You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/01/27 17:29:13 UTC
[2/2] cxf-fediz git commit: Adding support to pass the custom STS
parameters through on the second call from the IdP
Adding support to pass the custom STS parameters through on the second call from the IdP
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d049d7a2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d049d7a2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d049d7a2
Branch: refs/heads/master
Commit: d049d7a21337c231eba7a012b1d82e3d26f96c2e
Parents: b8d88d1
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jan 27 17:28:52 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jan 27 17:28:52 2017 +0000
----------------------------------------------------------------------
.../service/idp/beans/STSClientAction.java | 18 +++
systests/custom/pom.xml | 48 +++++-
.../test/java/custom/CustomClaimsHandler.java | 135 ++++++++++++++++
.../src/test/resources/realma/idp-servlet.xml | 40 +++++
.../custom/src/test/resources/userClaims.xml | 161 +++++++++++++++++++
5 files changed, 401 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 0d6c37d..c2a8e26 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -104,6 +104,8 @@ public class STSClientAction {
private boolean isPortSet;
private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER;
+
+ private String customSTSParameter;
public String getWsdlLocation() {
@@ -172,6 +174,14 @@ public class STSClientAction {
this.ttl = ttl;
}
+ public String getCustomSTSParameter() {
+ return customSTSParameter;
+ }
+
+ public void setCustomSTSParameter(String customSTSParameter) {
+ this.customSTSParameter = customSTSParameter;
+ }
+
/**
* @param context the webflow request context
* @param realm The client/application realm
@@ -277,6 +287,14 @@ public class STSClientAction {
sts.setProperties(properties);
}
+ if (getCustomSTSParameter() != null) {
+ String authRealmParameter = context.getRequestParameters().get(getCustomSTSParameter());
+ LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
+ if (authRealmParameter != null) {
+ sts.setCustomContent(authRealmParameter);
+ }
+ }
+
Element rpToken = null;
try {
rpToken = sts.requestSecurityTokenResponse(realm);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/pom.xml
----------------------------------------------------------------------
diff --git a/systests/custom/pom.xml b/systests/custom/pom.xml
index b91e849..82ffd18 100644
--- a/systests/custom/pom.xml
+++ b/systests/custom/pom.xml
@@ -77,6 +77,12 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.apache.cxf.services.sts</groupId>
+ <artifactId>cxf-services-sts-core</artifactId>
+ <version>${cxf.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.cxf.fediz.systests</groupId>
<artifactId>fediz-systests-tests</artifactId>
<version>${project.version}</version>
@@ -196,6 +202,26 @@
</configuration>
</execution>
<execution>
+ <id>copy-customised-sts-client</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources/realma</directory>
+ <includes>
+ <include>idp-servlet.xml</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ <overwrite>true</overwrite>
+ </configuration>
+ </execution>
+ <execution>
<id>copy-customised-sts-config</id>
<phase>generate-test-sources</phase>
<goals>
@@ -216,6 +242,26 @@
</configuration>
</execution>
<execution>
+ <id>copy-customised-sts-config2</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/data</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources</directory>
+ <includes>
+ <include>userClaims.xml</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ <overwrite>true</overwrite>
+ </configuration>
+ </execution>
+ <execution>
<id>copy-custom-validator</id>
<phase>process-test-classes</phase>
<goals>
@@ -227,7 +273,7 @@
<resource>
<directory>${basedir}/target/test-classes/custom</directory>
<includes>
- <include>CustomUTValidator.class</include>
+ <include>*.class</include>
</includes>
<filtering>false</filtering>
</resource>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/src/test/java/custom/CustomClaimsHandler.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/custom/CustomClaimsHandler.java b/systests/custom/src/test/java/custom/CustomClaimsHandler.java
new file mode 100644
index 0000000..fa4ddee
--- /dev/null
+++ b/systests/custom/src/test/java/custom/CustomClaimsHandler.java
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package custom;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.ProcessedClaim;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+import org.apache.wss4j.common.util.XMLUtils;
+
+/**
+ * A custom ClaimsHandler implementation for use with "userClaims.xml"
+ */
+public class CustomClaimsHandler implements ClaimsHandler {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(CustomClaimsHandler.class);
+
+ private Map<String, Map<String, String>> userClaims;
+ private List<URI> supportedClaims;
+ private String realm;
+
+ public void setUserClaims(Map<String, Map<String, String>> userClaims) {
+ this.userClaims = userClaims;
+ }
+
+ public Map<String, Map<String, String>> getUserClaims() {
+ return userClaims;
+ }
+
+ public void setSupportedClaims(List<URI> supportedClaims) {
+ this.supportedClaims = supportedClaims;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
+ @Override
+ public List<URI> getSupportedClaimTypes() {
+ return Collections.unmodifiableList(this.supportedClaims);
+ }
+
+
+ @Override
+ public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims,
+ ClaimsParameters parameters) {
+
