You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2012/03/06 18:33:05 UTC
svn commit: r1297588 [2/2] - in /cxf/trunk/services/sts:
sts-core/src/main/java/org/apache/cxf/sts/
sts-core/src/main/java/org/apache/cxf/sts/claims/
sts-core/src/main/java/org/apache/cxf/sts/operation/
sts-core/src/main/java/org/apache/cxf/sts/token/p...
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java?rev=1297588&r1=1297587&r2=1297588&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java Tue Mar 6 17:33:04 2012
@@ -26,6 +26,7 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
+import javax.security.auth.callback.CallbackHandler;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -42,15 +43,29 @@ import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.StaticSTSProperties;
import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
import org.apache.cxf.sts.claims.ClaimsHandler;
import org.apache.cxf.sts.claims.ClaimsManager;
+import org.apache.cxf.sts.claims.ClaimsMapper;
+import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
import org.apache.cxf.sts.common.CustomAttributeProvider;
import org.apache.cxf.sts.common.CustomClaimsHandler;
import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.realm.Relationship;
import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec;
+import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
import org.apache.cxf.sts.token.validator.TokenValidator;
import org.apache.cxf.sts.token.validator.UsernameTokenValidator;
import org.apache.cxf.ws.security.sts.provider.STSException;
@@ -65,13 +80,14 @@ import org.apache.cxf.ws.security.sts.pr
import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
import org.apache.ws.security.CustomTokenPrincipal;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.saml.ext.builder.SAML2Constants;
import org.apache.ws.security.util.DOM2Writer;
/**
- * In this test, a token (UsernameToken) is validated and transformed into a SAML Assertion.
+ * In this test, a token (UsernameToken or SAMLToken) is validated and transformed into a SAML Assertion.
*/
public class ValidateTokenTransformationUnitTest extends org.junit.Assert {
@@ -231,7 +247,7 @@ public class ValidateTokenTransformation
// expected
}
- samlTokenProvider.setRealmMap(getSamlRealms());
+ samlTokenProvider.setRealmMap(createSamlRealms());
RequestSecurityTokenResponseType response = validateOperation.validate(request, webServiceContext);
assertTrue(validateResponse(response));
@@ -272,6 +288,167 @@ public class ValidateTokenTransformation
runUsernameTokenTransformationClaims(true);
}
+
+ /**
+ * Test to successfully validate a SAML 2 Token issued by realm "A" and
+ * transform it into a SAML 2 token (realm "B")
+ * The relationship type between realm A and B is: FederateIdentity
+ * IdentityMapper is configured globally in STSPropertiesMBean
+ */
+ @org.junit.Test
+ public void testValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentityGlobalConfig()
+ throws Exception {
+ runValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentity(true);
+ }
+
+ /**
+ * Test to successfully validate a SAML 2 Token issued by realm "A" and
+ * transform it into a SAML 2 token (realm "B")
+ * The relationship type between realm A and B is: FederateIdentity
+ * IdentityMapper is configured in the Relationship
+ */
+ @org.junit.Test
+ //[TODO] should work after Relationship support in validateoperation
+ public void testValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentityRelationshipConfig()
+ throws Exception {
+ runValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentity(false);
+ }
+
+
+
+
+ /**
+ * Test to successfully validate a SAML 2 Token issued by realm "A" and
+ * transform it into a SAML 2 token (realm "B")
+ * The relationship type between realm A and B is: FederateClaims
+ */
+ @org.junit.Test
+ public void testValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims() throws Exception {
+ TokenValidateOperation validateOperation = new TokenValidateOperation();
+
+ Map<String, SAMLRealm> realms = createSamlRealms();
+
+ // Add Token Provider
+ List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+ SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
+ samlTokenProvider.setRealmMap(realms);
+ List<AttributeStatementProvider> customProviderList =
+ new ArrayList<AttributeStatementProvider>();
