You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/07/08 13:01:31 UTC
svn commit: r1689838 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/
ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/
Author: coheigea
Date: Wed Jul 8 11:01:30 2015
New Revision: 1689838
URL: http://svn.apache.org/r1689838
Log:
[WSS-545] - Add the ability to create DelegateRestrictionType Conditions when creating SAML Assertions
Added:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/DelegateBean.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/NameIDBean.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/SubjectBean.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java?rev=1689838&r1=1689837&r2=1689838&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java Wed Jul 8 11:01:30 2015
@@ -35,6 +35,7 @@ public class ConditionsBean {
private List<AudienceRestrictionBean> audienceRestrictions;
private boolean oneTimeUse;
private ProxyRestrictionBean proxyRestriction;
+ private List<DelegateBean> delegates;
/**
* Constructor ConditionsBean creates a new ConditionsBean instance.
@@ -181,6 +182,14 @@ public class ConditionsBean {
this.proxyRestriction = proxyRestriction;
}
+ public List<DelegateBean> getDelegates() {
+ return delegates;
+ }
+
+ public void setDelegates(List<DelegateBean> delegates) {
+ this.delegates = delegates;
+ }
+
/**
* Method equals ...
*
@@ -223,6 +232,12 @@ public class ConditionsBean {
&& !proxyRestriction.equals(that.proxyRestriction)) {
return false;
}
+
+ if (delegates == null && that.delegates != null) {
+ return false;
+ } else if (delegates != null && !delegates.equals(that.delegates)) {
+ return false;
+ }
return true;
}
@@ -246,6 +261,9 @@ public class ConditionsBean {
if (proxyRestriction != null) {
result = 31 * result + proxyRestriction.hashCode();
}
+ if (delegates != null) {
+ result = 31 * result + delegates.hashCode();
+ }
return result;
}
Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/DelegateBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/DelegateBean.java?rev=1689838&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/DelegateBean.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/DelegateBean.java Wed Jul 8 11:01:30 2015
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.bean;
+
+import org.joda.time.DateTime;
+
+/**
+ * Class DelegateBean represents a SAML 2.0 Delegate object. Only NameIDs are supported for now, not
+ * BaseID or EncryptedIDs.
+ *
+ * See:
+ * http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-delegation-cs-01.pdf
+ */
+public class DelegateBean {
+ private DateTime delegationInstant;
+ private String confirmationMethod;
+ private NameIDBean nameIDBean;
+
+ public DateTime getDelegationInstant() {
+ return delegationInstant;
+ }
+
+ public void setDelegationInstant(DateTime delegationInstant) {
+ this.delegationInstant = delegationInstant;
+ }
+
+ public String getConfirmationMethod() {
+ return confirmationMethod;
+ }
+
+ public void setConfirmationMethod(String confirmationMethod) {
+ this.confirmationMethod = confirmationMethod;
+ }
+
+ public NameIDBean getNameIDBean() {
+ return nameIDBean;
+ }
+
+ public void setNameIDBean(NameIDBean nameIDBean) {
+ this.nameIDBean = nameIDBean;
+ }
+
+ /**
+ * Method equals ...
+ *
+ * @param o of type Object
+ * @return boolean
+ */
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (!(o instanceof DelegateBean)) return false;
+
+ DelegateBean that = (DelegateBean) o;
+
+ if (delegationInstant == null && that.delegationInstant != null) {
+ return false;
+ } else if (delegationInstant != null && !delegationInstant.equals(that.delegationInstant)) {
+ return false;
+ }
+
+ if (confirmationMethod == null && that.confirmationMethod != null) {
+ return false;
+ } else if (confirmationMethod != null && !confirmationMethod.equals(that.confirmationMethod)) {
+ return false;
+ }
+
+ if (nameIDBean == null && that.nameIDBean != null) {
+ return false;
+ } else if (nameIDBean != null && !nameIDBean.equals(that.nameIDBean)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * @return the hashcode of this object
+ */
+ @Override
+ public int hashCode() {
+ int result = 0;
+ if (delegationInstant != null) {
+ result = 31 * result + delegationInstant.hashCode();
+ }
+ if (confirmationMethod != null) {
+ result = 31 * result + confirmationMethod.hashCode();
+ }
+ if (nameIDBean != null) {
+ result = 31 * result + nameIDBean.hashCode();
+ }
+ return result;
+ }
+
+}
Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/NameIDBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/NameIDBean.java?rev=1689838&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/NameIDBean.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/NameIDBean.java Wed Jul 8 11:01:30 2015
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.bean;
+
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+
+/**
+ * Class NameIDBean represents a SAML NameID (can be used to create both SAML v1.1 and v2.0 statements)
+ */
+public class NameIDBean {
+ private String nameValue;
+ private String nameIDFormat = SAML1Constants.NAMEID_FORMAT_UNSPECIFIED;
+ private String nameQualifier;
+
+ /**
+ * Constructor NameIDBean creates a new NameIDBean instance.
