You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/10/20 17:15:17 UTC
svn commit: r1186845 [2/8] - in /cxf/trunk/services/sts/systests/advanced:
./ src/ src/test/ src/test/java/ src/test/java/org/
src/test/java/org/apache/ src/test/java/org/apache/cxf/
src/test/java/org/apache/cxf/systest/ src/test/java/org/apache/cxf/sy...
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.ws.security.WSPasswordCallback;
+
+public class CommonCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("myservicekey".equals(pc.getIdentifier())) {
+ pc.setPassword("skpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ } else if ("eve".equals(pc.getIdentifier())) {
+ pc.setPassword("evekpass");
+ break;
+ } else if ("mystskey".equals(pc.getIdentifier())) {
+ pc.setPassword("stskpass");
+ break;
+ }
+ }
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.security.Principal;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.feature.Features;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt",
+ serviceName = "DoubleItService",
+ endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+
+ @Resource
+ WebServiceContext wsContext;
+
+ public int doubleIt(int numberToDouble) {
+ Principal pr = wsContext.getUserPrincipal();
+
+ Assert.assertNotNull("Principal must not be null", pr);
+ Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
+
+ return numberToDouble * 2;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.example.contract.doubleit.DoubleItPortType;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public final class TokenTestUtils {
+
+ private TokenTestUtils() {
+ //
+ }
+
+
+ public static void verifyToken(DoubleItPortType port) throws Exception {
+ Client client = ClientProxy.getClient(port);
+ Endpoint ep = client.getEndpoint();
+ String id = (String)ep.get(SecurityConstants.TOKEN_ID);
+ TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+ org.apache.cxf.ws.security.tokenstore.SecurityToken tok = store.getToken(id);
+ assertNotNull(tok);
+ STSClient sts = (STSClient)ep.get(SecurityConstants.STS_CLIENT);
+
+ List<SecurityToken> validTokens = sts.validateSecurityToken(tok);
+ assertTrue(validTokens != null && !validTokens.isEmpty());
+
+ //mess with the token a bit to force it to fail to validate
+ Element e = tok.getToken();
+ Element e2 = DOMUtils.getFirstChildWithName(e, e.getNamespaceURI(), "Conditions");
+ String nb = e2.getAttribute("NotBefore");
+ String noa = e2.getAttribute("NotOnOrAfter");
+ nb = "2010" + nb.substring(4);
+ noa = "2010" + noa.substring(4);
+ e2.setAttribute("NotBefore", nb);
+ e2.setAttribute("NotOnOrAfter", noa);
+ try {
+ sts.validateSecurityToken(tok);
+ fail("Failure expected on an invalid token");
+ } catch (org.apache.cxf.ws.security.trust.TrustException ex) {
+ // expected
+ }
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.custom_onbehalfof;
+
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+
+/**
+ * This class validates a custom BinarySecurityToken by dispatching it to an STS. It then
+ * checks that we get back a SAML2 Assertion from the STS.
+ */
+public class CustomBSTTokenValidator extends STSTokenValidator {
+
+ public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+ Credential validatedCredential = super.validate(credential, data);
+
+ AssertionWrapper transformedToken = validatedCredential.getTransformedToken();
+ if (transformedToken == null || transformedToken.getSaml2() == null
+ || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) {
+ throw new WSSecurityException(WSSecurityException.FAILURE);
+ }
+
+ return validatedCredential;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.custom_onbehalfof;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client requests a Security Token from an STS, passing a username that
+ * it has obtained from an unknown client as an "OnBehalfOf" element. This username is obtained
+ * by parsing the "ws-security.username" property. The client then invokes on the service
+ * provider using the returned (custom BinarySecurityToken) token from the STS. The service
+ * provider dispatches the received BinarySecurityToken to the STS for validation, and receives
+ * a transformed SAML Token in response.