+ customProviderList.add(new ClaimsAttributeStatementProvider());
+ samlTokenProvider.setAttributeStatementProviders(customProviderList);
+ providerList.add(samlTokenProvider);
+ validateOperation.setTokenProviders(providerList);
+
+ // Add Token Validator
+ List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
+ SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
+ samlTokenValidator.setSamlRealmCodec(new IssuerSAMLRealmCodec());
+ validatorList.add(samlTokenValidator);
+ validateOperation.setTokenValidators(validatorList);
+
+ // Add Service
+ ServiceMBean service = new StaticService();
+ service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+ validateOperation.setServices(Collections.singletonList(service));
+
+ // Add Relationship list
+ List<Relationship> relationshipList = new ArrayList<Relationship>();
+ Relationship rs = createRelationship();
+ relationshipList.add(rs);
+
+ // Add STSProperties object
+ Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+ STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
+ stsProperties.setRealmParser(new CustomRealmParser());
+ stsProperties.setIdentityMapper(new CustomIdentityMapper());
+ stsProperties.setRelationships(relationshipList);
+ validateOperation.setStsProperties(stsProperties);
+
+ // Set the ClaimsManager
+ ClaimsManager claimsManager = new ClaimsManager();
+ claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)new CustomClaimsHandler()));
+ validateOperation.setClaimsManager(claimsManager);
+
+ // Mock up a request
+ RequestSecurityTokenType request = new RequestSecurityTokenType();
+ JAXBElement<String> tokenType =
+ new JAXBElement<String>(
+ QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML2_TOKEN_TYPE
+ );
+ request.getAny().add(tokenType);
+
+ // Add a ClaimsType
+ ClaimsType claimsType = new ClaimsType();
+ claimsType.setDialect(STSConstants.IDT_NS_05_05);
+
+ Document doc = DOMUtils.createDocument();
+ Element claimType = createClaimsType(doc);
+ claimsType.getAny().add(claimType);
+
+ JAXBElement<ClaimsType> claimsTypeJaxb =
+ new JAXBElement<ClaimsType>(
+ QNameConstants.CLAIMS, ClaimsType.class, claimsType
+ );
+ request.getAny().add(claimsTypeJaxb);
+
+ //request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+
+ // create a SAML Token via the SAMLTokenProvider which contains claims
+ CallbackHandler callbackHandler = new PasswordCallbackHandler();
+ Element samlToken =
+ createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",
+ callbackHandler, realms);
+ Document docToken = samlToken.getOwnerDocument();
+ samlToken = (Element)docToken.appendChild(samlToken);
+ String samlString = DOM2Writer.nodeToString(samlToken);
+ assertTrue(samlString.contains("AttributeStatement"));
+ assertTrue(samlString.contains("alice"));
+ assertTrue(samlString.contains("doe"));
+ assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
+
+ // Add SAML token as ValidateTarget element
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(samlToken);
+ JAXBElement<ValidateTargetType> validateTargetType =
+ new JAXBElement<ValidateTargetType>(
+ QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
+ );
+ request.getAny().add(validateTargetType);
+
+
+ // Mock up message context
+ MessageImpl msg = new MessageImpl();
+ WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+ msgCtx.put("url", "https");
+ WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+
+ // run the test
+ RequestSecurityTokenResponseType response =
+ validateOperation.validate(request, webServiceContext);
+ assertTrue(validateResponse(response));
+
+ // Test the generated token.
+ Element assertion = null;
+ for (Object tokenObject : response.getAny()) {
+ if (tokenObject instanceof JAXBElement<?>
+ && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName())) {
+ RequestedSecurityTokenType rstType =
+ (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+ assertion = (Element)rstType.getAny();
+ break;
+ }
+ }
+
+ assertNotNull(assertion);
+ String tokenString = DOM2Writer.nodeToString(assertion);
+ assertTrue(tokenString.contains("AttributeStatement"));
+ assertTrue(tokenString.contains("alice")); //subject unchanged
+ assertTrue(tokenString.contains("DOE")); //claim changed (to uppercase)
+ assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+ }
+
+
+
/**
* Test to successfully validate a UsernameToken and transform it into a SAML Assertion with claims.
