You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/09/05 17:48:40 UTC
svn commit: r1520350 - in /cxf/trunk/services/sts:
sts-core/src/main/java/org/apache/cxf/sts/operation/
sts-core/src/main/java/org/apache/cxf/sts/request/
sts-core/src/main/java/org/apache/cxf/sts/token/delegation/
sts-core/src/test/java/org/apache/cxf...
Author: coheigea
Date: Thu Sep 5 15:48:39 2013
New Revision: 1520350
URL: http://svn.apache.org/r1520350
Log:
[CXF-5251] - A revised version of this patch following some comments by Oli
Added:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java
- copied, changed from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
- copied, changed from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java
- copied, changed from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java
- copied, changed from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java
Removed:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/UsernameTokenDelegationHandler.java
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java Thu Sep 5 15:48:39 2013
@@ -36,6 +36,7 @@ import javax.xml.ws.handler.MessageConte
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.sts.IdentityMapper;
@@ -48,8 +49,6 @@ import org.apache.cxf.sts.claims.Request
import org.apache.cxf.sts.claims.RequestClaimCollection;
import org.apache.cxf.sts.event.AbstractSTSEvent;
import org.apache.cxf.sts.event.STSEventListener;
-import org.apache.cxf.sts.request.DefaultDelegationHandler;
-import org.apache.cxf.sts.request.DelegationHandler;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.ReceivedToken.STATE;
@@ -57,6 +56,9 @@ import org.apache.cxf.sts.request.Reques
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
+import org.apache.cxf.sts.token.delegation.TokenDelegationParameters;
+import org.apache.cxf.sts.token.delegation.TokenDelegationResponse;
import org.apache.cxf.sts.token.provider.TokenProvider;
import org.apache.cxf.sts.token.provider.TokenProviderParameters;
import org.apache.cxf.sts.token.provider.TokenReference;
@@ -103,16 +105,8 @@ public abstract class AbstractOperation
protected TokenStore tokenStore;
protected ClaimsManager claimsManager = new ClaimsManager();
protected STSEventListener eventPublisher;
- protected DelegationHandler delegationHandler = new DefaultDelegationHandler();
+ protected List<TokenDelegationHandler> delegationHandlers = new ArrayList<TokenDelegationHandler>();
- public DelegationHandler getDelegationHandler() {
- return delegationHandler;
- }
-
- public void setDelegationHandler(DelegationHandler delegationHandler) {
- this.delegationHandler = delegationHandler;
- }
-
public boolean isReturnReferences() {
return returnReferences;
}
@@ -145,6 +139,14 @@ public abstract class AbstractOperation
this.tokenProviders = tokenProviders;
}
+ public List<TokenDelegationHandler> getDelegationHandlers() {
+ return delegationHandlers;
+ }
+
+ public void setDelegationHandlers(List<TokenDelegationHandler> delegationHandlers) {
+ this.delegationHandlers = delegationHandlers;
+ }
+
public List<TokenProvider> getTokenProviders() {
return tokenProviders;
}
@@ -580,6 +582,48 @@ public abstract class AbstractOperation
return tokenResponse;
}
+ protected void performDelegationHandling(
+ RequestParser requestParser, WebServiceContext context, ReceivedToken token
+ ) {
+ TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
+ delegationParameters.setStsProperties(stsProperties);
+ delegationParameters.setPrincipal(context.getUserPrincipal());
+ delegationParameters.setWebServiceContext(context);
+ delegationParameters.setTokenStore(getTokenStore());
+
+ KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+ TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+ delegationParameters.setKeyRequirements(keyRequirements);
+ delegationParameters.setTokenRequirements(tokenRequirements);
+
+ // Extract AppliesTo
+ String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
+ delegationParameters.setAppliesToAddress(address);
+
+ delegationParameters.setToken(token);
+
+ TokenDelegationResponse tokenResponse = null;
+ for (TokenDelegationHandler delegationHandler : delegationHandlers) {
+ if (delegationHandler.canHandleToken(token)) {
+ try {
+ tokenResponse = delegationHandler.isDelegationAllowed(delegationParameters);
+ } catch (RuntimeException ex) {
+ LOG.log(Level.WARNING, "", ex);
+ throw new STSException("Error in delegation handling", ex, STSException.REQUEST_FAILED);
+ }
+ break;
+ }
+ }
+
+ if (tokenResponse == null || !tokenResponse.isDelegationAllowed()) {
+ LOG.log(Level.WARNING, "No matching token delegation handler found");
+ throw new STSException(
