidator {
+ private static final transient org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(SamlTokenValidatorImpl.class);
+
/**
* The time in seconds in the future within which the NotBefore time of an incoming
* Assertion is valid. The default is 60 seconds.
@@ -71,10 +76,17 @@ public class SamlTokenValidatorImpl exte
// Validate the assertion against schemas/profiles
validateAssertion(samlAssertionWrapper);
+ Crypto sigVerCrypto = null;
+ try {
+ sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
+ } catch (WSSConfigurationException ex) {
+ // A Signature Verification Crypto instance may not be required
+ log.warn(ex.getMessage(), ex);
+ }
SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(
samlAssertionWrapper, subjectSecurityToken,
tokenContext.getWsSecurityContext(),
- tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto(),
+ sigVerCrypto,
null,
tokenContext.getWssSecurityProperties());