+ */
+public class CustomOnBehalfOfTest extends AbstractBusClientServerTestBase {
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(Server.class);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(org.apache.cxf.systest.sts.deployment.STSServer.class, true)
+ );
+ }
+
+ @org.junit.Test
+ public void testUsernameOnBehalfOf() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = CustomOnBehalfOfTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = CustomOnBehalfOfTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomBSTPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ ((BindingProvider)transportPort).getRequestContext().put(
+ "ws-security.username", "alice"
+ );
+ doubleIt(transportPort, 25);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ System.out.println("The number " + numToDouble + " doubled is " + resp);
+ assertTrue(resp == 2 * numToDouble);
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.custom_onbehalfof;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsManager;
+import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.saml.ext.bean.AttributeBean;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+
+public class CustomAttributeStatementProvider implements AttributeStatementProvider {
+
+ public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
+
+ // Handle Claims
+ ClaimsManager claimsManager = providerParameters.getClaimsManager();
+ ClaimCollection retrievedClaims = new ClaimCollection();
+ if (claimsManager != null) {
+ retrievedClaims =
+ claimsManager.retrieveClaimValues(
+ providerParameters.getPrincipal(), providerParameters.getRequestedClaims()
+ );
+ }
+
+ List<AttributeBean> attributeList = new ArrayList<AttributeBean>();
+ String tokenType = providerParameters.getTokenRequirements().getTokenType();
+
+ Iterator<Claim> claimIterator = retrievedClaims.iterator();
+ if (!claimIterator.hasNext()) {
+ return null;
+ }
+
+ AttributeStatementBean attrBean = new AttributeStatementBean();
+ while (claimIterator.hasNext()) {
+ Claim claim = claimIterator.next();
+ AttributeBean attributeBean = new AttributeBean();
+ URI name = claim.getNamespace().relativize(claim.getClaimType());
+ if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ attributeBean.setQualifiedName(name.toString());
+ attributeBean.setNameFormat(claim.getNamespace().toString());
+ } else {
+ attributeBean.setSimpleName(name.toString());
+ attributeBean.setQualifiedName(claim.getNamespace().toString());
+ }
+ attributeBean.setAttributeValues(Collections.singletonList(claim.getValue()));
+ attributeList.add(attributeBean);
+ }
+ attrBean.setSamlAttributes(attributeList);
+
+ return attrBean;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.deployment;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.BinarySecurity;
+
+/**
+ * A TokenProvider implementation that creates a (custom) BinarySecurityToken.
+ */
+public class CustomBSTTokenProvider implements TokenProvider {
+
+ private static final String TOKEN_TYPE =
+ "http://custom.apache.org/token";
+ private static final String BASE64_NS =
+ WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
+
+ public boolean canHandleToken(String tokenType) {
+ if (TOKEN_TYPE.equals(tokenType)) {
+ return true;
+ }
+ return false;
+ }
+
+ public boolean canHandleToken(String tokenType, String realm) {
+ return canHandleToken(tokenType);
+ }
+
+ public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+ try {
+ Document doc = DOMUtils.createDocument();
+
+ // Mock up a BinarySecurityToken
+ String id = "BST-1234";
+ BinarySecurity bst = new BinarySecurity(doc);
+ bst.addWSSENamespace();
+ bst.addWSUNamespace();
+ bst.setID(id);
+ bst.setValueType(TOKEN_TYPE);
+ bst.setEncodingType(BASE64_NS);
+ bst.setToken("12345678".getBytes());
+
+ TokenProviderResponse response = new TokenProviderResponse();
+ response.setToken(bst.getElement());
+ response.setTokenId(id);
+
+ return response;
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+ }
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.deployment;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
+import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.util.Base64;
+
+
+/**
+ * A TokenProvider implementation that validates a (custom) BinarySecurityToken.
+ */
+public class CustomBSTTokenValidator implements TokenValidator {
+
+ private static final String TOKEN_TYPE =
+ "http://custom.apache.org/token";
+
+ public boolean canHandleToken(ReceivedToken validateTarget) {
+ Object token = validateTarget.getToken();
+ if ((token instanceof BinarySecurityTokenType)
+ && TOKEN_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
+ return true;
+ }
+ return false;
+ }
+
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+ return canHandleToken(validateTarget);
+ }
+
+ public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+ TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+ ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+ if (validateTarget == null || !validateTarget.isBinarySecurityToken()) {
+ TokenValidatorResponse response = new TokenValidatorResponse();
+ response.setValid(false);
+ return response;
+ }
+ BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType)validateTarget.getToken();
+
+ TokenValidatorResponse response = new TokenValidatorResponse();
+ //
+ // Do some validation of the token here
+ //
+ if (Base64.encode("12345678".getBytes()).equals(binarySecurityToken.getValue())) {
+ response.setValid(true);
+ }
+ response.setPrincipal(new CustomTokenPrincipal("alice"));
+
+ return response;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URI;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
+
+/**
+ * A custom ClaimsHandler implementation for use in the tests.