+ "No matching token delegation handler found",
+ STSException.REQUEST_FAILED
+ );
+ }
+ }
+
protected void checkClaimsSupport(RequestClaimCollection requestedClaims) {
if (requestedClaims != null) {
List<URI> unhandledClaimTypes = new ArrayList<URI>();
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Thu Sep 5 15:48:39 2013
@@ -144,13 +144,14 @@ public class TokenIssueOperation extends
}
}
- if (delegationHandler != null) {
- String appliesToAddress = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
- if (!delegationHandler.isDelegationAllowed(context, tokenRequirements, appliesToAddress)) {
- LOG.fine("Token Delegation (OnBehalfOf/ActAs) is not allowed for this particular token");
- throw new STSException("Token Delegation (OnBehalfOf/ActAs) is not allowed",
- STSException.REQUEST_FAILED);
- }
+ // See whether OnBehalfOf/ActAs is allowed or not
+ if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
+ performDelegationHandling(requestParser, context,
+ providerParameters.getTokenRequirements().getOnBehalfOf());
+ }
+ if (providerParameters.getTokenRequirements().getActAs() != null) {
+ performDelegationHandling(requestParser, context,
+ providerParameters.getTokenRequirements().getActAs());
}
// Validate OnBehalfOf token if present
Copied: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java (from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java?p2=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java&r1=1520312&r2=1520350&rev=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/HOKDelegationHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/HOKDelegationHandler.java Thu Sep 5 15:48:39 2013
@@ -16,27 +16,26 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.sts.request;
+package org.apache.cxf.sts.token.delegation;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
-import javax.xml.ws.WebServiceContext;
-
import org.w3c.dom.Element;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
/**
- * This DelegationHandler implementation extends the Default implementation to allow SAML
+ * This TokenDelegationHandler implementation extends the Default implementation to allow SAML
* Tokens with HolderOfKey Subject Confirmation.
*/
-public class HOKDelegationHandler extends DefaultDelegationHandler {
+public class HOKDelegationHandler extends SAMLDelegationHandler {
private static final Logger LOG =
LogUtils.getL7dLogger(HOKDelegationHandler.class);
@@ -46,15 +45,8 @@ public class HOKDelegationHandler extend
*/
@Override
protected boolean isDelegationAllowed(
- WebServiceContext context,
- ReceivedToken receivedToken,
- String appliesToAddress
+ ReceivedToken receivedToken, String appliesToAddress
) {
- // It must be a SAML Token
- if (!isSAMLToken(receivedToken)) {
- return false;
- }
-
Element validateTargetElement = (Element)receivedToken.getToken();
try {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement);
Copied: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java (from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java?p2=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java&r1=1520312&r2=1520350&rev=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DefaultDelegationHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java Thu Sep 5 15:48:39 2013
@@ -16,17 +16,17 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.sts.request;
+package org.apache.cxf.sts.token.delegation;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
-import javax.xml.ws.WebServiceContext;
-
import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
@@ -34,57 +34,52 @@ import org.apache.wss4j.common.saml.buil
import org.apache.wss4j.dom.WSConstants;
import org.opensaml.saml1.core.AudienceRestrictionCondition;
-
/**
- * The Default DelegationHandler implementation. It disallows ActAs or OnBehalfOf for
+ * The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for
* all cases apart from the case of a Bearer SAML Token. In addition, the AppliesTo
* address (if supplied) must match an AudienceRestriction address (if in token)
*/
-public class DefaultDelegationHandler implements DelegationHandler {
+public class SAMLDelegationHandler implements TokenDelegationHandler {
private static final Logger LOG =
- LogUtils.getL7dLogger(DefaultDelegationHandler.class);
+ LogUtils.getL7dLogger(SAMLDelegationHandler.class);
- /**
- * Returns true if delegation is allowed.
- * @param context WebServiceContext
- * @param tokenRequirements The parameters extracted from the request
- * @param appliesToAddress The AppliesTo address (if any)
- * @param onBehalfOf whether the token was received OnBehalfOf or ActAs
- * @return true if delegation is allowed.
