You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/02/05 21:39:14 UTC
[2/3] cxf git commit: Changing the default to issue tokens rather
than WS-Trust responses
Changing the default to issue tokens rather than WS-Trust responses
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/72821c78
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/72821c78
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/72821c78
Branch: refs/heads/master
Commit: 72821c781bb43dd2a846fd85eed706d316bc4a2e
Parents: 7ea12c2
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Feb 5 17:53:25 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Feb 5 17:54:04 2016 +0000
----------------------------------------------------------------------
.../cxf/sts/rest/RESTSecurityTokenService.java | 8 +++
.../sts/rest/RESTSecurityTokenServiceImpl.java | 61 ++++++++++++-----
.../cxf/systest/sts/rest/RESTUnitTest.java | 71 +++++++++++++++-----
3 files changed, 107 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index 04cc0f6..a68194d 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -63,6 +63,14 @@ public interface RESTSecurityTokenService {
})
Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
@QueryParam("claim") List<String> requestedClaims);
+
+ @GET
+ @Path("ws-trust/{tokenType}")
+ @Produces({
+ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
+ })
+ Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
+ @QueryParam("claim") List<String> requestedClaims);
@POST
@Produces({
http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 393b806..ae454ab 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -45,6 +45,7 @@ import org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -90,6 +91,36 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
@Override
public Response getToken(String tokenType, String keyType, List<String> requestedClaims) {
+ RequestSecurityTokenResponseType response =
+ issueToken(tokenType, keyType, requestedClaims);
+
+ RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
+
+ return Response.ok(requestedToken.getAny()).build();
+ }
+
+ @Override
+ public Response getTokenViaWSTrust(String tokenType, String keyType, List<String> requestedClaims) {
+ return getToken(tokenType, keyType, requestedClaims);
+ }
+
+ private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
+ for (Object obj : response.getAny()) {
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+ if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+ return (RequestedSecurityTokenType)jaxbElement.getValue();
+ }
+ }
+ }
+ return null;
+ }
+
+ private RequestSecurityTokenResponseType issueToken(
+ String tokenType,
+ String keyType,
+ List<String> requestedClaims
+ ) {
if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
tokenType = tokenTypeMap.get(tokenType);
}
@@ -141,32 +172,32 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
// }
// request.setContext(null);
- return getToken(Action.ISSUE, request);
+ return processRequest(Action.ISSUE, request);
}
@Override
public Response getToken(Action action, RequestSecurityTokenType request) {
- RequestSecurityTokenResponseType response;
+ RequestSecurityTokenResponseType response = processRequest(action, request);
+
+ JAXBElement<RequestSecurityTokenResponseType> jaxbResponse =
+ QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponse(response);
+
+ return Response.ok(jaxbResponse).build();
+ }
+
+ private RequestSecurityTokenResponseType processRequest(Action action,
+ RequestSecurityTokenType request) {
switch (action) {
case VALIDATE:
- response = validate(request);
- break;
+ return validate(request);
case RENEW:
- response = renew(request);
- break;
+ return renew(request);
case CANCEL:
- response = cancel(request);
- break;
+ return cancel(request);
case ISSUE:
default:
- response = issueSingle(request);
- break;
+ return issueSingle(request);
}
-
- JAXBElement<RequestSecurityTokenResponseType> jaxbResponse =
- QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponse(response);
-
- return Response.ok(jaxbResponse).build();
}
@Override
http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 7caf0f2..068b4c3 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -25,6 +25,7 @@ import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.core.Response;
import javax.xml.bind.JAXBElement;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.Bus;
@@ -83,23 +84,11 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
client.path("saml2.0");
Response response = client.get();
- RequestSecurityTokenResponseType securityResponse =
- response.readEntity(RequestSecurityTokenResponseType.class);
-
- RequestedSecurityTokenType requestedSecurityToken = null;
- for (Object obj : securityResponse.getAny()) {
- if (obj instanceof JAXBElement<?>) {
- JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
- if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
- requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
- break;
- }
- }
- }
- assertNotNull(requestedSecurityToken);
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
// Process the token
- List<WSSecurityEngineResult> results = processToken(requestedSecurityToken);
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion =
@@ -112,6 +101,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ @org.junit.Ignore
public void testIssueJWTToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
@@ -129,7 +119,53 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
client.get();
}
- private List<WSSecurityEngineResult> processToken(RequestedSecurityTokenType securityResponse)
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testIssueSAML2TokenViaWSTrust() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+
+ Response response = client.get();
+ RequestSecurityTokenResponseType securityResponse =
+ response.readEntity(RequestSecurityTokenResponseType.class);
+
+ RequestedSecurityTokenType requestedSecurityToken = null;
+ for (Object obj : securityResponse.getAny()) {
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+ if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+ requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
+ break;
+ }
+ }
+ }
+ assertNotNull(requestedSecurityToken);
+
+ // Process the token
+ List<WSSecurityEngineResult> results =
+ processToken((Element)requestedSecurityToken.getAny());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ private List<WSSecurityEngineResult> processToken(Element assertionElement)
throws Exception {
RequestData requestData = new RequestData();
requestData.setDisableBSPEnforcement(true);
@@ -140,9 +176,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
requestData.setSigVerCrypto(crypto);
Processor processor = new SAMLTokenProcessor();
- Element securityTokenElem = (Element)securityResponse.getAny();
return processor.handleToken(
- securityTokenElem, requestData, new WSDocInfo(securityTokenElem.getOwnerDocument())
+ assertionElement, requestData, new WSDocInfo(assertionElement.getOwnerDocument())
);
}