You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/07/23 15:49:23 UTC
svn commit: r1150105 - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/saml/ext/bean/
main/java/org/apache/ws/security/saml/ext/builder/
test/java/org/apache/ws/security/common/
test/java/org/apache/ws/security/saml/
Author: coheigea
Date: Sat Jul 23 13:49:22 2011
New Revision: 1150105
URL: http://svn.apache.org/viewvc?rev=1150105&view=rev
Log:
[WSS-296] - SubjectLocality is missing from AuthenticationStatementBean
- Patch applied, thanks.
- Also added in some tests.
Added:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java Sat Jul 23 13:49:22 2011
@@ -32,6 +32,8 @@ public class AuthenticationStatementBean
private SubjectBean subject;
DateTime authenticationInstant;
private String authenticationMethod;
+ private SubjectLocalityBean subjectLocality;
+ private String sessionIndex;
/**
* Default constructor
@@ -103,6 +105,42 @@ public class AuthenticationStatementBean
public void setAuthenticationInstant(DateTime authenticationInstant) {
this.authenticationInstant = authenticationInstant;
}
+
+ /**
+ * Get Subject Locality.
+ *
+ * @return the subjectLocality
+ */
+ public final SubjectLocalityBean getSubjectLocality() {
+ return subjectLocality;
+ }
+
+ /**
+ * Set Subject Locality.
+ *
+ * @param subjectLocality the subjectLocality to set
+ */
+ public final void setSubjectLocality(final SubjectLocalityBean subjectLocality) {
+ this.subjectLocality = subjectLocality;
+ }
+
+ /**
+ * Get the session index.
+ *
+ * @return the sessionIndex
+ */
+ public final String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * Set the session index.
+ *
+ * @param sessionIndex the sessionIndex to set
+ */
+ public final void setSessionIndex(final String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
@Override
public boolean equals(Object o) {
@@ -131,6 +169,18 @@ public class AuthenticationStatementBean
&& !subject.equals(that.subject)) {
return false;
}
+
+ if (subjectLocality == null && that.subjectLocality != null) {
+ return false;
+ } else if (subjectLocality != null && !subjectLocality.equals(that.subjectLocality)) {
+ return false;
+ }
+
+ if (sessionIndex == null && that.sessionIndex != null) {
+ return false;
+ } else if (sessionIndex != null && !sessionIndex.equals(that.sessionIndex)) {
+ return false;
+ }
return true;
}
@@ -140,6 +190,8 @@ public class AuthenticationStatementBean
int result = subject != null ? subject.hashCode() : 0;
result = 31 * result + (authenticationInstant != null ? authenticationInstant.hashCode() : 0);
result = 31 * result + (authenticationMethod != null ? authenticationMethod.hashCode() : 0);
+ result = 31 * result + (subjectLocality != null ? subjectLocality.hashCode() : 0);
+ result = 31 * result + (sessionIndex != null ? sessionIndex.hashCode() : 0);
return result;
}
}
Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java?rev=1150105&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java (added)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java Sat Jul 23 13:49:22 2011
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.saml.ext.bean;
+
+/**
+ * This class represents a SubjectLocality.
+ */
+public class SubjectLocalityBean {
+
+ /** The ipAddress. */
+ private String ipAddress;
+
+ /** The DNS Address. */
+ private String dnsAddress;
+
+ /**
+ * Default constructor explicitly provided since other constructors would
+ * prevent its automatic creation.
+ */
+ public SubjectLocalityBean() {
+ //
+ }
+
+ /**
+ * Constructor for creating a SubjectLocalityBean with ip and dns addresses.
+ *
+ * @param ipAddress ip address
+ * @param dnsAddress dns address
+ */
+ public SubjectLocalityBean(final String ipAddress, final String dnsAddress) {
+ this.ipAddress = ipAddress;
+ this.dnsAddress = dnsAddress;
+ }
+
+ /**
+ * Get the ip address.