+ */
+ public NameIDBean() {
+ }
+
+ /**
+ * Constructor NameIDBean creates a new NameIDBean instance.
+ *
+ * @param nameValue of type String
+ * @param nameQualifier of type String
+ */
+ public NameIDBean(
+ String nameValue,
+ String nameQualifier,
+ String nameIDFormat
+ ) {
+ this.setNameValue(nameValue);
+ this.setNameQualifier(nameQualifier);
+ this.setNameIDFormat(nameIDFormat);
+ }
+
+ public String getNameValue() {
+ return nameValue;
+ }
+
+ public void setNameValue(String nameValue) {
+ this.nameValue = nameValue;
+ }
+
+ public String getNameIDFormat() {
+ return nameIDFormat;
+ }
+
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ public String getNameQualifier() {
+ return nameQualifier;
+ }
+
+ public void setNameQualifier(String nameQualifier) {
+ this.nameQualifier = nameQualifier;
+ }
+
+ /**
+ * Method equals ...
+ *
+ * @param o of type Object
+ * @return boolean
+ */
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (!(o instanceof NameIDBean)) return false;
+
+ NameIDBean that = (NameIDBean) o;
+
+ if (nameValue == null && that.nameValue != null) {
+ return false;
+ } else if (nameValue != null && !nameValue.equals(that.nameValue)) {
+ return false;
+ }
+
+ if (nameIDFormat == null && that.nameIDFormat != null) {
+ return false;
+ } else if (nameIDFormat != null && !nameIDFormat.equals(that.nameIDFormat)) {
+ return false;
+ }
+
+ if (nameQualifier == null && that.nameQualifier != null) {
+ return false;
+ } else if (nameQualifier != null && !nameQualifier.equals(that.nameQualifier)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * @return the hashcode of this object
+ */
+ @Override
+ public int hashCode() {
+ int result = 0;
+ if (nameValue != null) {
+ result = nameValue.hashCode();
+ }
+ if (nameIDFormat != null) {
+ result = 31 * result + nameIDFormat.hashCode();
+ }
+ if (nameQualifier != null) {
+ result = 31 * result + nameQualifier.hashCode();
+ }
+ return result;
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/SubjectBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/SubjectBean.java?rev=1689838&r1=1689837&r2=1689838&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/SubjectBean.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/SubjectBean.java Wed Jul 8 11:01:30 2015
@@ -19,16 +19,12 @@
package org.apache.wss4j.common.saml.bean;
-import org.apache.wss4j.common.saml.builder.SAML1Constants;
-
/**
* Class SubjectBean represents a SAML subject (can be used to create
* both SAML v1.1 and v2.0 statements)
*/
public class SubjectBean {
- private String subjectName;
- private String subjectNameIDFormat = SAML1Constants.NAMEID_FORMAT_UNSPECIFIED;
- private String subjectNameQualifier;
+ private final NameIDBean nameID = new NameIDBean();
private String subjectConfirmationMethod;
private KeyInfoBean keyInfo;
private SubjectConfirmationDataBean subjectConfirmationData;
@@ -51,8 +47,8 @@ public class SubjectBean {
String subjectNameQualifier,
String subjectConfirmationMethod
) {
- this.subjectName = subjectName;
- this.subjectNameQualifier = subjectNameQualifier;
+ nameID.setNameValue(subjectName);
+ nameID.setNameQualifier(subjectNameQualifier);
this.subjectConfirmationMethod = subjectConfirmationMethod;
}
@@ -71,7 +67,7 @@ public class SubjectBean {
String subjectNameIDFormat
) {
this(subjectName, subjectNameQualifier, subjectConfirmationMethod);
- this.subjectNameIDFormat = subjectNameIDFormat;
+ nameID.setNameIDFormat(subjectNameIDFormat);
}
/**
@@ -80,7 +76,7 @@ public class SubjectBean {
* @return the subjectName (type String) of this SubjectBean object.
*/
public String getSubjectName() {
- return subjectName;
+ return nameID.getNameValue();
}
/**
@@ -89,7 +85,7 @@ public class SubjectBean {
* @param subjectName the subjectName of this SubjectBean object.
*/
public void setSubjectName(String subjectName) {
- this.subjectName = subjectName;
+ nameID.setNameValue(subjectName);
}
/**
@@ -98,7 +94,7 @@ public class SubjectBean {
* @return the subjectNameQualifier (type String) of this SubjectBean object.
