You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2011/03/10 19:19:16 UTC
svn commit: r1080304 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust:
Messages.properties STSClient.java STSTokenValidator.java TrustException.java
Author: dkulp
Date: Thu Mar 10 18:19:16 2011
New Revision: 1080304
URL: http://svn.apache.org/viewvc?rev=1080304&view=rev
Log:
Change validate method to allow returning security tokens and to throw
an exception if the token is invalid
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties Thu Mar 10 18:19:16 2011
@@ -23,4 +23,4 @@ NO_ID=Could not determine Token ID from
NO_ENTROPY=Could not find Entropy in RequestSecurityTokenResponse
DERIVED_KEY_ERROR=Exception while trying to create secret key from RequestSecurityTokenResponse
ENCRYPTED_KEY_ERROR=Exception while trying to decrypt key from RequestSecurityTokenResponse
-
+VALIDATION_FAILED=Validation of security token failed: {0}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Thu Mar 10 18:19:16 2011
@@ -28,6 +28,7 @@ import java.security.cert.X509Certificat
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
@@ -613,14 +614,21 @@ public class STSClient implements Config
return new PrimitiveAssertion(new QName(ns, local), true);
}
- public boolean validateSecurityToken(SecurityToken tok) throws Exception {
+ public List<SecurityToken> validateSecurityToken(SecurityToken tok) throws Exception {
return validateSecurityToken(tok,
namespace + "/RSTR/Status");
}
- private boolean validateSecurityToken(SecurityToken tok, String string)
+ private List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype)
throws Exception {
createClient();
+
+ if (tokentype == null) {
+ tokentype = tokenType;
+ }
+ if (tokentype == null) {
+ tokentype = namespace + "/RSTR/Status";
+ }
if (addressingNamespace == null) {
addressingNamespace = "http://www.w3.org/2005/08/addressing";
@@ -654,7 +662,7 @@ public class STSClient implements Config
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", namespace);
- writer.writeCharacters(namespace + "/RSTR/Status");
+ writer.writeCharacters(tokentype);
writer.writeEndElement();
writer.writeStartElement("wst", "ValidateTarget", namespace);
@@ -674,15 +682,32 @@ public class STSClient implements Config
throw new Fault("Unexpected element " + el.getLocalName(), LOG);
}
el = DOMUtils.getFirstElement(el);
+ String reason = null;
+ boolean valid = false;
+ List<SecurityToken> tokens = new LinkedList<SecurityToken>();
while (el != null) {
if ("Status".equals(el.getLocalName())) {
Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
String s = DOMUtils.getContent(e2);
- return s.endsWith("/status/valid");
+ valid = s.endsWith("/status/valid");
+
+ e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
+ if (e2 != null) {
+ reason = DOMUtils.getContent(e2);
+ }
+ } else if ("RequestedSecurityToken".equals(el.getLocalName())) {
+ //TODO: get the token out of it. Need to find an STS that actually
+ //suports this first to test it
}
el = DOMUtils.getNextElement(el);
}
- return false;
+ if (!valid) {
+ throw new TrustException(LOG, "VALIDATION_FAILED", reason);
+ }
+ if (tokens.isEmpty()) {
+ tokens.add(tok);
+ }
+ return tokens;
}
public void cancelSecurityToken(SecurityToken token) throws Exception {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java Thu Mar 10 18:19:16 2011
@@ -52,15 +52,14 @@ public class STSTokenValidator implement
STSClient c = STSUtils.getClient(m);
synchronized (c) {
System.setProperty("noprint", "true");
- if (c.validateSecurityToken(token)) {
- return credential;
- }
- System.clearProperty("noprint");
+ c.validateSecurityToken(token);
+ return credential;
}
+ } catch (RuntimeException e) {
+ throw e;
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity", null, e);
}
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java?rev=1080304&r1=1080303&r2=1080304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java Thu Mar 10 18:19:16 2011
@@ -43,7 +43,13 @@ public class TrustException extends Unch
public TrustException(Message msg, Throwable t) {
super(msg, t);
}
-
+ /**
+ * @param msg
+ * @param t
+ */
+ public TrustException(Logger log, String msg, Object ... params) {
+ super(log, msg, params);
+ }
/**
* @param cause
*/