You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/05/03 16:23:21 UTC
svn commit: r1099071 - in /cxf/trunk/systests/ws-security/src/test:
java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
resources/org/apache/cxf/systest/ws/saml/server/server.xml
Author: coheigea
Date: Tue May 3 14:23:20 2011
New Revision: 1099071
URL: http://svn.apache.org/viewvc?rev=1099071&view=rev
Log:
Added a (trivial) example of a SAML Validator to the system tests.
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1099071&r1=1099070&r2=1099071&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java Tue May 3 14:23:20 2011
@@ -32,6 +32,7 @@ import org.apache.cxf.bus.spring.SpringB
import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
import org.apache.cxf.systest.ws.saml.server.Server;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
import org.junit.BeforeClass;
@@ -132,6 +133,19 @@ public class SamlTokenTest extends Abstr
);
BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
assert result.equals(BigInteger.valueOf(50));
+
+ try {
+ SamlCallbackHandler callbackHandler =
+ new SamlCallbackHandler();
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+ saml2Port.doubleIt(BigInteger.valueOf(25));
+ fail("Expected failure on an invocation with a invalid SAML2 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assert ex.getMessage().contains("SAML token security failure");
+ }
}
/**
Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java?rev=1099071&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java (added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java Tue May 3 14:23:20 2011
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.saml.server;
+
+import java.util.List;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SamlAssertionValidator;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AttributeStatement;
+
+/**
+ * This class does some trivial validation of a received SAML Assertion. It checks that it is
+ * a SAML 2 Assertion, and checks the issuer name and confirmation method, and that it has
+ * an Attribute Statement.
+ */
+public class CustomSaml2Validator extends SamlAssertionValidator {
+
+ @Override
+ public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+ Credential validatedCredential = super.validate(credential, data);
+ AssertionWrapper assertion = validatedCredential.getAssertion();
+
+ if (!"sts".equals(assertion.getIssuerString())) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ }
+
+ String confirmationMethod = assertion.getConfirmationMethods().get(0);
+ if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ }
+
+ Assertion saml2Assertion = assertion.getSaml2();
+ if (saml2Assertion == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ }
+
+ List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
+ if (attributeStatements == null || attributeStatements.isEmpty()) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ }
+
+ return validatedCredential;
+ }
+
+}
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?rev=1099071&r1=1099070&r2=1099071&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml Tue May 3 14:23:20 2011
@@ -100,6 +100,8 @@
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
</jaxws:properties>
</jaxws:endpoint>
@@ -122,6 +124,8 @@
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
<entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
</jaxws:properties>
</jaxws:endpoint>
@@ -158,6 +162,8 @@
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
</jaxws:properties>
</jaxws:endpoint>