*/
public String getSubjectNameQualifier() {
- return subjectNameQualifier;
+ return nameID.getNameQualifier();
}
/**
@@ -107,7 +103,7 @@ public class SubjectBean {
* @param subjectNameQualifier the subjectNameQualifier of this SubjectBean object.
*/
public void setSubjectNameQualifier(String subjectNameQualifier) {
- this.subjectNameQualifier = subjectNameQualifier;
+ nameID.setNameQualifier(subjectNameQualifier);
}
/**
@@ -138,7 +134,7 @@ public class SubjectBean {
* @return the subjectNameIDFormat (type String) of this SubjectBean object.
*/
public String getSubjectNameIDFormat() {
- return subjectNameIDFormat;
+ return nameID.getNameIDFormat();
}
/**
@@ -148,7 +144,7 @@ public class SubjectBean {
* @param subjectNameIDFormat the subjectNameIDFormat of this SubjectBean object.
*/
public void setSubjectNameIDFormat(String subjectNameIDFormat) {
- this.subjectNameIDFormat = subjectNameIDFormat;
+ nameID.setNameIDFormat(subjectNameIDFormat);
}
/**
@@ -200,16 +196,7 @@ public class SubjectBean {
SubjectBean that = (SubjectBean) o;
- if (subjectName == null && that.subjectName != null) {
- return false;
- } else if (subjectName != null && !subjectName.equals(that.subjectName)) {
- return false;
- }
-
- if (subjectNameQualifier == null && that.subjectNameQualifier != null) {
- return false;
- } else if (subjectNameQualifier != null &&
- !subjectNameQualifier.equals(that.subjectNameQualifier)) {
+ if (!nameID.equals(that.nameID)) {
return false;
}
@@ -220,13 +207,6 @@ public class SubjectBean {
return false;
}
- if (subjectNameIDFormat == null && that.subjectNameIDFormat != null) {
- return false;
- } else if (subjectNameIDFormat != null
- && !subjectNameIDFormat.equals(that.subjectNameIDFormat)) {
- return false;
- }
-
if (keyInfo == null && that.keyInfo != null) {
return false;
} else if (keyInfo != null && !keyInfo.equals(that.keyInfo)) {
@@ -248,19 +228,10 @@ public class SubjectBean {
*/
@Override
public int hashCode() {
- int result = 0;
- if (subjectName != null) {
- result = subjectName.hashCode();
- }
- if (subjectNameQualifier != null) {
- result = 31 * result + subjectNameQualifier.hashCode();
- }
+ int result = nameID.hashCode();
if (subjectConfirmationMethod != null) {
result = 31 * result + subjectConfirmationMethod.hashCode();
}
- if (subjectNameIDFormat != null) {
- result = 31 * result + subjectNameIDFormat.hashCode();
- }
if (keyInfo != null) {
result = 31 * result + keyInfo.hashCode();
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java?rev=1689838&r1=1689837&r2=1689838&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java Wed Jul 8 11:01:30 2015
@@ -32,7 +32,9 @@ import org.apache.wss4j.common.saml.bean
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.DelegateBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.NameIDBean;
import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
@@ -41,6 +43,8 @@ import org.apache.xml.security.stax.impl
import org.joda.time.DateTime;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.ext.saml2delrestrict.Delegate;
+import org.opensaml.saml.ext.saml2delrestrict.DelegationRestrictionType;
import org.opensaml.saml.saml2.core.Action;
import org.opensaml.saml.saml2.core.Advice;
import org.opensaml.saml.saml2.core.Assertion;
@@ -120,8 +124,12 @@ public final class SAML2ComponentBuilder
private static volatile SAMLObjectBuilder<AudienceRestriction> audienceRestrictionBuilder;
+ private static volatile SAMLObjectBuilder<DelegationRestrictionType> delegationRestrictionBuilder;
+
private static volatile SAMLObjectBuilder<Audience> audienceBuilder;
+ private static volatile SAMLObjectBuilder<Delegate> delegateBuilder;
+
private static volatile SAMLObjectBuilder<AuthzDecisionStatement> authorizationDecisionStatementBuilder;
private static volatile SAMLObjectBuilder<Action> actionElementBuilder;
@@ -244,6 +252,13 @@ public final class SAML2ComponentBuilder
if (conditionsBean.getProxyRestriction() != null) {
conditions.getConditions().add(createProxyRestriction(conditionsBean.getProxyRestriction()));
}
+
+ if (conditionsBean.getDelegates() != null && !conditionsBean.getDelegates().isEmpty()) {
