You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/09/07 17:58:37 UTC
svn commit: r1382076 - in /cxf/trunk/services/sts:
sts-core/src/main/java/org/apache/cxf/sts/claims/
sts-core/src/test/java/org/apache/cxf/sts/operation/
systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/
systests/advanced/src/test/java...
Author: coheigea
Date: Fri Sep 7 15:58:36 2012
New Revision: 1382076
URL: http://svn.apache.org/viewvc?rev=1382076&view=rev
Log:
[CXF-4484] - Claims to SAML attribute encoding wrong
Added:
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsParser.java
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomClaimsMapper.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java Fri Sep 7 15:58:36 2012
@@ -31,21 +31,12 @@ public class Claim implements Serializab
/**
*
*/
- private static final long serialVersionUID = 1856135937386473416L;
+ private static final long serialVersionUID = -1151700035195497499L;
private URI claimType;
private String issuer;
private String originalIssuer;
private transient Principal principal;
private String value;
- private URI namespace = ClaimTypes.URI_BASE;
-
- public URI getNamespace() {
- return namespace;
- }
-
- public void setNamespace(URI namespace) {
- this.namespace = namespace;
- }
public String getIssuer() {
return issuer;
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java Fri Sep 7 15:58:36 2012
@@ -30,8 +30,11 @@ import org.apache.cxf.sts.token.provider
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
public class ClaimsAttributeStatementProvider implements AttributeStatementProvider {
+
+ private String nameFormat = SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED;
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
// Handle Claims
@@ -77,14 +80,25 @@ public class ClaimsAttributeStatementPro
while (claimIterator.hasNext()) {
Claim claim = claimIterator.next();
AttributeBean attributeBean = new AttributeBean();
- URI name = claim.getNamespace().relativize(claim.getClaimType());
+
+ URI claimType = claim.getClaimType();
if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
|| WSConstants.SAML2_NS.equals(tokenType)) {
- attributeBean.setQualifiedName(name.toString());
- attributeBean.setNameFormat(claim.getNamespace().toString());
+ attributeBean.setQualifiedName(claimType.toString());
+ attributeBean.setNameFormat(nameFormat);
} else {
- attributeBean.setSimpleName(name.toString());
- attributeBean.setQualifiedName(claim.getNamespace().toString());
+ String uri = claimType.toString();
+ int lastSlash = uri.lastIndexOf("/");
+ if (lastSlash == (uri.length() - 1)) {
+ uri = uri.substring(0, lastSlash);
+ lastSlash = uri.lastIndexOf("/");
+ }
+
+ String namespace = uri.substring(0, lastSlash);
+ String name = uri.substring(lastSlash + 1, uri.length());
+
+ attributeBean.setSimpleName(name);
+ attributeBean.setQualifiedName(namespace);
}
attributeBean.setAttributeValues(Collections.singletonList(claim.getValue()));
attributeList.add(attributeBean);
@@ -94,5 +108,13 @@ public class ClaimsAttributeStatementPro
return attrBean;
}
+ public String getNameFormat() {
+ return nameFormat;
+ }
+
+ public void setNameFormat(String nameFormat) {
+ this.nameFormat = nameFormat;
+ }
+
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java Fri Sep 7 15:58:36 2012
@@ -137,13 +137,6 @@ public class ClaimsManager {
if (c.getClaimType().equals(claimType)) {
found = true;
break;
- } else {
- StringBuffer sb = new StringBuffer();
- sb.append(c.getNamespace()).append('/').append(c.getClaimType());
- if (sb.toString().equals(claimType.toString())) {
- found = true;
- break;
- }
}
}
if (!found) {
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomClaimsMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomClaimsMapper.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomClaimsMapper.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CustomClaimsMapper.java Fri Sep 7 15:58:36 2012
@@ -42,7 +42,6 @@ public class CustomClaimsMapper implemen
Claim nc = new Claim();
nc.setClaimType(c.getClaimType());
nc.setIssuer(c.getIssuer());
- nc.setNamespace(c.getNamespace());
nc.setOriginalIssuer(c.getOriginalIssuer());
nc.setPrincipal(c.getPrincipal());
nc.setValue(c.getValue().toUpperCase());
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java Fri Sep 7 15:58:36 2012
@@ -92,6 +92,28 @@ public class ClaimsTest extends Abstract
}
@org.junit.Test
+ public void testSaml1CustomClaims() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ClaimsTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ClaimsTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1CustomClaimsPort");
+ DoubleItPortType transportClaimsPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportClaimsPort, PORT);
