You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/24 14:20:25 UTC
svn commit: r1506515 - in /cxf/trunk/services/sts:
sts-core/src/main/java/org/apache/cxf/sts/token/provider/
sts-core/src/test/java/org/apache/cxf/sts/token/provider/
systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/
Author: coheigea
Date: Wed Jul 24 12:20:24 2013
New Revision: 1506515
URL: http://svn.apache.org/r1506515
Log:
Remove "OnBehalfOf" Attribute from created OnBehalfOf Assertions
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java?rev=1506515&r1=1506514&r2=1506515&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java Wed Jul 24 12:20:24 2013
@@ -55,19 +55,11 @@ public class DefaultAttributeStatementPr
AttributeBean attributeBean = createDefaultAttribute(tokenType);
attributeList.add(attributeBean);
- ReceivedToken onBehalfOf = tokenRequirements.getOnBehalfOf();
ReceivedToken actAs = tokenRequirements.getActAs();
try {
- if (onBehalfOf != null) {
- AttributeBean parameterBean =
- handleAdditionalParameters(false, onBehalfOf.getToken(), tokenType);
- if (!parameterBean.getAttributeValues().isEmpty()) {
- attributeList.add(parameterBean);
- }
- }
if (actAs != null) {
AttributeBean parameterBean =
- handleAdditionalParameters(true, actAs.getToken(), tokenType);
+ handleAdditionalParameters(actAs.getToken(), tokenType);
if (!parameterBean.getAttributeValues().isEmpty()) {
attributeList.add(parameterBean);
}
@@ -102,16 +94,15 @@ public class DefaultAttributeStatementPr
}
/**
- * Handle ActAs or OnBehalfOf elements.
+ * Handle an ActAs element.
*/
private AttributeBean handleAdditionalParameters(
- boolean actAs,
Object parameter,
String tokenType
) throws WSSecurityException {
AttributeBean parameterBean = new AttributeBean();
- String claimType = actAs ? "ActAs" : "OnBehalfOf";
+ String claimType = "ActAs";
if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) {
parameterBean.setQualifiedName(claimType);
parameterBean.setNameFormat("http://cxf.apache.org/sts");
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java?rev=1506515&r1=1506514&r2=1506515&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java Wed Jul 24 12:20:24 2013
@@ -86,7 +86,6 @@ public class SAMLProviderOnBehalfOfTest
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
- assertTrue(tokenString.contains("OnBehalfOf"));
assertTrue(tokenString.contains("bob"));
}
@@ -118,7 +117,6 @@ public class SAMLProviderOnBehalfOfTest
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains(user));
- assertTrue(tokenString.contains("OnBehalfOf"));
}
/**
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java?rev=1506515&r1=1506514&r2=1506515&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java Wed Jul 24 12:20:24 2013
@@ -20,21 +20,19 @@ package org.apache.cxf.systest.sts.inter
import java.util.List;
-import org.w3c.dom.Element;
-
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
/**
- * This class validates a SAML 2 Assertion and checks that it has an OnBehalfOf Attribute with
- * a value containing "alice" or "bob".
+ * This class validates a SAML 2 Assertion and checks that it has a Subject with a value
+ * containing "alice" or bob
*/
public class OnBehalfOfValidator extends SamlAssertionValidator {
@@ -53,20 +51,11 @@ public class OnBehalfOfValidator extends
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
- for (AttributeStatement statement : attributeStatements) {
- List<Attribute> attributes = statement.getAttributes();
- for (Attribute attribute : attributes) {
- if (!"OnBehalfOf".equals(attribute.getName())) {
- continue;
- }
- for (XMLObject attributeValue : attribute.getAttributeValues()) {
- Element attributeValueElement = attributeValue.getDOM();
- String text = attributeValueElement.getTextContent();
- if (text.contains("alice") || text.contains("bob")) {
- return validatedCredential;
- }
- }
- }
+ Subject subject = saml2Assertion.getSubject();
+ NameID nameID = subject.getNameID();
+ String subjectName = nameID.getValue();
+ if ("alice".equals(subjectName) || "bob".equals(subjectName)) {
+ return validatedCredential;
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");