+ DelegationRestrictionType delegationRestriction =
+ createDelegationRestriction(conditionsBean.getDelegates());
+ conditions.getConditions().add(delegationRestriction);
+ }
+
return conditions;
}
@@ -332,6 +347,45 @@ public final class SAML2ComponentBuilder
}
/**
+ * Create an DelegationRestrictionType object
+ *
+ * @param delegates of type List<DelegateBean>
+ * @return a DelegationRestrictionType object
+ */
+ @SuppressWarnings("unchecked")
+ public static DelegationRestrictionType createDelegationRestriction(
+ List<DelegateBean> delegates
+ ) {
+ if (delegationRestrictionBuilder == null) {
+ delegationRestrictionBuilder = (SAMLObjectBuilder<DelegationRestrictionType>)
+ builderFactory.getBuilder(DelegationRestrictionType.TYPE_NAME);
+ }
+ DelegationRestrictionType delegationRestriction = delegationRestrictionBuilder.buildObject();
+
+ if (delegateBuilder == null) {
+ delegateBuilder = (SAMLObjectBuilder<Delegate>)
+ builderFactory.getBuilder(Delegate.DEFAULT_ELEMENT_NAME);
+ }
+
+ for (DelegateBean delegateBean : delegates) {
+ Delegate delegate = delegateBuilder.buildObject();
+ delegate.setConfirmationMethod(delegateBean.getConfirmationMethod());
+ delegate.setDelegationInstant(delegateBean.getDelegationInstant());
+
+ if (delegateBean.getNameIDBean() == null) {
+ throw new IllegalStateException(
+ "The value of NameIDBean in DelegateBean may not be null"
+ );
+ }
+ NameID nameID = createNameID(delegateBean.getNameIDBean());
+ delegate.setNameID(nameID);
+ delegationRestriction.getDelegates().add(delegate);
+ }
+
+ return delegationRestriction;
+ }
+
+ /**
* Create a OneTimeUse object
*
* @return a OneTimeUse object
@@ -632,20 +686,27 @@ public final class SAML2ComponentBuilder
* @param subject A SubjectBean instance
* @return NameID
*/
- @SuppressWarnings("unchecked")
public static NameID createNameID(SubjectBean subject) {
+ NameIDBean nameIDBean = new NameIDBean();
+ nameIDBean.setNameIDFormat(subject.getSubjectNameIDFormat());
+ nameIDBean.setNameQualifier(subject.getSubjectNameQualifier());
+ nameIDBean.setNameValue(subject.getSubjectName());
+ return createNameID(nameIDBean);
+ }
+
+ @SuppressWarnings("unchecked")
+ public static NameID createNameID(NameIDBean nameIDBean) {
if (nameIdBuilder == null) {
nameIdBuilder = (SAMLObjectBuilder<NameID>)
builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
}
NameID nameID = nameIdBuilder.buildObject();
- nameID.setNameQualifier(subject.getSubjectNameQualifier());
- nameID.setFormat(subject.getSubjectNameIDFormat());
- nameID.setValue(subject.getSubjectName());
+ nameID.setNameQualifier(nameIDBean.getNameQualifier());
+ nameID.setFormat(nameIDBean.getNameIDFormat());
+ nameID.setValue(nameIDBean.getNameValue());
return nameID;
}
-
/**
* Create SAML2 Attribute Statement(s)
*
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java?rev=1689838&r1=1689837&r2=1689838&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java Wed Jul 8 11:01:30 2015
@@ -31,7 +31,10 @@ import org.apache.wss4j.common.saml.SAML
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.DelegateBean;
+import org.apache.wss4j.common.saml.bean.NameIDBean;
import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
@@ -680,6 +683,33 @@ public class SamlConditionsTest extends
newEngine.processSecurityHeader(doc, data);
}
+ @org.junit.Test
+ public void testSAML2Delegate() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ DateTime notBefore = new DateTime();
+ conditions.setNotBefore(notBefore);
+ conditions.setNotAfter(notBefore.plusMinutes(20));
+
+ DelegateBean delegate = new DelegateBean();
+ delegate.setDelegationInstant(DateTime.now());
+ delegate.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+
+ NameIDBean nameID = new NameIDBean();
+ nameID.setNameValue("bob");
+ nameID.setNameQualifier("www.example.com");
+ delegate.setNameIDBean(nameID);
+
+ conditions.setDelegates(Collections.singletonList(delegate));
+
+ callbackHandler.setConditions(conditions);
+
+ createAndVerifyMessage(callbackHandler, true);
+ }
+
private void createAndVerifyMessage(
CallbackHandler samlCallbackHandler, boolean success
) throws Exception {