+
+ doubleIt(transportClaimsPort, 25);
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1WrongClaims() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java Fri Sep 7 15:58:36 2012
@@ -22,6 +22,7 @@ import java.util.List;
import org.w3c.dom.Element;
+import org.apache.cxf.sts.claims.ClaimTypes;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -68,9 +69,11 @@ public class ClaimsValidator extends Sam
for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml1.core.Attribute attribute : attributes) {
- if (!"role".equals(attribute.getAttributeName())) {
+
+ if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
continue;
}
+
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
@@ -95,9 +98,10 @@ public class ClaimsValidator extends Sam
for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml2.core.Attribute attribute : attributes) {
- if (!"role".equals(attribute.getName())) {
+ if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
continue;
}
+
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java Fri Sep 7 15:58:36 2012
@@ -33,8 +33,11 @@ import org.apache.cxf.sts.token.provider
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
public class CustomAttributeStatementProvider implements AttributeStatementProvider {
+
+ private String nameFormat = SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED;
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
@@ -75,14 +78,25 @@ public class CustomAttributeStatementPro
while (claimIterator.hasNext()) {
Claim claim = claimIterator.next();
AttributeBean attributeBean = new AttributeBean();
- URI name = claim.getNamespace().relativize(claim.getClaimType());
+
+ URI claimType = claim.getClaimType();
if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSConstants.SAML2_NS.equals(tokenType)) {
- attributeBean.setQualifiedName(name.toString());
- attributeBean.setNameFormat(claim.getNamespace().toString());
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ attributeBean.setQualifiedName(claimType.toString());
+ attributeBean.setNameFormat(nameFormat);
} else {
- attributeBean.setSimpleName(name.toString());
- attributeBean.setQualifiedName(claim.getNamespace().toString());
+ String uri = claimType.toString();
+ int lastSlash = uri.lastIndexOf("/");
+ if (lastSlash == (uri.length() - 1)) {
+ uri = uri.substring(0, lastSlash);
+ lastSlash = uri.lastIndexOf("/");
+ }
+
+ String namespace = uri.substring(0, lastSlash);
+ String name = uri.substring(lastSlash + 1, uri.length());
+
+ attributeBean.setSimpleName(name);
+ attributeBean.setQualifiedName(namespace);
}
attributeBean.setAttributeValues(Collections.singletonList(claim.getValue()));
attributeList.add(attributeBean);
@@ -91,5 +105,13 @@ public class CustomAttributeStatementPro
return attrBean;
}
+
+ public String getNameFormat() {
+ return nameFormat;
+ }
+
+ public void setNameFormat(String nameFormat) {
+ this.nameFormat = nameFormat;
+ }
}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java Fri Sep 7 15:58:36 2012
@@ -38,6 +38,8 @@ public class CustomClaimsHandler impleme
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
public static final URI GIVEN_NAME =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
+ public static final URI LANGUAGE =
+ URI.create("http://schemas.mycompany.com/claims/language");
public ClaimCollection retrieveClaimValues(
RequestClaimCollection claims, ClaimsParameters parameters) {
@@ -47,13 +49,13 @@ public class CustomClaimsHandler impleme
for (RequestClaim requestClaim : claims) {
Claim claim = new Claim();
claim.setClaimType(requestClaim.getClaimType());
+ claim.setIssuer("Test Issuer");
+ claim.setOriginalIssuer("Original Issuer");
if (ROLE.equals(requestClaim.getClaimType())) {
- claim.setIssuer("Test Issuer");
- claim.setOriginalIssuer("Original Issuer");
claim.setValue("admin-user");
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
- claim.setIssuer("Test Issuer");
- claim.setOriginalIssuer("Original Issuer");
+ claim.setValue(parameters.getPrincipal().getName());
+ } else if (LANGUAGE.equals(requestClaim.getClaimType())) {
claim.setValue(parameters.getPrincipal().getName());
}
claimCollection.add(claim);
@@ -67,6 +69,7 @@ public class CustomClaimsHandler impleme
List<URI> list = new ArrayList<URI>();
list.add(ROLE);
list.add(GIVEN_NAME);
+ list.add(LANGUAGE);
return list;
}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsParser.java?rev=1382076&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsParser.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsParser.java Fri Sep 7 15:58:36 2012
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.claims.ClaimsParser;
+import org.apache.cxf.sts.claims.RequestClaim;
+
+/**
+ * A Custom ClaimsParser implementation.
