You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2012/08/21 09:04:29 UTC

svn commit: r1375400 - in /cxf/fediz/trunk/plugins/core/src: main/java/org/apache/cxf/fediz/core/config/ main/resources/schemas/ test/java/org/apache/cxf/fediz/core/ test/resources/

Author: owulff
Date: Tue Aug 21 07:04:29 2012
New Revision: 1375400

URL: http://svn.apache.org/viewvc?rev=1375400&view=rev
Log:
maximumClockSkew is optional now, default 5 seconds

Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
    cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java Tue Aug 21 07:04:29 2012
@@ -112,7 +112,11 @@ public class FederationContext implement
     }
 
     public BigInteger getMaximumClockSkew() {
-        return config.getMaximumClockSkew();
+        if (config.getMaximumClockSkew() == null) {
+            return BigInteger.valueOf(5L);
+        } else {
+            return config.getMaximumClockSkew();
+        }
     }
     
     public void setMaximumClockSkew(BigInteger maximumClockSkew) {

Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue Aug 21 07:04:29 2012
@@ -70,7 +70,7 @@
 		</xs:restriction>
 	</xs:simpleType>
 
-	<xs:element name="maximumClockSkew" type="xs:integer" default="60"/>
+	<xs:element name="maximumClockSkew" type="xs:integer" default="5"/>
 	
 	<xs:element name="tokenReplayCache" type="xs:string" />
 

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java Tue Aug 21 07:04:29 2012
@@ -826,6 +826,44 @@ public class FederationProcessorTest {
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
     }
+
+    /**
+     * "Validate" SAML 2 token with a custom token validator
+     * If a validator is configured it precedes the SAMLTokenValidator as part of Fediz
+     */
+    @org.junit.Test
+    public void validateSAML2TokenMaxClockSkewNotDefined() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        ConditionsBean cp = new ConditionsBean();
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey", true);
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = getFederationConfigurator().getFederationContext("NOCLOCKSKEW");
+        
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                            wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+        Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
+                            .size());
+        Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
+    }
     
     
     private String createSamlToken(AssertionWrapper assertion, String alias, boolean sign)

Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml (original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Tue Aug 21 07:04:29 2012
@@ -143,5 +143,36 @@
 				<validator>org.apache.cxf.fediz.core.NonexistentCustomValidator</validator>
 			</tokenValidators>
 		</protocol>
+	</contextConfig>
+	<contextConfig name="NOCLOCKSKEW">
+		<audienceUris>
+			<audienceItem>http://host_one:port/url</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>		
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="FedizSTSIssuer" />				
+		</trustedIssuers>
+
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>target realm</realm>
+			<issuer>http://url_to_the_issuer</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
 	</contextConfig>	
 </FedizConfig>