*/
@@ -339,7 +516,7 @@ public class ValidateTokenTransformation
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
msgCtx.put(
SecurityContext.class.getName(),
- createSecurityContext(new CustomTokenPrincipal("alice"))
+ createSecurityContext(new CustomTokenPrincipal("ted"))
);
WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
@@ -365,9 +542,141 @@ public class ValidateTokenTransformation
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
- assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
+ assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
}
+
+ private void runValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentity(
+ boolean useGlobalIdentityMapper) throws WSSecurityException {
+ TokenValidateOperation validateOperation = new TokenValidateOperation();
+
+ Map<String, SAMLRealm> realms = createSamlRealms();
+
+ // Add Token Provider
+ List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+ SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
+ samlTokenProvider.setRealmMap(realms);
+ List<AttributeStatementProvider> customProviderList =
+ new ArrayList<AttributeStatementProvider>();
+ customProviderList.add(new ClaimsAttributeStatementProvider());
+ samlTokenProvider.setAttributeStatementProviders(customProviderList);
+ providerList.add(samlTokenProvider);
+ validateOperation.setTokenProviders(providerList);
+
+ // Add Token Validator
+ List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
+ SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
+ samlTokenValidator.setSamlRealmCodec(new IssuerSAMLRealmCodec());
+ validatorList.add(samlTokenValidator);
+ validateOperation.setTokenValidators(validatorList);
+
+ // Add Service
+ ServiceMBean service = new StaticService();
+ service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+ validateOperation.setServices(Collections.singletonList(service));
+
+ // Add Relationship list
+ List<Relationship> relationshipList = new ArrayList<Relationship>();
+ Relationship rs = createRelationship();
+ rs.setType(Relationship.FED_TYPE_IDENTITY);
+ rs.setIdentityMapper(new CustomIdentityMapper());
+ relationshipList.add(rs);
+
+ // Add STSProperties object
+ Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+ STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
+ stsProperties.setRealmParser(new CustomRealmParser());
+ if (useGlobalIdentityMapper) {
+ stsProperties.setIdentityMapper(new CustomIdentityMapper());
+ } else {
+ stsProperties.setRelationships(relationshipList);
+ }
+ validateOperation.setStsProperties(stsProperties);
+
+ // Set the ClaimsManager
+ ClaimsManager claimsManager = new ClaimsManager();
+ claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler)new CustomClaimsHandler()));
+ validateOperation.setClaimsManager(claimsManager);
+
+ // Mock up a request
+ RequestSecurityTokenType request = new RequestSecurityTokenType();
+ JAXBElement<String> tokenType =
+ new JAXBElement<String>(
+ QNameConstants.TOKEN_TYPE, String.class, WSConstants.WSS_SAML2_TOKEN_TYPE
+ );
+ request.getAny().add(tokenType);
+
+ // Add a ClaimsType
+ ClaimsType claimsType = new ClaimsType();
+ claimsType.setDialect(STSConstants.IDT_NS_05_05);
+
+ Document doc = DOMUtils.createDocument();
+ Element claimType = createClaimsType(doc);
+ claimsType.getAny().add(claimType);
+
+ JAXBElement<ClaimsType> claimsTypeJaxb =
+ new JAXBElement<ClaimsType>(
+ QNameConstants.CLAIMS, ClaimsType.class, claimsType
+ );
+ request.getAny().add(claimsTypeJaxb);
+
+ //request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+
+ // create a SAML Token via the SAMLTokenProvider which contains claims
+ CallbackHandler callbackHandler = new PasswordCallbackHandler();
+ Element samlToken =
+ createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",
+ callbackHandler, realms);
+ Document docToken = samlToken.getOwnerDocument();
+ samlToken = (Element)docToken.appendChild(samlToken);
+ String samlString = DOM2Writer.nodeToString(samlToken);
+ assertTrue(samlString.contains("AttributeStatement"));
+ assertTrue(samlString.contains("alice"));
+ assertTrue(samlString.contains("doe"));
+ assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
+
+ // Add SAML token as ValidateTarget element
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(samlToken);
+ JAXBElement<ValidateTargetType> validateTargetType =
+ new JAXBElement<ValidateTargetType>(
+ QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
+ );
+ request.getAny().add(validateTargetType);
+
+
+ // Mock up message context
+ MessageImpl msg = new MessageImpl();
+ WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+ msgCtx.put("url", "https");
+ WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+
+ // run the test
+ RequestSecurityTokenResponseType response =
+ validateOperation.validate(request, webServiceContext);
+ assertTrue(validateResponse(response));
+
+ // Test the generated token.
