You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/08/31 16:42:09 UTC
svn commit: r1163649 - in /cxf/trunk:
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/
syst...
Author: sergeyb
Date: Wed Aug 31 14:42:09 2011
New Revision: 1163649
URL: http://svn.apache.org/viewvc?rev=1163649&view=rev
Log:
Some minor updates to the way an enveloped SAML token can be signed
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java Wed Aug 31 14:42:09 2011
@@ -45,7 +45,17 @@ public class SamlEnvelopedOutInterceptor
super.addAfter(XmlSigOutInterceptor.class.getName());
super.addBefore(XmlEncOutInterceptor.class.getName());
- }
+ }
+
+ public SamlEnvelopedOutInterceptor(boolean signLater) {
+ if (signLater) {
+ super.addAfter(XmlSigOutInterceptor.class.getName());
+ } else {
+ super.addAfter(XmlSigOutInterceptor.class.getName());
+ }
+
+ super.addBefore(XmlEncOutInterceptor.class.getName());
+ }
protected Document processDocument(Message message, Document doc)
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java Wed Aug 31 14:42:09 2011
@@ -20,6 +20,9 @@ package org.apache.cxf.rs.security.xml;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
import java.util.UUID;
import java.util.logging.Logger;
@@ -47,23 +50,35 @@ import org.opensaml.xml.signature.Signat
public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
+ public static final String ENVELOPED_SIG = "enveloped";
+ public static final String ENVELOPING_SIG = "enveloping";
+ public static final String DETACHED_SIG = "detached";
+
public static final String DEFAULT_ENV_PREFIX = "env";
public static final QName DEFAULT_ENV_QNAME =
new QName("http://org.apache.cxf/rs/env", "Envelope", DEFAULT_ENV_PREFIX);
private static final Logger LOG =
LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
+ private static final Set<String> SUPPORTED_STYLES =
+ new HashSet<String>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
private QName envelopeQName;
- private boolean enveloping;
+ private String sigStyle = ENVELOPED_SIG;
private String defaultSigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
private String digestAlgo = Constants.ALGO_ID_DIGEST_SHA1;
public XmlSigOutInterceptor() {
}
- public void setEnveloping(boolean env) {
- this.enveloping = env;
+ public void setStyle(String style) {
+ if (!SUPPORTED_STYLES.contains(style)) {
+ throw new IllegalArgumentException("Unsupported XML Signature style");
+ }
+ if (DETACHED_SIG.equals(style)) {
+ envelopeQName = DEFAULT_ENV_QNAME;
+ }
+ sigStyle = style;
}
public void setSignatureAlgorithm(String algo) {
@@ -84,6 +99,7 @@ public class XmlSigOutInterceptor extend
private Document createSignature(Message message, Document doc)
throws Exception {
+ boolean enveloping = ENVELOPING_SIG.equals(sigStyle);
if (enveloping && envelopeQName != null) {
throw new IllegalStateException("Enveloping XMLSignature can not have custom envelope names");
}
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java Wed Aug 31 14:42:09 2011
@@ -57,7 +57,7 @@ public class JAXRSSamlTest extends Abstr
public void testGetBookSAMLTokenAsHeader() throws Exception {
String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
- WebClient wc = createWebClient(address, new SamlHeaderOutInterceptor(), null);
+ WebClient wc = createWebClient(address, new SamlHeaderOutInterceptor(), null, true);
try {
Book book = wc.get(Book.class);
@@ -80,7 +80,7 @@ public class JAXRSSamlTest extends Abstr
FormEncodingProvider formProvider = new FormEncodingProvider();
formProvider.setExpectedEncoded(true);
WebClient wc = createWebClient(address, new SamlFormOutInterceptor(),
- formProvider);
+ formProvider, true);
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_XML);
try {
@@ -100,13 +100,22 @@ public class JAXRSSamlTest extends Abstr
}
@Test
- public void testEnvelopedSAMLToken() throws Exception {
+ public void testEnvelopedSelfSignedSAMLToken() throws Exception {
+ doTestEnvelopedSAMLToken(true);
+ }
+
+ @Test
+ public void testEnvelopedUnsignedSAMLToken() throws Exception {
+ doTestEnvelopedSAMLToken(false);
+ }
+
+ public void doTestEnvelopedSAMLToken(boolean signed) throws Exception {
String address = "https://localhost:" + PORT + "/samlxml/bookstore/books";
- WebClient wc = createWebClient(address, new SamlEnvelopedOutInterceptor(),
- null);
+ WebClient wc = createWebClient(address, new SamlEnvelopedOutInterceptor(!signed),
+ null, signed);
XmlSigOutInterceptor xmlSig = new XmlSigOutInterceptor();
- xmlSig.setEnvelopeQName(XmlSigOutInterceptor.DEFAULT_ENV_QNAME);
-
+ xmlSig.setStyle(XmlSigOutInterceptor.DETACHED_SIG);
+
WebClient.getConfig(wc).getOutInterceptors().add(xmlSig);
wc.type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
try {
@@ -126,7 +135,8 @@ public class JAXRSSamlTest extends Abstr
private WebClient createWebClient(String address,
Interceptor<Message> outInterceptor,
- Object provider) {
+ Object provider,
+ boolean selfSign) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
@@ -143,7 +153,9 @@ public class JAXRSSamlTest extends Abstr
properties.put("ws-security.signature.username", "alice");
properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
- properties.put("ws-security.self-sign-saml-assertion", "true");
+ if (selfSign) {
+ properties.put("ws-security.self-sign-saml-assertion", "true");
+ }
bean.setProperties(properties);
bean.getOutInterceptors().add(outInterceptor);
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1163649&r1=1163648&r2=1163649&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Wed Aug 31 14:42:09 2011
@@ -72,7 +72,7 @@ public class JAXRSXmlSecTest extends Abs
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
- sigInterceptor.setEnveloping(enveloping);
+ sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
bean.getOutInterceptors().add(sigInterceptor);
bean.setServiceClass(BookStore.class);
@@ -120,7 +120,7 @@ public class JAXRSXmlSecTest extends Abs
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
- sigInterceptor.setEnveloping(enveloping);
+ sigInterceptor.setStyle(XmlSigOutInterceptor.ENVELOPING_SIG);
bean.getOutInterceptors().add(sigInterceptor);