+ // Insist that a "realm" Custom Content is available in the RST with a value equal to "custom-realm"
+ List<Element> customContent = parameters.getTokenRequirements().getCustomContent();
+ boolean foundRealm = false;
+ for (Element customContentElement : customContent) {
+ Element customRealm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom");
+ if (customRealm != null) {
+ String realmStr = customRealm.getTextContent();
+ if ("custom-realm".equals(realmStr)) {
+ foundRealm = true;
+ break;
+ }
+ }
+ }
+
+ if (!foundRealm || parameters.getRealm() == null || !parameters.getRealm().equalsIgnoreCase(getRealm())) {
+ LOG.fine("Realm '" + parameters.getRealm() + "' doesn't match with configured realm '" + getRealm() + "'");
+ return new ProcessedClaimCollection();
+ }
+ if (getUserClaims() == null || parameters.getPrincipal() == null) {
+ return new ProcessedClaimCollection();
+ }
+
+ if (claims == null || claims.size() == 0) {
+ LOG.fine("No claims requested");
+ return new ProcessedClaimCollection();
+ }
+
+ Map<String, String> claimMap = getUserClaims().get(parameters.getPrincipal().getName());
+ if (claimMap == null || claimMap.size() == 0) {
+ LOG.fine("Claims requested for principal '" + parameters.getPrincipal().getName()
+ + "' but not found");
+ return new ProcessedClaimCollection();
+ }
+ LOG.fine("Claims found for principal '" + parameters.getPrincipal().getName() + "'");
+
+ if (claims.size() > 0) {
+ ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
+ for (Claim requestClaim : claims) {
+ String claimValue = claimMap.get(requestClaim.getClaimType().toString());
+ if (claimValue != null) {
+ ProcessedClaim claim = new ProcessedClaim();
+ claim.setClaimType(requestClaim.getClaimType());
+ claim.setIssuer("Test Issuer");
+ claim.setOriginalIssuer("Original Issuer");
+ claim.addValue(claimValue);
+ claimCollection.add(claim);
+ }
+ }
+ return claimCollection;
+ }
+ return null;
+
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/src/test/resources/realma/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/realma/idp-servlet.xml b/systests/custom/src/test/resources/realma/idp-servlet.xml
new file mode 100644
index 0000000..fc28a83
--- /dev/null
+++ b/systests/custom/src/test/resources/realma/idp-servlet.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-4.3.xsd">
+
+ <import resource="config/idp-core-servlet.xml" />
+
+ <!-- Define some mutable properties for the IdP -->
+ <context:property-placeholder location="classpath:realm.properties" />
+
+ <bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
+ <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransport?wsdl" />
+ <property name="wsdlEndpoint" value="Transport_Port" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="customSTSParameter" value="auth_realm" />
+ </bean>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d049d7a2/systests/custom/src/test/resources/userClaims.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/userClaims.xml b/systests/custom/src/test/resources/userClaims.xml
new file mode 100644
index 0000000..6032340
--- /dev/null
+++ b/systests/custom/src/test/resources/userClaims.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-4.3.xsd">
+
+ <util:list id="claimHandlerList">
+ <ref bean="claimsHandlerA" />
+ <ref bean="claimsHandlerB" />
+ </util:list>
+
+ <bean id="claimsHandlerA"
+ class="custom.CustomClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMA" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMA" />
+ </bean>
+
+ <bean id="claimsHandlerB"
+ class="custom.CustomClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMB" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMB" />
+ </bean>
+
+ <util:map id="userClaimsREALMA">
+ <entry key="alice" value-ref="REALMA_aliceClaims" />
+ <entry key="CN=alice,OU=Unknown,O=Apache,L=Dublin,ST=Unknown,C=IE" value-ref="REALMA_aliceClaims" />
+ <entry key="alice@WS.APACHE.ORG" value-ref="REALMA_aliceClaims" />
+ <entry key="bob" value-ref="REALMA_bobClaims" />
+ <entry key="bob/service.ws.apache.org@WS.APACHE.ORG" value-ref="REALMA_bobClaims" />
+ <entry key="ted" value-ref="REALMA_tedClaims" />
+ <entry key="ted@WS.APACHE.ORG" value-ref="REALMA_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMA_aliceClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realma.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="User" />
+ </util:map>
+
+ <util:map id="REALMA_bobClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realma.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="User,Manager,Admin" />
+ </util:map>
+
+ <util:map id="REALMA_tedClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realma.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="Secretary" />
+ </util:map>
+
+ <util:map id="userClaimsREALMB">
+ <entry key="ALICE" value-ref="REALMB_aliceClaims" />
+ <entry key="BOB" value-ref="REALMB_bobClaims" />
+ <entry key="TED" value-ref="REALMB_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMB_aliceClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realmb.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER" />
+ </util:map>
+
+ <util:map id="REALMB_bobClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realmb.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER,MANAGER,ADMIN" />
+ </util:map>
+
+ <util:map id="REALMB_tedClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realmb.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="Secretary" />
+ </util:map>
+
+ <util:list id="supportedClaims">
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
+ </util:list>
+
+</beans>