You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/02/06 17:26:47 UTC
svn commit: r1565326 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/
...
Author: coheigea
Date: Thu Feb 6 16:26:46 2014
New Revision: 1565326
URL: http://svn.apache.org/r1565326
Log:
Adding support for sending Claims via the Validate binding + a test
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java Thu Feb 6 16:26:46 2014
@@ -1056,6 +1056,8 @@ public abstract class AbstractSTSClient
writer.writeStartElement("wst", "TokenType", namespace);
writer.writeCharacters(tokentype);
writer.writeEndElement();
+
+ addClaims(writer);
writer.writeStartElement("wst", "ValidateTarget", namespace);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Feb 6 16:26:46 2014
@@ -45,7 +45,6 @@ import javax.xml.transform.dom.DOMSource
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
@@ -75,6 +74,7 @@ import org.apache.wss4j.common.ext.WSPas
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.CustomTokenPrincipal;
import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
@@ -539,16 +539,18 @@ public class WSS4JInInterceptor extends
if (!utWithCallbacks) {
WSS4JTokenConverter.convertToken(msg, p);
}
- Object receivedAssertion = null;
+ Object receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ if (receivedAssertion == null) {
+ receivedAssertion = o.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
+ }
List<String> roles = null;
- if (o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
+ if (receivedAssertion instanceof SamlAssertionWrapper) {
String roleAttributeName = (String)msg.getContextualProperty(
SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
- receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
SAMLSecurityContext context = createSecurityContext(p, roles);
context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java Thu Feb 6 16:26:46 2014
@@ -37,6 +37,9 @@ import org.junit.BeforeClass;
* The provider dispatches the Username Token to an STS for validation (via TLS), and also
* send a TokenType corresponding to a SAML2 Assertion. The STS will create the requested
* SAML Assertion after validation and return it to the provider.
+ *
+ * In the second test, the service will also send some claims to the STS for inclusion in the
+ * SAML Token, and validate the result.
*/
public class TransformationTest extends AbstractBusClientServerTestBase {
@@ -92,6 +95,29 @@ public class TransformationTest extends
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testTokenTransformationClaims() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = TransformationTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = TransformationTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportUTClaimsPort");
+ DoubleItPortType transportUTPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportUTPort, PORT);
+
+ doubleIt(transportUTPort, 25);
+
+ ((java.io.Closeable)transportUTPort).close();
+ bus.shutdown(true);
+ }
+
private static void doubleIt(DoubleItPortType port, int numToDouble) {
int resp = port.doubleIt(numToDouble);
assertEquals(numToDouble * 2 , resp);
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml Thu Feb 6 16:26:46 2014
@@ -41,6 +41,7 @@
<property name="tokenProviders" ref="transportTokenProviders"/>
<property name="tokenValidators" ref="transportTokenValidators"/>
<property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="claimsManager" ref="claimsManager"/>
<property name="tokenStore" ref="defaultTokenStore"/>
</bean>
<bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl Thu Feb 6 16:26:46 2014
@@ -38,6 +38,9 @@
<wsdl:port name="DoubleItTransportUTPort" binding="tns:DoubleItTransportUTBinding">
<soap:address location="https://localhost:8081/doubleit/services/doubleittransportut"/>
</wsdl:port>
+ <wsdl:port name="DoubleItTransportUTClaimsPort" binding="tns:DoubleItTransportUTBinding">
+ <soap:address location="https://localhost:8081/doubleit/services/doubleittransportutclaims"/>
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItBindingTransportUTPolicy">
<wsp:ExactlyOne>
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-client.xml Thu Feb 6 16:26:46 2014
@@ -29,6 +29,12 @@
<entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportUTClaimsPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ </jaxws:properties>
+ </jaxws:client>
<http:conduit name="https://localhost:.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml?rev=1565326&r1=1565325&r2=1565326&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml Thu Feb 6 16:26:46 2014
@@ -41,6 +41,39 @@
</entry>
</jaxws:properties>
</jaxws:endpoint>
+
+ <bean id="authzInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+ <property name="methodRolesMap">
+ <map>
+ <entry key="doubleIt" value="admin-user"/>
+ </map>
+ </property>
+ </bean>
+
+ <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler"/>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportutclaims" implementor="org.apache.cxf.systest.sts.transformation.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportUTClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportutclaims" wsdlLocation="org/apache/cxf/systest/sts/transformation/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.ut.validator">
+ <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>
+ </entry>
+ <entry key="ws-security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+ <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+ <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ <jaxws:inInterceptors>
+ <ref bean="authzInterceptor"/>
+ </jaxws:inInterceptors>
+ </jaxws:endpoint>
+
<httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
<httpj:engine port="${testutil.ports.Server}">
<httpj:tlsServerParameters>