You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/09/18 13:17:28 UTC
svn commit: r1524367 -
/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
Author: coheigea
Date: Wed Sep 18 11:17:28 2013
New Revision: 1524367
URL: http://svn.apache.org/r1524367
Log:
[WSS-375] - "Support IssuedToken policy validationSupport IssuedToken policy validation
- Some minor additions
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java?rev=1524367&r1=1524366&r2=1524367&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java Wed Sep 18 11:17:28 2013
@@ -49,6 +49,9 @@ import java.util.Map;
*/
public class IssuedTokenAssertionState extends TokenAssertionState {
+
+ private static final String DEFAULT_CLAIMS_NAMESPACE =
+ "http://schemas.xmlsoap.org/ws/2005/05/identity";
public IssuedTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted, boolean initiator) {
super(assertion, asserted, initiator);
@@ -98,6 +101,16 @@ public class IssuedTokenAssertionState e
}
}
}
+
+ Element claims = issuedToken.getClaims();
+ if (claims != null && issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
+ String errorMsg =
+ validateClaims((Element) claims, (SamlTokenSecurityEvent)issuedTokenSecurityEvent);
+ if (errorMsg != null) {
+ setErrorMessage(errorMsg);
+ return false;
+ }
+ }
} catch (XMLSecurityException e) {
throw new WSSPolicyException(e.getMessage(), e);
}
@@ -177,6 +190,11 @@ public class IssuedTokenAssertionState e
//todo I think the best is if we allow to set custom AssertionStates object on the policy-engine for
//custom validation -> task for WSS4j V2.1 ?
protected String validateClaims(Element claimsPolicy, SamlTokenSecurityEvent samlTokenSecurityEvent) throws WSSecurityException {
+ String dialect = claimsPolicy.getAttributeNS(null, "Dialect");
+ if (!DEFAULT_CLAIMS_NAMESPACE.equals(dialect)) {
+ return null;
+ }
+
Node child = claimsPolicy.getFirstChild();
while (child != null) {
if (child.getNodeType() != Node.ELEMENT_NODE) {
@@ -184,10 +202,6 @@ public class IssuedTokenAssertionState e
continue;
}
- String dialect = claimsPolicy.getAttributeNS(null, "Dialect");
- if (!"http://schemas.xmlsoap.org/ws/2005/05/identity".equals(dialect)) {
- return "Unsupported claims dialect: " + dialect;
- }
if ("ClaimType".equals(child.getLocalName())) {
Element claimType = (Element) child;
String claimTypeUri = claimType.getAttributeNS(null, "Uri");