+ *
+ * @return the ipAddress
+ */
+ public final String getIpAddress() {
+ return ipAddress;
+ }
+
+ /**
+ * Set the ip address.
+ *
+ * @param ipAddress the ipAddress to set
+ */
+ public final void setIpAddress(final String ipAddress) {
+ this.ipAddress = ipAddress;
+ }
+
+ /**
+ * Get the dns address.
+ *
+ * @return the dnsAddress
+ */
+ public final String getDnsAddress() {
+ return dnsAddress;
+ }
+
+ /**
+ * Set the dns address.
+ *
+ * @param dnsAddress the dnsAddress to set
+ */
+ public final void setDnsAddress(final String dnsAddress) {
+ this.dnsAddress = dnsAddress;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(final Object o) {
+ if (this == o) {
+ return true;
+ }
+
+ if (!(o instanceof SubjectLocalityBean)) {
+ return false;
+ }
+
+ SubjectLocalityBean that = (SubjectLocalityBean) o;
+
+ if (ipAddress == null && that.ipAddress != null) {
+ return false;
+ } else if (ipAddress != null && !ipAddress.equals(that.ipAddress)) {
+ return false;
+ }
+
+ if (dnsAddress == null && that.dnsAddress != null) {
+ return false;
+ } else if (dnsAddress != null && !dnsAddress.equals(that.dnsAddress)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ int result = 0;
+ if (ipAddress != null) {
+ result = 31 * result + ipAddress.hashCode();
+ }
+ if (dnsAddress != null) {
+ result = 31 * result + dnsAddress.hashCode();
+ }
+
+ return result;
+ }
+}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java Sat Jul 23 13:49:22 2011
@@ -29,6 +29,7 @@ import org.apache.ws.security.saml.ext.b
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
import org.apache.ws.security.util.UUIDGenerator;
import org.joda.time.DateTime;
@@ -52,6 +53,7 @@ import org.opensaml.saml1.core.Evidence;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
+import org.opensaml.saml1.core.SubjectLocality;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSString;
@@ -103,6 +105,8 @@ public class SAML1ComponentBuilder {
private static SAMLObjectBuilder<Action> actionElementV1Builder;
private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+
+ private static SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
/**
* Create a new SAML 1.1 assertion
@@ -319,6 +323,10 @@ public class SAML1ComponentBuilder {
authenticationStatementV1Builder = (SAMLObjectBuilder<AuthenticationStatement>)
builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
}
+ if (subjectLocalityBuilder == null) {
+ subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>)
+ builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME);
+ }
if (authBeans != null && authBeans.size() > 0) {
for (AuthenticationStatementBean statementBean : authBeans) {
@@ -342,6 +350,16 @@ public class SAML1ComponentBuilder {
authenticationStatement.setAuthenticationMethod(
transformAuthenticationMethod(statementBean.getAuthenticationMethod())
);
+
+ SubjectLocalityBean subjectLocalityBean = statementBean.getSubjectLocality();
+ if (subjectLocalityBean != null) {
+ SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+ subjectLocality.setDNSAddress(subjectLocalityBean.getDnsAddress());
+ subjectLocality.setIPAddress(subjectLocalityBean.getIpAddress());
+
+ authenticationStatement.setSubjectLocality(subjectLocality);
+ }
+
authenticationStatements.add(authenticationStatement);
}
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java Sat Jul 23 13:49:22 2011
@@ -28,6 +28,7 @@ import org.apache.ws.security.saml.ext.b
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
import org.apache.ws.security.util.UUIDGenerator;
import org.joda.time.DateTime;
@@ -55,6 +56,7 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.SubjectLocality;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSString;
@@ -109,6 +111,8 @@ public class SAML2ComponentBuilder {
private static SAMLObjectBuilder<Action> actionElementBuilder;
private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+
+ private static SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;
/**
* Create a SAML 2 assertion
@@ -253,13 +257,19 @@ public class SAML2ComponentBuilder {
authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>)
builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
}
+ if (subjectLocalityBuilder == null) {
+ subjectLocalityBuilder = (SAMLObjectBuilder<SubjectLocality>)
+ builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME);
+ }
-
if (authBeans != null && authBeans.size() > 0) {
for (AuthenticationStatementBean statementBean : authBeans) {
AuthnStatement authnStatement = authnStatementBuilder.buildObject();
authnStatement.setAuthnInstant(statementBean.getAuthenticationInstant());
- //authnStatement.setSessionIndex("b07b804c-7c29-ea16-7300-4f3d6f7928ac");
+
+ if (statementBean.getSessionIndex() != null) {
+ authnStatement.setSessionIndex(statementBean.getSessionIndex());
+ }
AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject();
authnContextClassRef.setAuthnContextClassRef(
@@ -269,6 +279,15 @@ public class SAML2ComponentBuilder {
authnContext.setAuthnContextClassRef(authnContextClassRef);
authnStatement.setAuthnContext(authnContext);
+ SubjectLocalityBean subjectLocalityBean = statementBean.getSubjectLocality();
+ if (subjectLocalityBean != null) {
+ SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject();
+ subjectLocality.setDNSName(subjectLocalityBean.getDnsAddress());
+ subjectLocality.setAddress(subjectLocalityBean.getIpAddress());
+
+ authnStatement.setSubjectLocality(subjectLocality);
+ }
+
authnStatements.add(authnStatement);
}
}
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java Sat Jul 23 13:49:22 2011
@@ -29,6 +29,7 @@ import org.apache.ws.security.saml.ext.b
import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -59,6 +60,8 @@ public abstract class AbstractSAMLCallba
protected byte[] ephemeralKey = null;
protected String issuer = null;
protected String subjectNameIDFormat = null;
+ protected String subjectLocalityIpAddress = null;
+ protected String subjectLocalityDnsAddress = null;
public void setConfirmationMethod(String confMethod) {
confirmationMethod = confMethod;
@@ -88,6 +91,11 @@ public abstract class AbstractSAMLCallba
this.subjectNameIDFormat = subjectNameIDFormat;
}
+ public void setSubjectLocality(String ipAddress, String dnsAddress) {
+ this.subjectLocalityIpAddress = ipAddress;
+ this.subjectLocalityDnsAddress = dnsAddress;
+ }
+
/**
* Note that the SubjectBean parameter should be null for SAML2.0
*/
@@ -97,6 +105,12 @@ public abstract class AbstractSAMLCallba
if (subjectBean != null) {
authBean.setSubject(subjectBean);
}
+ if (subjectLocalityIpAddress != null || subjectLocalityDnsAddress != null) {
+ SubjectLocalityBean subjectLocality = new SubjectLocalityBean();
+ subjectLocality.setIpAddress(subjectLocalityIpAddress);
+ subjectLocality.setDnsAddress(subjectLocalityDnsAddress);
+ authBean.setSubjectLocality(subjectLocality);
+ }
authBean.setAuthenticationMethod("Password");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
} else if (statement == Statement.ATTR) {
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1150105&r1=1150104&r2=1150105&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Sat Jul 23 13:49:22 2011
@@ -513,6 +513,88 @@ public class SamlTokenTest extends org.j
}
/**
+ * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion with
+ * a user-specified SubjectLocality statement.
+ */
+ @org.junit.Test
+ public void testSAML1SubjectLocality() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.contains("12.34.56.780"));
+ assertTrue(outputString.contains("test-dns"));
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ assertTrue(!receivedAssertion.isSigned());
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion with
+ * a user-specified SubjectLocality statement.
+ */
+ @org.junit.Test
+ public void testSAML2SubjectLocality() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.contains("12.34.56.780"));
+ assertTrue(outputString.contains("test-dns"));
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ assertTrue(!receivedAssertion.isSigned());
+ }
+
+ /**
* Verifies the soap envelope
* <p/>
*