You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/08/05 17:48:06 UTC
cxf git commit: [CXF-6521] Updating RS SAML Interceptors to get STS
SAML token if available
Repository: cxf
Updated Branches:
refs/heads/master 95e8711bd -> 4800bc8de
[CXF-6521] Updating RS SAML Interceptors to get STS SAML token if available
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4800bc8d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4800bc8d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4800bc8d
Branch: refs/heads/master
Commit: 4800bc8de7d7626fab25d8ab775e3da1ecec5007
Parents: 95e8711
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Aug 5 16:47:51 2015 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Aug 5 16:47:51 2015 +0100
----------------------------------------------------------------------
.../org/apache/cxf/rs/security/saml/SAMLConstants.java | 1 +
.../org/apache/cxf/rs/security/saml/SAMLUtils.java | 13 +++++++++++++
.../cxf/rs/security/saml/SamlFormOutInterceptor.java | 10 ++--------
.../cxf/rs/security/saml/SamlHeaderOutInterceptor.java | 10 ++--------
.../org/apache/cxf/ws/security/SecurityConstants.java | 1 +
.../cxf/ws/security/trust/STSTokenRetriever.java | 2 ++
6 files changed, 21 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
index d69b004..75458c3 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java
@@ -29,6 +29,7 @@ public final class SAMLConstants {
* SamlHeaderOutInterceptor will use this token instead of creating a new SAML Token.
*/
public static final String SAML_TOKEN_ELEMENT = "rs-security.saml.token.element";
+ public static final String WS_SAML_TOKEN_ELEMENT = "ws-security.token.element";
private SAMLConstants() {
// complete
http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index f4ebcb0..1471191 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -24,10 +24,13 @@ import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
+import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.saml.assertion.Subject;
@@ -64,6 +67,16 @@ public final class SAMLUtils {
public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
try {
+ // Check if the token is already available in the current context;
+ // For example, STS Client can set it up.
+ Element samlToken =
+ (Element)MessageUtils.getContextualProperty(message,
+ SAMLConstants.WS_SAML_TOKEN_ELEMENT,
+ SAMLConstants.SAML_TOKEN_ELEMENT);
+ if (samlToken != null) {
+ return new SamlAssertionWrapper(samlToken);
+ }
+ // Finally try to get a self-signed assertion
CallbackHandler handler = RSSecurityUtils.getCallbackHandler(
message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
return createAssertion(message, handler);
http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
index 62756a9..757003e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
@@ -28,6 +28,7 @@ import javax.ws.rs.core.MultivaluedMap;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
@@ -48,14 +49,7 @@ public class SamlFormOutInterceptor extends AbstractSamlOutInterceptor {
}
try {
- Element samlToken =
- (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
- SamlAssertionWrapper assertionWrapper;
- if (samlToken != null) {
- assertionWrapper = new SamlAssertionWrapper(samlToken);
- } else {
- assertionWrapper = createAssertion(message);
- }
+ SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(message);
Document doc = DOMUtils.newDocument();
Element assertionElement = assertionWrapper.toDOM(doc);
http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
index 29f3b7c..c1e840c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
@@ -28,6 +28,7 @@ import java.util.logging.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
@@ -42,14 +43,7 @@ public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
public void handleMessage(Message message) throws Fault {
try {
- Element samlToken =
- (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
- SamlAssertionWrapper assertionWrapper;
- if (samlToken != null) {
- assertionWrapper = new SamlAssertionWrapper(samlToken);
- } else {
- assertionWrapper = createAssertion(message);
- }
+ SamlAssertionWrapper assertionWrapper = createAssertion(message);
Document doc = DOMUtils.newDocument();
Element assertionElement = assertionWrapper.toDOM(doc);
http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 28702ad..96e1dc2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -496,6 +496,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
public static final String TOKEN = "ws-security.token";
public static final String TOKEN_ID = "ws-security.token.id";
+ public static final String TOKEN_ELEMENT = "ws-security.token.element";
public static final Set<String> ALL_PROPERTIES;
http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
index 5c9c578..c9e5dc0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
@@ -69,12 +69,14 @@ public final class STSTokenRetriever {
if (cacheIssuedToken) {
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN, tok);
message.getExchange().put(SecurityConstants.TOKEN, tok);
+ message.put(SecurityConstants.TOKEN_ELEMENT, tok.getToken());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID,
tok.getId());
} else {
message.put(SecurityConstants.TOKEN, tok);
message.put(SecurityConstants.TOKEN_ID, tok.getId());
+ message.put(SecurityConstants.TOKEN_ELEMENT, tok.getToken());
}
// ?
TokenStoreUtils.getTokenStore(message).add(tok);