You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/01/14 17:12:22 UTC
svn commit: r1558090 - in /cxf/trunk/systests/ws-security/src/test:
java/org/apache/cxf/systest/ws/saml/
resources/org/apache/cxf/systest/ws/saml/
Author: coheigea
Date: Tue Jan 14 16:12:22 2014
New Revision: 1558090
URL: http://svn.apache.org/r1558090
Log:
Replacing deprecated API
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java
- copied, changed from r1558030, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/XACMLAuthorizingInterceptor.java
Removed:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/XACMLAuthorizingInterceptor.java
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java (from r1558030, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/XACMLAuthorizingInterceptor.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/XACMLAuthorizingInterceptor.java&r1=1558030&r2=1558090&rev=1558090&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/XACMLAuthorizingInterceptor.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java Tue Jan 14 16:12:22 2014
@@ -21,9 +21,17 @@ package org.apache.cxf.systest.ws.saml;
import java.util.List;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.rt.security.xacml.AbstractXACMLAuthorizingInterceptor;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+
+import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.rt.security.xacml.XACMLConstants;
+import org.apache.cxf.rt.security.xacml.pdp.api.PolicyDecisionPoint;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.opensaml.Configuration;
import org.opensaml.xacml.XACMLObjectBuilder;
import org.opensaml.xacml.ctx.AttributeType;
@@ -35,16 +43,24 @@ import org.opensaml.xacml.ctx.StatusCode
import org.opensaml.xacml.ctx.StatusType;
import org.opensaml.xacml.ctx.SubjectType;
import org.opensaml.xml.XMLObjectBuilderFactory;
-
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
/**
- * A test implementation of AbstractXACMLAuthorizingInterceptor. It just mocks up a Response
+ * A test implementation of PolicyDecisionPoint. It just mocks up a Response
* object based on the role of the Subject. If the role is "manager" then it permits the
* request, otherwise it denies it.
*/
-public class XACMLAuthorizingInterceptor extends AbstractXACMLAuthorizingInterceptor {
+public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint {
+
+ public PolicyDecisionPointMockImpl() {
+ org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
+ }
- public ResponseType performRequest(RequestType request, Message message) throws Exception {
+ @Override
+ public Source evaluate(Source request) {
+ RequestType requestType = requestSourceToRequestType(request);
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
@@ -75,7 +91,7 @@ public class XACMLAuthorizingInterceptor
DecisionType decisionType = decisionTypeBuilder.buildObject();
- String role = getSubjectRole(request);
+ String role = getSubjectRole(requestType);
if ("manager".equals(role)) {
decisionType.setDecision(DecisionType.DECISION.Permit);
} else {
@@ -94,9 +110,35 @@ public class XACMLAuthorizingInterceptor
ResponseType response = responseTypeBuilder.buildObject();
response.setResult(result);
- return response;
+ return responseType2Source(response);
}
-
+
+ private RequestType requestSourceToRequestType(Source requestSource) {
+ try {
+ Transformer trans = TransformerFactory.newInstance().newTransformer();
+ DOMResult res = new DOMResult();
+ trans.transform(requestSource, res);
+ Node nd = res.getNode();
+ if (nd instanceof Document) {
+ nd = ((Document)nd).getDocumentElement();
+ }
+ return (RequestType)OpenSAMLUtil.fromDom((Element)nd);
+ } catch (Exception e) {
+ throw new RuntimeException("Error converting pdp response to ResponseType", e);
+ }
+ }
+
+ private Source responseType2Source(ResponseType response) {
+ Document doc = DOMUtils.createDocument();
+ Element responseElement;
+ try {
+ responseElement = OpenSAMLUtil.toDom(response, doc);
+ } catch (WSSecurityException e) {
+ throw new RuntimeException("Error converting PDP RequestType to Dom", e);
+ }
+ return new DOMSource(responseElement);
+ }
+
private String getSubjectRole(RequestType request) {
List<SubjectType> subjects = request.getSubjects();
if (subjects != null) {
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml?rev=1558090&r1=1558089&r2=1558090&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml Tue Jan 14 16:12:22 2014
@@ -227,7 +227,9 @@
</p:policies>
</jaxws:features>
</jaxws:endpoint>
- <bean class="org.apache.cxf.systest.ws.saml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+ <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
+ <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+ <constructor-arg ref="MockPDP"/>
</bean>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
<jaxws:properties>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml?rev=1558090&r1=1558089&r2=1558090&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml Tue Jan 14 16:12:22 2014
@@ -248,7 +248,9 @@
</p:policies>
</jaxws:features>
</jaxws:endpoint>
- <bean class="org.apache.cxf.systest.ws.saml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+ <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
+ <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
+ <constructor-arg ref="MockPDP"/>
</bean>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
<jaxws:properties>