+ */
+public class CustomClaimsHandler implements ClaimsHandler {
+
+ public static final URI ROLE =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+ public ClaimCollection retrieveClaimValues(Principal principal, RequestClaimCollection claims) {
+ if (claims != null && claims.size() > 0) {
+ ClaimCollection claimCollection = new ClaimCollection();
+ for (RequestClaim requestClaim : claims) {
+ Claim claim = new Claim();
+ claim.setClaimType(requestClaim.getClaimType());
+ claim.setIssuer("Test Issuer");
+ claim.setOriginalIssuer("Original Issuer");
+ claim.setValue("admin-user");
+ claimCollection.add(claim);
+ }
+ return claimCollection;
+ }
+ return null;
+ }
+
+ public List<URI> getSupportedClaimTypes() {
+ List<URI> list = new ArrayList<URI>();
+ list.add(ROLE);
+ return list;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+ public STSServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = STSServer.class.getResource("cxf-sts.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new STSServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new STSServer().run();
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.UsernameToken;
+
+/**
+ * A TokenProvider implementation that creates a UsernameToken.
+ */
+public class CustomUsernameTokenProvider implements TokenProvider {
+
+ private static final String TOKEN_TYPE =
+ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";
+
+ public boolean canHandleToken(String tokenType) {
+ if (TOKEN_TYPE.equals(tokenType)) {
+ return true;
+ }
+ return false;
+ }
+
+ public boolean canHandleToken(String tokenType, String realm) {
+ return canHandleToken(tokenType);
+ }
+
+ public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+ try {
+ Document doc = DOMUtils.createDocument();
+
+ // Mock up a UsernameToken
+ UsernameToken usernameToken = new UsernameToken(true, doc, WSConstants.PASSWORD_TEXT);
+ usernameToken.setName("alice");
+ usernameToken.setPassword("password");
+ String id = "UT-1234";
+ usernameToken.addWSSENamespace();
+ usernameToken.addWSUNamespace();
+ usernameToken.setID(id);
+
+ TokenProviderResponse response = new TokenProviderResponse();
+ response.setToken(usernameToken.getElement());
+ response.setTokenId(id);
+
+ // Store the token in the cache
+ if (tokenParameters.getTokenStore() != null) {
+ SecurityToken secrutiyToken = new SecurityToken(usernameToken.getID());
+ secrutiyToken.setToken(usernameToken.getElement());
+ secrutiyToken.setAssociatedHash(usernameToken.hashCode());
+ tokenParameters.getTokenStore().add(secrutiyToken);
+ }
+
+ return response;
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+ }
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * This is a series of tests of the distributed caching abilities of the STS. In these test-cases,
+ * a CXF client invokes on an STS and obtains a security token, which is sent to a service provider.
+ * The service provider is configured to validate the received token against a second STS instance.
+ * Both STS instances must have a shared distributed cache, and enough time must have elapsed for
+ * the first STS instance to replicate the credential to the second STS instance for the test to
+ * work.
