You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/04/02 13:10:24 UTC
svn commit: r1583965 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/
ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/
ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/ ws-s...
Author: coheigea
Date: Wed Apr 2 11:10:24 2014
New Revision: 1583965
URL: http://svn.apache.org/r1583965
Log:
Update SAML ConditionsBean to take multiple audience URIs
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java?rev=1583965&r1=1583964&r2=1583965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java Wed Apr 2 11:10:24 2014
@@ -19,6 +19,8 @@
package org.apache.wss4j.common.saml.bean;
+import java.util.List;
+
import org.joda.time.DateTime;
@@ -30,7 +32,7 @@ public class ConditionsBean {
private DateTime notBefore;
private DateTime notAfter;
private long tokenPeriodSeconds;
- private String audienceURI;
+ private List<String> audienceURIs;
private boolean oneTimeUse;
private ProxyRestrictionBean proxyRestriction;
@@ -138,12 +140,12 @@ public class ConditionsBean {
}
/**
- * Get the audienceURI instance
+ * Get the audienceURI instances
*
- * @return the audienceURI instance
+ * @return the audienceURI instances
*/
- public String getAudienceURI() {
- return audienceURI;
+ public List<String> getAudienceURIs() {
+ return audienceURIs;
}
/**
@@ -151,8 +153,8 @@ public class ConditionsBean {
*
* @param audienceURI the audienceURI instance to set
*/
- public void setAudienceURI(String audienceURI) {
- this.audienceURI = audienceURI;
+ public void setAudienceURIs(List<String> audienceURIs) {
+ this.audienceURIs = audienceURIs;
}
/**
@@ -206,9 +208,9 @@ public class ConditionsBean {
return false;
}
- if (audienceURI == null && that.audienceURI != null) {
+ if (audienceURIs == null && that.audienceURIs != null) {
return false;
- } else if (audienceURI != null && !audienceURI.equals(that.audienceURI)) {
+ } else if (audienceURIs != null && !audienceURIs.equals(that.audienceURIs)) {
return false;
}
@@ -236,8 +238,8 @@ public class ConditionsBean {
if (notAfter != null) {
result = 31 * result + notAfter.hashCode();
}
- if (audienceURI != null) {
- result = 31 * result + audienceURI.hashCode();
+ if (audienceURIs != null) {
+ result = 31 * result + audienceURIs.hashCode();
}
result = 31 * result + (oneTimeUse ? 1 : 0);
if (proxyRestriction != null) {
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java?rev=1583965&r1=1583964&r2=1583965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java Wed Apr 2 11:10:24 2014
@@ -31,12 +31,10 @@ import org.apache.wss4j.common.saml.bean
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
import org.apache.xml.security.stax.impl.util.IDGenerator;
-
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
-
import org.opensaml.saml1.core.Action;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
@@ -54,7 +52,6 @@ import org.opensaml.saml1.core.NameIdent
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectLocality;
-
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSString;
@@ -280,9 +277,9 @@ public final class SAML1ComponentBuilder
conditions.setNotOnOrAfter(notOnOrAfter);
}
- if (conditionsBean.getAudienceURI() != null) {
+ if (conditionsBean.getAudienceURIs() != null && !conditionsBean.getAudienceURIs().isEmpty()) {
AudienceRestrictionCondition audienceRestriction =
- createSamlv1AudienceRestriction(conditionsBean.getAudienceURI());
+ createSamlv1AudienceRestriction(conditionsBean.getAudienceURIs());
conditions.getAudienceRestrictionConditions().add(audienceRestriction);
}
@@ -292,12 +289,12 @@ public final class SAML1ComponentBuilder
/**
* Create an AudienceRestrictionCondition object
*
- * @param audienceURI of type String
+ * @param audienceURIs of type String
* @return an AudienceRestrictionCondition object
*/
@SuppressWarnings("unchecked")
public static AudienceRestrictionCondition
- createSamlv1AudienceRestriction(String audienceURI) {
+ createSamlv1AudienceRestriction(List<String> audienceURIs) {
if (audienceRestrictionV1Builder == null) {
audienceRestrictionV1Builder = (SAMLObjectBuilder<AudienceRestrictionCondition>)
builderFactory.getBuilder(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
@@ -309,9 +306,12 @@ public final class SAML1ComponentBuilder
AudienceRestrictionCondition audienceRestriction =
audienceRestrictionV1Builder.buildObject();
- Audience audience = audienceV1Builder.buildObject();
- audience.setUri(audienceURI);
- audienceRestriction.getAudiences().add(audience);
+
+ for (String audienceURI : audienceURIs) {
+ Audience audience = audienceV1Builder.buildObject();
+ audience.setUri(audienceURI);
+ audienceRestriction.getAudiences().add(audience);
+ }
return audienceRestriction;
