You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/01/30 10:53:26 UTC
[cxf] branch master updated: Adding custom Claims test using
OpenSAML APIs
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new eeab4b9 Adding custom Claims test using OpenSAML APIs
eeab4b9 is described below
commit eeab4b986adadb894dc25d9c50b26fdcd28b38ab
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jan 30 10:53:11 2018 +0000
Adding custom Claims test using OpenSAML APIs
---
.../apache/cxf/systest/sts/claims/ClaimsTest.java | 30 ++++++++
.../sts/deployment/CustomClaimsHandler.java | 23 +++++-
.../apache/cxf/systest/sts/claims/DoubleIt.wsdl | 86 ++++++++++++++++++++++
.../apache/cxf/systest/sts/claims/cxf-client.xml | 5 ++
.../apache/cxf/systest/sts/claims/cxf-service.xml | 9 +++
.../cxf/systest/sts/claims/stax-cxf-service.xml | 10 +++
6 files changed, 161 insertions(+), 2 deletions(-)
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index e7e58ab..3f3c2d4 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -174,6 +174,36 @@ public class ClaimsTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testSaml2CustomClaims() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ClaimsTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ClaimsTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2CustomClaimsPort");
+ DoubleItPortType transportClaimsPort =
+ service.getPort(portQName, DoubleItPortType.class);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
+
+ doubleIt(transportClaimsPort, 25);
+
+ ((java.io.Closeable)transportClaimsPort).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1WrongClaims() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
index 25092b8..e7a717e 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
@@ -28,6 +28,12 @@ import org.apache.cxf.sts.claims.ClaimsHandler;
import org.apache.cxf.sts.claims.ClaimsParameters;
import org.apache.cxf.sts.claims.ProcessedClaim;
import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.opensaml.core.xml.XMLObjectBuilder;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSInteger;
+import org.opensaml.saml.saml2.core.AttributeValue;
/**
* A custom ClaimsHandler implementation for use in the tests.
@@ -40,6 +46,8 @@ public class CustomClaimsHandler implements ClaimsHandler {
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
public static final URI LANGUAGE =
URI.create("http://schemas.mycompany.com/claims/language");
+ public static final URI NUMBER =
+ URI.create("http://schemas.mycompany.com/claims/number");
public ProcessedClaimCollection retrieveClaimValues(
ClaimCollection claims, ClaimsParameters parameters) {
@@ -55,8 +63,18 @@ public class CustomClaimsHandler implements ClaimsHandler {
claim.addValue("admin-user");
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
- } else if (LANGUAGE.equals(requestClaim.getClaimType())) {
- claim.addValue(parameters.getPrincipal().getName());
+ } else if (NUMBER.equals(requestClaim.getClaimType())) {
+ // Create and add a custom Attribute (Integer)
+ OpenSAMLUtil.initSamlEngine();
+ XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
+
+ XMLObjectBuilder<XSInteger> xsIntegerBuilder =
+ (XMLObjectBuilder<XSInteger>)builderFactory.getBuilder(XSInteger.TYPE_NAME);
+ XSInteger attributeValue =
+ xsIntegerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ attributeValue.setValue(5);
+
+ claim.addValue(attributeValue);
}
claimCollection.add(claim);
}
@@ -70,6 +88,7 @@ public class CustomClaimsHandler implements ClaimsHandler {
list.add(ROLE);
list.add(GIVEN_NAME);
list.add(LANGUAGE);
+ list.add(NUMBER);
return list;
}
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
index a16f990..fdc2a05 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/DoubleIt.wsdl
@@ -49,6 +49,21 @@
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItTransportSAML2CustomClaimsBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2CustomClaimsPolicy"/>
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItTransportSAML2ClaimsBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItBindingTransportSAML2ClaimsPolicy"/>
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -101,6 +116,9 @@
<wsdl:port name="DoubleItTransportSAML1CustomClaimsPort" binding="tns:DoubleItTransportSAML1CustomClaimsBinding">
<soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1customclaims"/>
</wsdl:port>
+ <wsdl:port name="DoubleItTransportSAML2CustomClaimsPort" binding="tns:DoubleItTransportSAML2CustomClaimsBinding">
+ <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2customclaims"/>
+ </wsdl:port>
<wsdl:port name="DoubleItTransportSAML2ClaimsPort" binding="tns:DoubleItTransportSAML2ClaimsBinding">
<soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2claims"/>
</wsdl:port>
@@ -247,6 +265,74 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2CustomClaimsPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy/>
+ </wsam:Addressing>
+ <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+ <t:Claims xmlns:ic="http://schemas.mycompany.com/claims" Dialect="http://schemas.mycompany.com/claims">
+ <ic:ClaimType Uri="http://schemas.mycompany.com/claims/number"/>
+ </t:Claims>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ <sp:Issuer>
+ <wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+ </wsaw:Address>
+ <wsaw:Metadata>
+ <wsx:Metadata>
+ <wsx:MetadataSection>
+ <wsx:MetadataReference>
+ <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+ </wsaw:Address>
+ </wsx:MetadataReference>
+ </wsx:MetadataSection>
+ </wsx:Metadata>
+ </wsaw:Metadata>
+ </sp:Issuer>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy wsu:Id="DoubleItBindingTransportSAML2ClaimsPolicy">
<wsp:ExactlyOne>
<wsp:All>
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
index 2666a8f..55b8c64 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client.xml
@@ -49,6 +49,11 @@
<entry key="security.sts.client" value-ref="stsClient"/>
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2CustomClaimsPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.sts.client" value-ref="stsClient"/>
+ </jaxws:properties>
+ </jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
index 9ec010d..568762a 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-service.xml
@@ -37,6 +37,15 @@
</entry>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2customclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2CustomClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.Server}/doubleit/services/doubleittransportsaml2customclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml2.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.ClaimsValidator"/>
+ </entry>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.Server}/doubleit/services/doubleittransportsaml2claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
index 407c3e7..646523f 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
@@ -39,6 +39,16 @@
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2customclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2CustomClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.StaxServer}/doubleit/services/doubleittransportsaml2customclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml2.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.claims.StaxServer}/doubleit/services/doubleittransportsaml2claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
<jaxws:properties>
<entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.