- */
- public boolean isDelegationAllowed(
- WebServiceContext context,
- TokenRequirements tokenRequirements,
- String appliesToAddress
- ) {
- if (tokenRequirements.getOnBehalfOf() != null
- && !isDelegationAllowed(context, tokenRequirements.getOnBehalfOf(), appliesToAddress)) {
- return false;
+ public boolean canHandleToken(ReceivedToken delegateTarget) {
+ Object token = delegateTarget.getToken();
+ if (token instanceof Element) {
+ Element tokenElement = (Element)token;
+ String namespace = tokenElement.getNamespaceURI();
+ String localname = tokenElement.getLocalName();
+ if ((WSConstants.SAML_NS.equals(namespace) || WSConstants.SAML2_NS.equals(namespace))
+ && "Assertion".equals(localname)) {
+ return true;
+ }
}
+ return false;
+ }
+
+ public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
+ TokenDelegationResponse response = new TokenDelegationResponse();
+ ReceivedToken delegateTarget = tokenParameters.getToken();
+ response.setToken(delegateTarget);
- if (tokenRequirements.getActAs() != null
- && !isDelegationAllowed(context, tokenRequirements.getActAs(), appliesToAddress)) {
- return false;
+ if (!delegateTarget.isDOMElement()) {
+ return response;
}
- return true;
+ if (isDelegationAllowed(delegateTarget, tokenParameters.getAppliesToAddress())) {
+ response.setDelegationAllowed(true);
+ }
+
+ return response;
}
/**
* Is Delegation allowed for a particular token
*/
protected boolean isDelegationAllowed(
- WebServiceContext context,
- ReceivedToken receivedToken,
- String appliesToAddress
+ ReceivedToken receivedToken, String appliesToAddress
) {
- // It must be a SAML Token
- if (!isSAMLToken(receivedToken)) {
- LOG.fine("Received token is not a SAML Token");
- return false;
- }
-
Element validateTargetElement = (Element)receivedToken.getToken();
try {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement);
@@ -113,20 +108,6 @@ public class DefaultDelegationHandler im
return true;
}
- protected boolean isSAMLToken(ReceivedToken target) {
- Object token = target.getToken();
- if (token instanceof Element) {
- Element tokenElement = (Element)token;
- String namespace = tokenElement.getNamespaceURI();
- String localname = tokenElement.getLocalName();
- if ((WSConstants.SAML_NS.equals(namespace) || WSConstants.SAML2_NS.equals(namespace))
- && "Assertion".equals(localname)) {
- return true;
- }
- }
- return false;
- }
-
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) {
List<String> addresses = new ArrayList<String>();
if (assertion.getSaml1() != null) {
Copied: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java (from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java?p2=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java&r1=1520312&r2=1520350&rev=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationHandler.java Thu Sep 5 15:48:39 2013
@@ -16,29 +16,26 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.sts.request;
+package org.apache.cxf.sts.token.delegation;
-import javax.xml.ws.WebServiceContext;
+import org.apache.cxf.sts.request.ReceivedToken;
/**
* This interface controls whether the STS allows an authenticated user to get a token
- * OnBehalfOf or ActAs another token. The tokens should be taken from the TokenRequirements
- * object passed as a parameter.
+ * OnBehalfOf or ActAs another token.
*/
-public interface DelegationHandler {
+public interface TokenDelegationHandler {
/**
- * Returns true if delegation is allowed.
- * @param context WebServiceContext
- * @param tokenRequirements The parameters extracted from the request
- * @param appliesToAddress The AppliesTo address (if any)
- * @return true if delegation is allowed.
+ * Return true if this TokenDelegationHandler implementation is capable of handling the
+ * ReceivedToken argument.
*/
- boolean isDelegationAllowed(
- WebServiceContext context,
- TokenRequirements tokenRequirements,
- String appliesToAddress
- );
+ boolean canHandleToken(ReceivedToken delegateTarget);
+
+ /**
+ * See if delegation is allowed for a Token using the given TokenDelegationParameters.
+ */
+ TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters);
}
\ No newline at end of file
Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java?rev=1520350&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationParameters.java Thu Sep 5 15:48:39 2013
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.delegation;
+
+import java.security.Principal;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+
+/**
+ * This class encapsulates the parameters that will be passed to a TokenDelegationHandler instance to.