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java?rev=1583965&r1=1583964&r2=1583965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java Wed Apr 2 11:10:24 2014
@@ -213,9 +213,9 @@ public final class SAML2ComponentBuilder
conditions.setNotOnOrAfter(notOnOrAfter);
}
- if (conditionsBean.getAudienceURI() != null) {
+ if (conditionsBean.getAudienceURIs() != null && !conditionsBean.getAudienceURIs().isEmpty()) {
AudienceRestriction audienceRestriction =
- createAudienceRestriction(conditionsBean.getAudienceURI());
+ createAudienceRestriction(conditionsBean.getAudienceURIs());
conditions.getAudienceRestrictions().add(audienceRestriction);
}
@@ -232,11 +232,11 @@ public final class SAML2ComponentBuilder
/**
* Create an AudienceRestriction object
*
- * @param audienceURI of type String
+ * @param audienceURIs of type String
* @return an AudienceRestriction object
*/
@SuppressWarnings("unchecked")
- public static AudienceRestriction createAudienceRestriction(String audienceURI) {
+ public static AudienceRestriction createAudienceRestriction(List<String> audienceURIs) {
if (audienceRestrictionBuilder == null) {
audienceRestrictionBuilder = (SAMLObjectBuilder<AudienceRestriction>)
builderFactory.getBuilder(AudienceRestriction.DEFAULT_ELEMENT_NAME);
@@ -247,9 +247,12 @@ public final class SAML2ComponentBuilder
}
AudienceRestriction audienceRestriction = audienceRestrictionBuilder.buildObject();
- Audience audience = audienceBuilder.buildObject();
- audience.setAudienceURI(audienceURI);
- audienceRestriction.getAudiences().add(audience);
+
+ for (String audienceURI : audienceURIs) {
+ Audience audience = audienceBuilder.buildObject();
+ audience.setAudienceURI(audienceURI);
+ audienceRestriction.getAudiences().add(audience);
+ }
return audienceRestriction;
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java?rev=1583965&r1=1583964&r2=1583965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java Wed Apr 2 11:10:24 2014
@@ -317,6 +317,47 @@ public class SamlConditionsTest extends
}
/**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with an AudienceRestriction Element
+ */
+ @org.junit.Test
+ public void testSAML2AudienceRestriction() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setTokenPeriodMinutes(5);
+ List<String> audiences = new ArrayList<String>();
+ audiences.add("http://apache.org/one");
+ audiences.add("http://apache.org/two");
+ conditions.setAudienceURIs(audiences);
+
+ callbackHandler.setConditions(conditions);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
+
+ String outputString =
+ XMLUtils.PrettyDocumentToString(unsignedDoc);
+ assertTrue(outputString.contains("AudienceRestriction"));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
+ verify(unsignedDoc);
+ }
+
+ /**
* Verifies the soap envelope
* <p/>
*
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java?rev=1583965&r1=1583964&r2=1583965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java Wed Apr 2 11:10:24 2014
@@ -19,6 +19,7 @@
package org.apache.wss4j.stax.test.saml;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.WSSec;
@@ -292,4 +293,133 @@ public class SamlConditionsTest extends
Assert.assertNotNull(document);
}
}
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with a OneTimeUse Element
+ */
+ @Test
+ public void testSAML2OneTimeUse() throws Exception {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setTokenPeriodMinutes(5);
+ conditions.setOneTimeUse(true);
+
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ Assert.assertNotNull(document);
+ }
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with a ProxyRestriction Element
+ */
+ @org.junit.Test
+ public void testSAML2ProxyRestriction() throws Exception {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setTokenPeriodMinutes(5);
+ ProxyRestrictionBean proxyRestriction = new ProxyRestrictionBean();
+ List<String> audiences = new ArrayList<String>();
+ audiences.add("http://apache.org/one");
+ audiences.add("http://apache.org/two");
+ proxyRestriction.getAudienceURIs().addAll(audiences);
+ proxyRestriction.setCount(5);
+ conditions.setProxyRestriction(proxyRestriction);
+
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ Assert.assertNotNull(document);
+ }
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with an AudienceRestriction Element
+ */
+ @org.junit.Test
+ public void testSAML2AudienceRestriction() throws Exception {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ conditions.setTokenPeriodMinutes(5);
+ List<String> audiences = new ArrayList<String>();
+ audiences.add("http://apache.org/one");
+ audiences.add("http://apache.org/two");
+ conditions.setAudienceURIs(audiences);
+
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ Assert.assertNotNull(document);
+ }
+ }
}