+ */
+public class DistributedCachingTest extends AbstractBusClientServerTestBase {
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(Server.class);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer2.class, true)
+ );
+ }
+
+ @org.junit.Test
+ public void testSecurityContextToken() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DistributedCachingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DistributedCachingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSCTPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ doubleIt(transportPort, 25);
+ }
+
+ @org.junit.Test
+ public void testSAMLToken() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DistributedCachingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DistributedCachingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSAMLPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ doubleIt(transportPort, 25);
+ }
+
+ @org.junit.Test
+ public void testUsernameToken() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DistributedCachingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DistributedCachingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItUsernameTokenPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ doubleIt(transportPort, 25);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ System.out.println("The number " + numToDouble + " doubled is " + resp);
+ assertTrue(resp == 2 * numToDouble);
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.util.Collection;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+
+/**
+ * This class validates a SecurityContextToken by dispatching it to an STS. It pauses first to make sure
+ * that the SCT is replicated in the distributed cache to the (second) STS instance
+ */
+public class SCTTokenValidator extends STSTokenValidator {
+
+ public SCTTokenValidator() {
+ super();
+ }
+
+ public SCTTokenValidator(boolean alwaysValidateToSTS) {
+ super(alwaysValidateToSTS);
+ }
+
+ public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+ // Sleep to make sure token gets replicated
+ try {
+ Thread.sleep(2 * 1000);
+ } catch (InterruptedException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ Credential validatedCredential = super.validate(credential, data);
+
+ // Hack to verify the IssuedToken assertion, as this is not done by default in CXF for a
+ // SecurityContextToken
+ SoapMessage soapMessage = (SoapMessage)data.getMsgContext();
+ AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class);
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ }
+
+ return validatedCredential;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+ public STSServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = STSServer.class.getResource("cxf-sts-1.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new STSServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new STSServer().run();
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer2 extends AbstractBusTestServerBase {
+
+ public STSServer2() {
+
+ }
+
+ protected void run() {
+ URL busFile = STSServer2.class.getResource("cxf-sts-2.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new STSServer2();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new STSServer2().run();
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.kerberos;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test, a CXF client requests a SAML2 HOK Assertion from the STS, which has a policy of requiring
+ * a KerberosToken over the TransportBinding. The CXF client retrieves a service ticket from the KDC and
+ * inserts it into the security header of the request. The STS validates the ticket using the
+ * KerberosTokenValidator.
+ *
+ * The tests are @Ignored by default, as a KDC is needed. To replicate the test scenario, set up a KDC with
+ * user principal "alice" (keytab in "/etc/alice.keytab"), and host service "bob@service.ws.apache.org"
+ * (keytab in "/etc/bob.keytab").
+ */
+public class KerberosTokenTest extends AbstractBusClientServerTestBase {
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(Server.class);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(org.apache.cxf.systest.sts.deployment.STSServer.class, true)
+ );
+ }
+
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testKerberosToken() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = KerberosTokenTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = KerberosTokenTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
+ DoubleItPortType transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+
+ doubleIt(transportSaml2Port, 25);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ System.out.println("The number " + numToDouble + " doubled is " + resp);
+ assertTrue(resp == 2 * numToDouble);
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.kerberos;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.security.Principal;
+
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+/**
+ * A test implementation of RealmParser.
+ */
+public class CustomIdentityMapper implements IdentityMapper {
+
+ /**
+ * Map a principal in the source realm to the target realm
+ * @param sourceRealm the source realm of the Principal
+ * @param sourcePrincipal the principal in the source realm
+ * @param targetRealm the target realm of the Principal
+ * @return the principal in the target realm
+ */
+ public Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm) {
+ if ("A".equals(sourceRealm) && "B".equals(targetRealm)) {
+ return new CustomTokenPrincipal("B-Principal");
+ } else if ("B".equals(sourceRealm) && "A".equals(targetRealm)) {
+ return new CustomTokenPrincipal("A-Principal");
+ }
+ return null;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test, a CXF client obtains a SAML token from an STS in one realm and sends it to a CXF
+ * endpoint. The CXF endpoint dispatches it for validation to a different STS.
+ */
+public class DifferentRealmTest extends AbstractBusClientServerTestBase {
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(Server.class);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer2.class, true)
+ );
+ }
+
+ /**
+ * In this test, a token is issued by the first STS in realm "A". The second STS is configured
+ * to trust the signing cert of realm "A" (via a cert constraint) and so authentication succeeds.
+ */
+ @org.junit.Test
+ public void testKnownRealm() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItRealmAPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ doubleIt(transportPort, 25);
+ }
+
+ /**
+ * In this test, a token is issued by the first STS in the default realm. The second STS is
+ * configured to trust the signing cert of the default realm (via a cert constraint) and so
+ * authentication succeeds.