+ * It consists of both parameters that have been extracted from the request, as well as
+ * configuration specific to the Operation itself (STSPropertiesMBean etc.)
+ */
+public class TokenDelegationParameters {
+
+ private STSPropertiesMBean stsProperties;
+ private Principal principal;
+ private WebServiceContext webServiceContext;
+ private KeyRequirements keyRequirements;
+ private TokenRequirements tokenRequirements;
+ private TokenStore tokenStore;
+ private ReceivedToken token;
+ private String appliesToAddress;
+
+ public ReceivedToken getToken() {
+ return token;
+ }
+
+ public void setToken(ReceivedToken token) {
+ this.token = token;
+ }
+
+ public TokenStore getTokenStore() {
+ return tokenStore;
+ }
+
+ public void setTokenStore(TokenStore tokenStore) {
+ this.tokenStore = tokenStore;
+ }
+
+ public TokenRequirements getTokenRequirements() {
+ return tokenRequirements;
+ }
+
+ public void setTokenRequirements(TokenRequirements tokenRequirements) {
+ this.tokenRequirements = tokenRequirements;
+ }
+
+ public KeyRequirements getKeyRequirements() {
+ return keyRequirements;
+ }
+
+ public void setKeyRequirements(KeyRequirements keyRequirements) {
+ this.keyRequirements = keyRequirements;
+ }
+
+ public STSPropertiesMBean getStsProperties() {
+ return stsProperties;
+ }
+
+ public void setStsProperties(STSPropertiesMBean stsProperties) {
+ this.stsProperties = stsProperties;
+ }
+
+ public WebServiceContext getWebServiceContext() {
+ return webServiceContext;
+ }
+
+ public void setWebServiceContext(WebServiceContext webServiceContext) {
+ this.webServiceContext = webServiceContext;
+ }
+
+ public void setPrincipal(Principal principal) {
+ this.principal = principal;
+ }
+
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ public String getAppliesToAddress() {
+ return appliesToAddress;
+ }
+
+ public void setAppliesToAddress(String appliesToAddress) {
+ this.appliesToAddress = appliesToAddress;
+ }
+
+}
Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java?rev=1520350&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/TokenDelegationResponse.java Thu Sep 5 15:48:39 2013
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.delegation;
+
+import java.util.Map;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+
+/**
+ * This class encapsulates the response from a TokenDelegationHandler instance.
+ */
+public class TokenDelegationResponse {
+
+ private Map<String, Object> additionalProperties;
+ private ReceivedToken token;
+ private boolean delegationAllowed;
+
+ public ReceivedToken getToken() {
+ return token;
+ }
+
+ public void setToken(ReceivedToken token) {
+ this.token = token;
+ }
+
+ public void setAdditionalProperties(Map<String, Object> additionalProperties) {
+ this.additionalProperties = additionalProperties;
+ }
+
+ public Map<String, Object> getAdditionalProperties() {
+ return additionalProperties;
+ }
+
+ public boolean isDelegationAllowed() {
+ return delegationAllowed;
+ }
+
+ public void setDelegationAllowed(boolean delegationAllowed) {
+ this.delegationAllowed = delegationAllowed;
+ }
+
+}
Copied: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java (from r1520312, cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java?p2=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java&p1=cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java&r1=1520312&r2=1520350&rev=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/DelegationHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/UsernameTokenDelegationHandler.java Thu Sep 5 15:48:39 2013
@@ -16,29 +16,26 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.sts.request;
-
-import javax.xml.ws.WebServiceContext;
+package org.apache.cxf.sts.token.delegation;
+import org.apache.cxf.sts.request.ReceivedToken;
/**
- * This interface controls whether the STS allows an authenticated user to get a token
- * OnBehalfOf or ActAs another token. The tokens should be taken from the TokenRequirements
- * object passed as a parameter.
+ * This TokenDelegationHandler implementation allows UsernameTokens for OnBehalfOf/ActAs.
*/
-public interface DelegationHandler {
+public class UsernameTokenDelegationHandler implements TokenDelegationHandler {
- /**
- * Returns true if delegation is allowed.
- * @param context WebServiceContext
- * @param tokenRequirements The parameters extracted from the request
- * @param appliesToAddress The AppliesTo address (if any)
- * @return true if delegation is allowed.