+ */
+public class CustomClaimsParser implements ClaimsParser {
+
+ public static final String DIALECT =
+ "http://schemas.mycompany.com/claims";
+
+ private static final Logger LOG = LogUtils.getL7dLogger(CustomClaimsParser.class);
+
+ public RequestClaim parse(Element claim) {
+ return parseClaimType(claim);
+ }
+
+ public static RequestClaim parseClaimType(Element claimType) {
+ String claimLocalName = claimType.getLocalName();
+ String claimNS = claimType.getNamespaceURI();
+ if ("ClaimType".equals(claimLocalName)) {
+ String claimTypeUri = claimType.getAttribute("Uri");
+ String claimTypeOptional = claimType.getAttribute("Optional");
+ RequestClaim requestClaim = new RequestClaim();
+ try {
+ requestClaim.setClaimType(new URI(claimTypeUri));
+ } catch (URISyntaxException e) {
+ LOG.log(
+ Level.WARNING,
+ "Cannot create URI from the given ClaimType attribute value " + claimTypeUri,
+ e
+ );
+ }
+ requestClaim.setOptional(Boolean.parseBoolean(claimTypeOptional));
+ return requestClaim;
+ } else if ("ClaimValue".equals(claimLocalName)) {
+ String claimTypeUri = claimType.getAttribute("Uri");
+ String claimTypeOptional = claimType.getAttribute("Optional");
+ RequestClaim requestClaim = new RequestClaim();
+ try {
+ requestClaim.setClaimType(new URI(claimTypeUri));
+ } catch (URISyntaxException e) {
+ LOG.log(
+ Level.WARNING,
+ "Cannot create URI from the given ClaimTye attribute value " + claimTypeUri,
+ e
+ );
+ }
+
+ Node valueNode = claimType.getFirstChild();
+ if (valueNode != null) {
+ if ("Value".equals(valueNode.getLocalName())) {
+ requestClaim.setClaimValue(valueNode.getTextContent().trim());
+ } else {
+ LOG.warning("Unsupported child element of ClaimValue element "
+ + valueNode.getLocalName());
+ return null;
+ }
+ } else {
+ LOG.warning("No child element of ClaimValue element available");
+ return null;
+ }
+
+ requestClaim.setOptional(Boolean.parseBoolean(claimTypeOptional));
+
+ return requestClaim;
+ }
+
+ LOG.fine("Found unknown element: " + claimLocalName + " " + claimNS);
+ return null;
+ }
+
+ /**
+ * Return the supported dialect of this class
+ */
+ public String getSupportedDialect() {
+ return DIALECT;
+ }
+}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl Fri Sep 7 15:58:36 2012
@@ -45,6 +45,23 @@
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItTransportSAML1CustomClaimsBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItBindingTransportSAML1CustomClaimsPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
<wsdl:binding name="DoubleItTransportSAML2ClaimsBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItBindingTransportSAML2ClaimsPolicy" />
<soap:binding style="document"
@@ -85,6 +102,11 @@
<soap:address
location="https://localhost:8081/doubleit/services/doubleittransportsaml1claims" />
</wsdl:port>
+ <wsdl:port name="DoubleItTransportSAML1CustomClaimsPort"
+ binding="tns:DoubleItTransportSAML1CustomClaimsBinding">
+ <soap:address
+ location="https://localhost:8081/doubleit/services/doubleittransportsaml1customclaims" />
+ </wsdl:port>
<wsdl:port name="DoubleItTransportSAML2ClaimsPort"
binding="tns:DoubleItTransportSAML2ClaimsBinding">
<soap:address
@@ -172,6 +194,81 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItBindingTransportSAML1CustomClaimsPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+ <t:Claims Dialect="http://schemas.mycompany.com/claims"
+ xmlns:ic="http://schemas.mycompany.com/claims">
+ <ic:ClaimType Uri="http://schemas.mycompany.com/claims/language"/>
+ </t:Claims>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference />
+ </wsp:Policy>
+ <sp:Issuer>
+ <wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+ </wsaw:Address>
+ <wsaw:Metadata>
+ <wsx:Metadata>
+ <wsx:MetadataSection>
+ <wsx:MetadataReference>
+ <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+ </wsaw:Address>
+ </wsx:MetadataReference>
+ </wsx:MetadataSection>
+ </wsx:Metadata>
+ </wsaw:Metadata>
+ </sp:Issuer>
+ </sp:IssuedToken>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItBindingTransportSAML2ClaimsPolicy">
<wsp:ExactlyOne>
<wsp:All>
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml Fri Sep 7 15:58:36 2012
@@ -63,6 +63,32 @@ http://cxf.apache.org/configuration/secu
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML1CustomClaimsPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation"
+ value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+ <property name="serviceName"
+ value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName"
+ value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+ <property name="properties">
+ <map>
+ <entry key="ws-security.username" value="alice"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.sts.token.username" value="myclientkey"/>
+ <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
+ <entry key="ws-security.sts.token.usecert" value="true"/>
+ </map>
+ </property>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler"
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml Fri Sep 7 15:58:36 2012
@@ -58,6 +58,25 @@
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint id="doubleittransportsaml1customclaims"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItTransportSAML1CustomClaimsPort"
+ serviceName="s:DoubleItService"
+ depends-on="ClientAuthHttpsSettings"
+ address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml1customclaims"
+ wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl"
+ xmlns:s="http://www.example.org/contract/DoubleIt">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml1.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.ClaimsValidator"/>
+ </entry>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
<jaxws:endpoint id="doubleittransportsaml2claims"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
endpointName="s:DoubleItTransportSAML2ClaimsPort"
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml?rev=1382076&r1=1382075&r2=1382076&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml Fri Sep 7 15:58:36 2012
@@ -107,6 +107,20 @@
-->
<bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
<property name="claimHandlers" ref="claimHandlerList" />
+ <property name="claimParsers" ref="claimParserList" />
+ </bean>
+
+ <util:list id="claimParserList">
+ <ref bean="customClaimsParser" />
+ <ref bean="identityClaimsParser" />
+ </util:list>
+
+ <bean id="customClaimsParser"
+ class="org.apache.cxf.systest.sts.deployment.CustomClaimsParser">
+ </bean>
+
+ <bean id="identityClaimsParser"
+ class="org.apache.cxf.sts.claims.IdentityClaimsParser">
</bean>
<util:list id="claimHandlerList">