You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2012/08/21 09:04:29 UTC
svn commit: r1375400 - in /cxf/fediz/trunk/plugins/core/src:
main/java/org/apache/cxf/fediz/core/config/ main/resources/schemas/
test/java/org/apache/cxf/fediz/core/ test/resources/
Author: owulff
Date: Tue Aug 21 07:04:29 2012
New Revision: 1375400
URL: http://svn.apache.org/viewvc?rev=1375400&view=rev
Log:
maximumClockSkew is optional now, default 5 seconds
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java Tue Aug 21 07:04:29 2012
@@ -112,7 +112,11 @@ public class FederationContext implement
}
public BigInteger getMaximumClockSkew() {
- return config.getMaximumClockSkew();
+ if (config.getMaximumClockSkew() == null) {
+ return BigInteger.valueOf(5L);
+ } else {
+ return config.getMaximumClockSkew();
+ }
}
public void setMaximumClockSkew(BigInteger maximumClockSkew) {
Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue Aug 21 07:04:29 2012
@@ -70,7 +70,7 @@
</xs:restriction>
</xs:simpleType>
- <xs:element name="maximumClockSkew" type="xs:integer" default="60"/>
+ <xs:element name="maximumClockSkew" type="xs:integer" default="5"/>
<xs:element name="tokenReplayCache" type="xs:string" />
Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java Tue Aug 21 07:04:29 2012
@@ -826,6 +826,44 @@ public class FederationProcessorTest {
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
}
+
+ /**
+ * "Validate" SAML 2 token with a custom token validator
+ * If a validator is configured it precedes the SAMLTokenValidator as part of Fediz
+ */
+ @org.junit.Test
+ public void validateSAML2TokenMaxClockSkewNotDefined() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+ callbackHandler.setSubjectName(TEST_USER);
+ ConditionsBean cp = new ConditionsBean();
+ cp.setAudienceURI(TEST_AUDIENCE);
+ callbackHandler.setConditions(cp);
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ String rstr = createSamlToken(assertion, "mystskey", true);
+
+ FederationRequest wfReq = new FederationRequest();
+ wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+ wfReq.setWresult(rstr);
+
+ configurator = null;
+ FederationContext config = getFederationConfigurator().getFederationContext("NOCLOCKSKEW");
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+
+ Assert.assertEquals("Principal name wrong", TEST_USER,
+ wfRes.getUsername());
+ Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+ Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
+ .size());
+ Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
+ }
private String createSamlToken(AssertionWrapper assertion, String alias, boolean sign)
Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml (original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Tue Aug 21 07:04:29 2012
@@ -143,5 +143,36 @@
<validator>org.apache.cxf.fediz.core.NonexistentCustomValidator</validator>
</tokenValidators>
</protocol>
+ </contextConfig>
+ <contextConfig name="NOCLOCKSKEW">
+ <audienceUris>
+ <audienceItem>http://host_one:port/url</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="stsstore.jks" password="stsspass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+ name="FedizSTSIssuer" />
+ </trustedIssuers>
+
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>target realm</realm>
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ </protocol>
</contextConfig>
</FedizConfig>