- */
- boolean isDelegationAllowed(
- WebServiceContext context,
- TokenRequirements tokenRequirements,
- String appliesToAddress
- );
+ public boolean canHandleToken(ReceivedToken delegateTarget) {
+ return delegateTarget.isUsernameToken();
+ }
+ public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
+ TokenDelegationResponse response = new TokenDelegationResponse();
+ ReceivedToken delegateTarget = tokenParameters.getToken();
+ response.setToken(delegateTarget);
+
+ response.setDelegationAllowed(true);
+
+ return response;
+ }
}
\ No newline at end of file
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java Thu Sep 5 15:48:39 2013
@@ -48,14 +48,16 @@ import org.apache.cxf.sts.claims.ClaimsH
import org.apache.cxf.sts.claims.ClaimsManager;
import org.apache.cxf.sts.common.CustomUserClaimsHandler;
import org.apache.cxf.sts.common.PasswordCallbackHandler;
-import org.apache.cxf.sts.request.HOKDelegationHandler;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.ReceivedKey;
import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.request.UsernameTokenDelegationHandler;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.sts.service.ServiceMBean;
import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.delegation.HOKDelegationHandler;
+import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
+import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
+import org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler;
import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
import org.apache.cxf.sts.token.provider.TokenProvider;
@@ -127,6 +129,9 @@ public class IssueOnbehalfofUnitTest ext
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
+
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -150,7 +155,7 @@ public class IssueOnbehalfofUnitTest ext
QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof
);
request.getAny().add(onbehalfofType);
-
+
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
@@ -196,6 +201,9 @@ public class IssueOnbehalfofUnitTest ext
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
+
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -305,7 +313,8 @@ public class IssueOnbehalfofUnitTest ext
// expected
}
- issueOperation.setDelegationHandler(new HOKDelegationHandler());
+ TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, webServiceContext);
@@ -386,7 +395,8 @@ public class IssueOnbehalfofUnitTest ext
// expected
}
- issueOperation.setDelegationHandler(new HOKDelegationHandler());
+ TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, webServiceContext);
@@ -467,7 +477,8 @@ public class IssueOnbehalfofUnitTest ext
// expected
}
- issueOperation.setDelegationHandler(new HOKDelegationHandler());
+ TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, webServiceContext);
@@ -548,7 +559,8 @@ public class IssueOnbehalfofUnitTest ext
// expected
}
- issueOperation.setDelegationHandler(new HOKDelegationHandler());
+ TokenDelegationHandler delegationHandler = new HOKDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, webServiceContext);
@@ -591,6 +603,9 @@ public class IssueOnbehalfofUnitTest ext
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
+
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -651,6 +666,9 @@ public class IssueOnbehalfofUnitTest ext
List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
validatorList.add(new SAMLTokenValidator());
issueOperation.setTokenValidators(validatorList);
+
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Add Service
ServiceMBean service = new StaticService();
@@ -778,7 +796,8 @@ public class IssueOnbehalfofUnitTest ext
// expected
}
- issueOperation.setDelegationHandler(new UsernameTokenDelegationHandler());
+ TokenDelegationHandler delegationHandler = new UsernameTokenDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, webServiceContext);
@@ -846,7 +865,8 @@ public class IssueOnbehalfofUnitTest ext
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
- issueOperation.setDelegationHandler(new UsernameTokenDelegationHandler());
+ TokenDelegationHandler delegationHandler = new UsernameTokenDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Issue a token - this will fail as the UsernameToken validation fails
try {
@@ -872,6 +892,9 @@ public class IssueOnbehalfofUnitTest ext
providerList.add(samlTokenProvider);
issueOperation.setTokenProviders(providerList);
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
+
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
@@ -999,6 +1022,9 @@ public class IssueOnbehalfofUnitTest ext
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
+
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
@@ -1098,6 +1124,9 @@ public class IssueOnbehalfofUnitTest ext
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
+
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
// Set the ClaimsManager
ClaimsManager claimsManager = new ClaimsManager();
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java Thu Sep 5 15:48:39 2013
@@ -33,7 +33,6 @@ import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxws.context.WebServiceContextImpl;
import org.apache.cxf.jaxws.context.WrappedMessageContext;
