You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/11 16:25:41 UTC
svn commit: r1531304 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j:
StaxSecurityContextInInterceptor.java
policyhandlers/AbstractStaxBindingHandler.java
Author: coheigea
Date: Fri Oct 11 14:25:40 2013
New Revision: 1531304
URL: http://svn.apache.org/r1531304
Log:
Bug fixes for an Encrypted SAML assertion case
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java?rev=1531304&r1=1531303&r2=1531304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java Fri Oct 11 14:25:40 2013
@@ -120,11 +120,13 @@ public class StaxSecurityContextInInterc
SamlTokenSecurityEvent samlEvent = (SamlTokenSecurityEvent)event;
receivedAssertion = samlEvent.getSamlAssertionWrapper();
- roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
- SAMLSecurityContext context = createSecurityContext(p, roles);
- context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
- context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
- msg.put(SecurityContext.class, context);
+ if (receivedAssertion != null) {
+ roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
+ SAMLSecurityContext context = createSecurityContext(p, roles);
+ context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
+ context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
+ msg.put(SecurityContext.class, context);
+ }
} else {
msg.put(SecurityContext.class, createSecurityContext(p));
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1531304&r1=1531303&r2=1531304&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri Oct 11 14:25:40 2013
@@ -342,58 +342,72 @@ public abstract class AbstractStaxBindin
if (isTokenRequired(token.getIncludeTokenType())) {
final Element el = secToken.getToken();
- String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
- if (signed || endorsing) {
- samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
- }
- Map<String, Object> config = getProperties();
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
- } else {
- config.put(ConfigurationConstants.ACTION, samlAction);
- }
-
- // Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
- final SubjectBean subjectBean;
- if (signed || endorsing) {
- KeyInfoBean keyInfo = new KeyInfoBean();
- keyInfo.setCertificate(secToken.getX509Certificate());
- keyInfo.setEphemeralKey(secToken.getSecret());
- subjectBean = new SubjectBean("", "", "");
- subjectBean.setKeyInfo(keyInfo);
- } else {
- subjectBean = null;
- }
-
- CallbackHandler callbackHandler = new CallbackHandler() {
-
- @Override
- public void handle(Callback[] callbacks) {
- for (Callback callback : callbacks) {
- if (callback instanceof SAMLCallback) {
- SAMLCallback samlCallback = (SAMLCallback)callback;
- samlCallback.setAssertionElement(el);
- samlCallback.setSubject(subjectBean);
-
- if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
- samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
- } else {
- samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+ if (el != null && "Assertion".equals(el.getLocalName())
+ && (WSSConstants.NS_SAML.equals(el.getNamespaceURI())
+ || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
+ String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+ if (signed || endorsing) {
+ samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
+ }
+ Map<String, Object> config = getProperties();
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
+ } else {
+ config.put(ConfigurationConstants.ACTION, samlAction);
+ }
+
+ // Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
+ final SubjectBean subjectBean;
+ if (signed || endorsing) {
+ KeyInfoBean keyInfo = new KeyInfoBean();
+ keyInfo.setCertificate(secToken.getX509Certificate());
+ keyInfo.setEphemeralKey(secToken.getSecret());
+ subjectBean = new SubjectBean("", "", "");
+ subjectBean.setKeyInfo(keyInfo);
+ } else {
+ subjectBean = null;
+ }
+
+ CallbackHandler callbackHandler = new CallbackHandler() {
+
+ @Override
+ public void handle(Callback[] callbacks) {
+ for (Callback callback : callbacks) {
+ if (callback instanceof SAMLCallback) {
+ SAMLCallback samlCallback = (SAMLCallback)callback;
+ samlCallback.setAssertionElement(el);
+ samlCallback.setSubject(subjectBean);
+
+ if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
+ samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+ } else {
+ samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+ }
}
}
}
+
+ };
+ config.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
+
+ QName qname = WSSConstants.TAG_saml2_Assertion;
+ if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
+ qname = WSSConstants.TAG_saml_Assertion;
}
- };
- config.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
-
- QName qname = WSSConstants.TAG_saml2_Assertion;
- if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
- qname = WSSConstants.TAG_saml_Assertion;
+ return new SecurePart(qname, Modifier.Element);
+ } else if (isRequestor()) {
+ // An Encrypted Token...just include it as is
+ Map<String, Object> config = getProperties();
+ String actionToPerform = ConfigurationConstants.CUSTOM_TOKEN;
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ } else {
+ config.put(ConfigurationConstants.ACTION, actionToPerform);
+ }
}
-
- return new SecurePart(qname, Modifier.Element);
}
return null;