You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/18 19:10:00 UTC

svn commit: r1469456 - in /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax: ext/WSSSecurityProperties.java impl/processor/input/SAMLTokenInputHandler.java validate/SamlTokenValidatorImpl.java

Author: coheigea
Date: Thu Apr 18 17:10:00 2013
New Revision: 1469456

URL: http://svn.apache.org/r1469456
Log:
Add the ability to turn off SAML Subject Confirmation validation via a property

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1469456&r1=1469455&r2=1469456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Thu Apr 18 17:10:00 2013
@@ -99,6 +99,7 @@ public class WSSSecurityProperties exten
     private boolean enableRevocation = false;
     private ReplayCache timestampReplayCache;
     private ReplayCache nonceReplayCache;
+    private boolean validateSamlSubjectConfirmation = true;
 
     public WSSSecurityProperties() {
         super();
@@ -144,6 +145,7 @@ public class WSSSecurityProperties exten
         this.useDerivedKeyForMAC = wssSecurityProperties.useDerivedKeyForMAC;
         this.addUsernameTokenNonce = wssSecurityProperties.addUsernameTokenNonce;
         this.addUsernameTokenCreated = wssSecurityProperties.addUsernameTokenCreated;
+        this.validateSamlSubjectConfirmation = wssSecurityProperties.validateSamlSubjectConfirmation;
     }
 
     /**
@@ -751,5 +753,13 @@ public class WSSSecurityProperties exten
     public void setSamlCallbackHandler(CallbackHandler samlCallbackHandler) {
         this.samlCallbackHandler = samlCallbackHandler;
     }
+
+    public boolean isValidateSamlSubjectConfirmation() {
+        return validateSamlSubjectConfirmation;
+    }
+
+    public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
+        this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
+    }
     
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1469456&r1=1469455&r2=1469456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Thu Apr 18 17:10:00 2013
@@ -253,11 +253,13 @@ public class SAMLTokenInputHandler exten
         samlTokenSecurityEvent.setCorrelationID(samlAssertionWrapper.getId());
         wsInboundSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
 
-        SAMLTokenVerifierInputProcessor samlTokenVerifierInputProcessor =
-                new SAMLTokenVerifierInputProcessor(
-                        securityProperties, samlAssertionWrapper, subjectSecurityTokenProvider, subjectSecurityToken);
-        wsInboundSecurityContext.addSecurityEventListener(samlTokenVerifierInputProcessor);
-        inputProcessorChain.addProcessor(samlTokenVerifierInputProcessor);
+        if (wssSecurityProperties.isValidateSamlSubjectConfirmation()) {
+            SAMLTokenVerifierInputProcessor samlTokenVerifierInputProcessor =
+                    new SAMLTokenVerifierInputProcessor(
+                            securityProperties, samlAssertionWrapper, subjectSecurityTokenProvider, subjectSecurityToken);
+            wsInboundSecurityContext.addSecurityEventListener(samlTokenVerifierInputProcessor);
+            inputProcessorChain.addProcessor(samlTokenVerifierInputProcessor);
+        }
     }
 
     private int getSubjectKeyInfoIndex(Deque<XMLSecEvent> eventQueue) {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java?rev=1469456&r1=1469455&r2=1469456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java Thu Apr 18 17:10:00 2013
@@ -18,14 +18,19 @@
  */
 package org.apache.wss4j.stax.validate;
 
+import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.stax.ext.WSSConfigurationException;
 import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
 
 public class SamlTokenValidatorImpl extends SignatureTokenValidatorImpl implements SamlTokenValidator {
     
+    private static final transient org.slf4j.Logger log =
+        org.slf4j.LoggerFactory.getLogger(SamlTokenValidatorImpl.class);
+    
     /**
      * The time in seconds in the future within which the NotBefore time of an incoming
      * Assertion is valid. The default is 60 seconds.
@@ -71,10 +76,17 @@ public class SamlTokenValidatorImpl exte
         // Validate the assertion against schemas/profiles
         validateAssertion(samlAssertionWrapper);
 
+        Crypto sigVerCrypto = null;
+        try {
+            sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
+        } catch (WSSConfigurationException ex) {
+            // A Signature Verification Crypto instance may not be required
+            log.warn(ex.getMessage(), ex);
+        }
         SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(
                 samlAssertionWrapper, subjectSecurityToken,
                 tokenContext.getWsSecurityContext(),
-                tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto(),
+                sigVerCrypto,
                 null,
                 tokenContext.getWssSecurityProperties());