@@ -60,6 +59,8 @@ import org.apache.cxf.sts.request.TokenR
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.sts.service.ServiceMBean;
import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
+import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
import org.apache.cxf.sts.token.provider.TokenProvider;
@@ -433,6 +434,9 @@ public class IssueSamlClaimsUnitTest ext
providerList.add(samlTokenProvider);
issueOperation.setTokenProviders(providerList);
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
+
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
@@ -578,6 +582,9 @@ public class IssueSamlClaimsUnitTest ext
providerList.add(samlTokenProvider);
issueOperation.setTokenProviders(providerList);
+ TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
+ issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
+
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml Thu Sep 5 15:48:39 2013
@@ -55,7 +55,7 @@
</bean>
<bean id="utDelegationHandler"
- class="org.apache.cxf.sts.request.UsernameTokenDelegationHandler" />
+ class="org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler" />
<bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="transportTokenProviders" />
@@ -63,7 +63,7 @@
<property name="stsProperties" ref="transportSTSProperties" />
<property name="claimsManager" ref="claimsManager" />
<property name="tokenStore" ref="defaultTokenStore" />
- <property name="delegationHandler" ref="utDelegationHandler" />
+ <property name="delegationHandlers" ref="utDelegationHandler" />
</bean>
<bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/HOKDelegationHandler.java Thu Sep 5 15:48:39 2013
@@ -18,37 +18,36 @@
*/
package org.apache.cxf.systest.sts.common;
-import javax.xml.ws.WebServiceContext;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import org.w3c.dom.Element;
-import org.apache.cxf.sts.request.DefaultDelegationHandler;
+
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
/**
- * This DelegationHandler implementation extends the Default implementation to allow SAML
+ * This TokenDelegationHandler implementation extends the Default implementation to allow SAML
* Tokens with HolderOfKey Subject Confirmation. It also doesn't require that the AppliesTo
* address matches an AudienceRestriction condition in the SAML Token.
*/
-public class HOKDelegationHandler extends DefaultDelegationHandler {
+public class HOKDelegationHandler extends SAMLDelegationHandler {
+
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(HOKDelegationHandler.class);
/**
* Is Delegation allowed for a particular token
*/
@Override
protected boolean isDelegationAllowed(
- WebServiceContext context,
- ReceivedToken receivedToken,
- String appliesToAddress
+ ReceivedToken receivedToken, String appliesToAddress
) {
- // It must be a SAML Token
- if (!isSAMLToken(receivedToken)) {
- return false;
- }
-
Element validateTargetElement = (Element)receivedToken.getToken();
try {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(validateTargetElement);
@@ -62,6 +61,7 @@ public class HOKDelegationHandler extend
}
}
} catch (WSSecurityException ex) {
+ LOG.log(Level.WARNING, "Error in ascertaining whether delegation is allowed", ex);
return false;
}
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml Thu Sep 5 15:48:39 2013
@@ -61,7 +61,7 @@
<property name="tokenValidators" ref="transportTokenValidators" />
<property name="services" ref="transportService" />
<property name="stsProperties" ref="transportSTSProperties" />
- <property name="delegationHandler" ref="hokDelegationHandler" />
+ <property name="delegationHandlers" ref="hokDelegationHandler" />
</bean>
<bean id="transportValidateDelegate2" class="org.apache.cxf.sts.operation.TokenValidateOperation">
@@ -90,7 +90,7 @@
<property name="tokenValidators" ref="transportTokenValidators" />
<property name="services" ref="transportService" />
<property name="stsProperties" ref="transportSTSProperties" />
- <property name="delegationHandler" ref="hokDelegationHandler" />
+ <property name="delegationHandlers" ref="hokDelegationHandler" />
</bean>
<bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml?rev=1520350&r1=1520349&r2=1520350&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml Thu Sep 5 15:48:39 2013
@@ -10,7 +10,7 @@
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
- software distributed under the License is d istributed on an
+ software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
@@ -48,14 +48,14 @@
</bean>
<bean id="utDelegationHandler"
- class="org.apache.cxf.sts.request.UsernameTokenDelegationHandler" />
+ class="org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler" />
<bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="x509SamlTokenProvider" />
<property name="tokenValidators" ref="x509TokenValidatorsOBO" />
<property name="services" ref="x509Service" />
<property name="stsProperties" ref="x509STSProperties" />
- <property name="delegationHandler" ref="utDelegationHandler" />
+ <property name="delegationHandlers" ref="utDelegationHandler" />
</bean>
<bean id="x509ValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">