You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/07/18 12:24:30 UTC
svn commit: r1504414 - in /webservices/wss4j/branches/1_6_x-fixes/src:
main/java/org/apache/ws/security/saml/ext/bean/
main/java/org/apache/ws/security/saml/ext/builder/
test/java/org/apache/ws/security/common/
test/java/org/apache/ws/security/saml/
Author: coheigea
Date: Thu Jul 18 10:24:29 2013
New Revision: 1504414
URL: http://svn.apache.org/r1504414
Log:
[WSS-467] - Support creating SAML 2.0 Tokens with the AuthnStatement SessionNotOnOrAfter attribute.
Conflicts:
src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java?rev=1504414&r1=1504413&r2=1504414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java Thu Jul 18 10:24:29 2013
@@ -30,7 +30,8 @@ import org.joda.time.DateTime;
*/
public class AuthenticationStatementBean {
private SubjectBean subject;
- DateTime authenticationInstant;
+ private DateTime sessionNotOnOrAfter;
+ private DateTime authenticationInstant;
private String authenticationMethod;
private SubjectLocalityBean subjectLocality;
private String sessionIndex;
@@ -40,7 +41,7 @@ public class AuthenticationStatementBean
*/
public AuthenticationStatementBean() {
}
-
+
/**
* Construct a new AuthenticationStatementBean
*
@@ -53,9 +54,27 @@ public class AuthenticationStatementBean
String authenticationMethod,
DateTime authenticationInstant
) {
+ this(subject, authenticationMethod, authenticationInstant, null);
+ }
+
+ /**
+ * Construct a new AuthenticationStatementBean
+ *
+ * @param subject the Subject to set
+ * @param authenticationMethod the Authentication Method to set
+ * @param authenticationInstant the Authentication Instant to set
+ * @param sessionNotOnOrAfter the Session NotOnOrAfter time to set
+ */
+ public AuthenticationStatementBean(
+ SubjectBean subject,
+ String authenticationMethod,
+ DateTime authenticationInstant,
+ DateTime sessionNotOnOrAfter
+ ) {
this.subject = subject;
this.authenticationMethod = authenticationMethod;
this.authenticationInstant = authenticationInstant;
+ this.sessionNotOnOrAfter = sessionNotOnOrAfter;
}
/**
@@ -107,6 +126,22 @@ public class AuthenticationStatementBean
}
/**
+ * Get the sessionNotOnOrAfter
+ * @return the sessionNotOnOrAfter
+ */
+ public DateTime getSessionNotOnOrAfter() {
+ return sessionNotOnOrAfter;
+ }
+
+ /**
+ * Set the sessionNotOnOrAfter
+ * @param sessionNotOnOrAfter the sessionNotOnOrAfter
+ */
+ public void setSessionNotOnOrAfter(DateTime sessionNotOnOrAfter) {
+ this.sessionNotOnOrAfter = sessionNotOnOrAfter;
+ }
+
+ /**
* Get Subject Locality.
*
* @return the subjectLocality
@@ -156,6 +191,13 @@ public class AuthenticationStatementBean
return false;
}
+ if (sessionNotOnOrAfter == null && that.sessionNotOnOrAfter != null) {
+ return false;
+ } else if (sessionNotOnOrAfter != null
+ && !sessionNotOnOrAfter.equals(that.sessionNotOnOrAfter)) {
+ return false;
+ }
+
if (authenticationMethod == null && that.authenticationMethod != null) {
return false;
} else if (authenticationMethod != null
@@ -189,6 +231,7 @@ public class AuthenticationStatementBean
public int hashCode() {
int result = subject != null ? subject.hashCode() : 0;
result = 31 * result + (authenticationInstant != null ? authenticationInstant.hashCode() : 0);
+ result = 31 * result + (sessionNotOnOrAfter != null ? sessionNotOnOrAfter.hashCode() : 0);
result = 31 * result + (authenticationMethod != null ? authenticationMethod.hashCode() : 0);
result = 31 * result + (subjectLocality != null ? subjectLocality.hashCode() : 0);
result = 31 * result + (sessionIndex != null ? sessionIndex.hashCode() : 0);
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1504414&r1=1504413&r2=1504414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java Thu Jul 18 10:24:29 2013
@@ -280,6 +280,11 @@ public final class SAML2ComponentBuilder
}
authnStatement.setAuthnInstant(authInstant);
+ DateTime sessionNotOnOrAfter = statementBean.getSessionNotOnOrAfter();
+ if (sessionNotOnOrAfter != null) {
+ authnStatement.setSessionNotOnOrAfter(sessionNotOnOrAfter);
+ }
+
if (statementBean.getSessionIndex() != null) {
authnStatement.setSessionIndex(statementBean.getSessionIndex());
}
Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1504414&r1=1504413&r2=1504414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java Thu Jul 18 10:24:29 2013
@@ -33,6 +33,7 @@ import org.apache.ws.security.saml.ext.b
import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.joda.time.DateTime;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -65,6 +66,7 @@ public abstract class AbstractSAMLCallba
protected String subjectNameIDFormat = null;
protected String subjectLocalityIpAddress = null;
protected String subjectLocalityDnsAddress = null;
+ protected DateTime sessionNotOnOrAfter = null;
protected String resource = null;
protected List<?> customAttributeValues = null;
protected ConditionsBean conditions = null;
@@ -82,6 +84,10 @@ public abstract class AbstractSAMLCallba
confirmationMethod = confMethod;
}
+ public void setSessionNotOnOrAfter(DateTime sessionNotOnOrAfter) {
+ this.sessionNotOnOrAfter = sessionNotOnOrAfter;
+ }
+
public void setStatement(Statement statement) {
this.statement = statement;
}
@@ -135,6 +141,7 @@ public abstract class AbstractSAMLCallba
authBean.setSubjectLocality(subjectLocality);
}
authBean.setAuthenticationMethod("Password");
+ authBean.setSessionNotOnOrAfter(sessionNotOnOrAfter);
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
} else if (statement == Statement.ATTR) {
AttributeStatementBean attrBean = new AttributeStatementBean();
Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1504414&r1=1504413&r2=1504414&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Thu Jul 18 10:24:29 2013
@@ -607,6 +607,46 @@ public class SamlTokenTest extends org.j
}
/**
+ * Test that creates, sends and processes an unsigned SAML 2.0 authentication assertion with
+ * a user-specified SessionNotOnOrAfter DateTime.
+ */
+ @org.junit.Test
+ public void testSAML2SessionNotOnOrAfter() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setSessionNotOnOrAfter(new DateTime().plusHours(1));
+ callbackHandler.setIssuer("www.example.com");
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 2.0 Authn Assertion (sender vouches):");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.contains("SessionNotOnOrAfter"));
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedSamlAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedSamlAssertion != null);
+ assertFalse(receivedSamlAssertion.isSigned());
+ }
+
+ /**
* Test that creates, sends and processes an unsigned SAML 2 authentication assertion with
* a user-specified SubjectLocality statement.
*/