+ */
+ @org.junit.Test
+ public void testDefaultRealm() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItDefaultRealmPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ doubleIt(transportPort, 25);
+ }
+
+ /**
+ * In this test, a token is issued by the first STS in realm "C". The second STS is not
+ * configured to trust realm "C" (via a cert constraint) and so authentication does not succeed.
+ */
+ @org.junit.Test
+ public void testUnknownRealm() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItRealmCPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ try {
+ doubleIt(transportPort, 25);
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ /**
+ * In this test, a token is issued by the first STS in realm "A". The second STS is configured
+ * to trust realm "A" (via a cert constraint) and so authentication succeeds. The service
+ * endpoint also sends a tokenType (SAML2) to the second STS, and so the IdentityMapper is
+ * invoked to transform the authenticated principal into a principal in the current realm.
+ */
+ @org.junit.Test
+ public void testRealmTransform() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItRealmTransformPort");
+ DoubleItPortType transportPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportPort, PORT);
+
+ // Transport port
+ doubleIt(transportPort, 25);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ System.out.println("The number " + numToDouble + " doubled is " + resp);
+ assertTrue(resp == 2 * numToDouble);
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+import org.opensaml.saml2.core.Assertion;
+
+/**
+ * This class validates a SAML Assertion by dispatching it to an STS. It then
+ * checks that we get back a SAML2 Assertion from the STS with a specific principal name as the
+ * subject.
+ */
+public class DifferentRealmValidator extends STSTokenValidator {
+
+ public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+ Credential validatedCredential = super.validate(credential, data);
+
+ AssertionWrapper transformedToken = validatedCredential.getTransformedToken();
+ if (transformedToken == null || transformedToken.getSaml2() == null
+ || !"B-Issuer".equals(transformedToken.getIssuerString())) {
+ throw new WSSecurityException(WSSecurityException.FAILURE);
+ }
+
+ Assertion assertion = transformedToken.getSaml2();
+ if (!"B-Principal".equals(assertion.getSubject().getNameID().getValue())) {
+ throw new WSSecurityException(WSSecurityException.FAILURE);
+ }
+
+ return validatedCredential;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.realms;
+
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+
+
+/**
+ * This class returns a realm associated with a SAML Assertion depending on the issuer.
+ */
+public class IssuerSAMLRealmCodec implements SAMLRealmCodec {
+
+ /**
+ * Get the realm associated with the AssertionWrapper parameter
+ * @param assertion a SAML Assertion wrapper object
+ * @return the realm associated with the AssertionWrapper parameter
+ */
+ public String getRealmFromToken(AssertionWrapper assertion) {
+ if ("A-Issuer".equals(assertion.getIssuerString())) {
+ return "A";
+ } else if ("B-Issuer".equals(assertion.getIssuerString())) {
+ return "B";
+ }
+ return null;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+ public STSServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = STSServer.class.getResource("cxf-sts-saml1.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new STSServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new STSServer().run();
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer2 extends AbstractBusTestServerBase {
+
+ public STSServer2() {
+
+ }
+
+ protected void run() {
+ URL busFile = STSServer2.class.getResource("cxf-sts-saml2.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new STSServer2();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new STSServer2().run();
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.RealmParser;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * A test implementation of RealmParser which returns a realm depending on a String contained
+ * in the URL of the service request.
+ */
+public class URLRealmParser implements RealmParser {
+
+ public String parseRealm(WebServiceContext context) throws STSException {
+ String url = (String)context.getMessageContext().get("org.apache.cxf.request.url");
+ if (url.contains("realmA")) {
+ return "A";
+ } else if (url.contains("realmB")) {
+ return "B";
+ } else if (url.contains("realmC")) {
+ return "C";
+ }
+
+ return null;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import javax.jws.WebService;
+
+import org.apache.cxf.feature.Features;
+import org.example.contract.doubleit.DoubleItPortType;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt",
+ serviceName = "DoubleItService",
+ endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+
+ public int doubleIt(int numberToDouble) {
+ return numberToDouble * 2;
+ }
+
+}