+ Element assertion = null;
+ for (Object tokenObject : response.getAny()) {
+ if (tokenObject instanceof JAXBElement<?>
+ && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName())) {
+ RequestedSecurityTokenType rstType =
+ (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+ assertion = (Element)rstType.getAny();
+ break;
+ }
+ }
+
+ assertNotNull(assertion);
+ String tokenString = DOM2Writer.nodeToString(assertion);
+ assertTrue(tokenString.contains("AttributeStatement"));
+ assertTrue(tokenString.contains("ALICE")); //subject changed (to uppercase)
+ assertTrue(tokenString.contains("doe")); //claim unchanged but requested
+ assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
+ }
+
+
/*
* Create a security context object
*/
@@ -382,7 +691,32 @@ public class ValidateTokenTransformation
};
}
- private Map<String, SAMLRealm> getSamlRealms() {
+ private Relationship createRelationship() {
+ Relationship rs = new Relationship();
+ ClaimsMapper claimsMapper = new CustomClaimsMapper();
+ rs.setClaimsMapper(claimsMapper);
+ rs.setSourceRealm("A");
+ rs.setTargetRealm("B");
+ rs.setType(Relationship.FED_TYPE_CLAIMS);
+ return rs;
+ }
+
+
+ /*
+ * Create STSPropertiesMBean object
+ */
+ private STSPropertiesMBean createSTSPropertiesMBean(Crypto crypto) throws WSSecurityException {
+ STSPropertiesMBean stsProperties = new StaticSTSProperties();
+ stsProperties.setEncryptionCrypto(crypto);
+ stsProperties.setSignatureCrypto(crypto);
+ stsProperties.setEncryptionUsername("myservicekey");
+ stsProperties.setSignatureUsername("mystskey");
+ stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+ stsProperties.setIssuer("STS");
+ return stsProperties;
+ }
+
+ private Map<String, SAMLRealm> createSamlRealms() {
// Create Realms
Map<String, SAMLRealm> samlRealms = new HashMap<String, SAMLRealm>();
SAMLRealm samlRealm = new SAMLRealm();
@@ -491,11 +825,91 @@ public class ValidateTokenTransformation
private Element createClaimsType(Document doc) {
Element claimType = doc.createElementNS(STSConstants.IDT_NS_05_05, "ClaimType");
claimType.setAttributeNS(
- null, "Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ null, "Uri", ClaimTypes.LASTNAME.toString()
);
claimType.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", STSConstants.IDT_NS_05_05);
return claimType;
}
+ /*
+ * Mock up an SAML assertion element
+ */
+ private Element createSAMLAssertion(
+ String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
+ Map<String, SAMLRealm> realms
+ ) throws WSSecurityException {
+
+ SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
+ samlTokenProvider.setRealmMap(realms);
+ List<AttributeStatementProvider> customProviderList =
+ new ArrayList<AttributeStatementProvider>();
+ customProviderList.add(new ClaimsAttributeStatementProvider());
+ samlTokenProvider.setAttributeStatementProviders(customProviderList);
+
+ TokenProviderParameters providerParameters =
+ createProviderParameters(
+ tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
+ );
+ if (realms != null) {
+ providerParameters.setRealm("A");
+ }
+
+ // Set the ClaimsManager
+ ClaimsManager claimsManager = new ClaimsManager();
+ ClaimsHandler claimsHandler = new CustomClaimsHandler();
+ claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+ providerParameters.setClaimsManager(claimsManager);
+
+ RequestClaimCollection requestedClaims = new RequestClaimCollection();
+ RequestClaim requestClaim = new RequestClaim();
+ requestClaim.setClaimType(ClaimTypes.LASTNAME);
+ requestClaim.setOptional(false);
+ requestedClaims.add(requestClaim);
+ providerParameters.setRequestedClaims(requestedClaims);
+
+ TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ return providerResponse.getToken();
+ }
+
+ private TokenProviderParameters createProviderParameters(
+ String tokenType, String keyType, Crypto crypto,
+ String signatureUsername, CallbackHandler callbackHandler
+ ) throws WSSecurityException {
+ TokenProviderParameters parameters = new TokenProviderParameters();
+
+ TokenRequirements tokenRequirements = new TokenRequirements();
+ tokenRequirements.setTokenType(tokenType);
+ parameters.setTokenRequirements(tokenRequirements);
+
+ KeyRequirements keyRequirements = new KeyRequirements();
+ keyRequirements.setKeyType(keyType);
+ parameters.setKeyRequirements(keyRequirements);
+
+ parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+ // Mock up message context
+ MessageImpl msg = new MessageImpl();
+ WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+ WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+ parameters.setWebServiceContext(webServiceContext);
+
+ parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+
+ // Add STSProperties object
+ StaticSTSProperties stsProperties = new StaticSTSProperties();
+ stsProperties.setSignatureCrypto(crypto);
+ stsProperties.setSignatureUsername(signatureUsername);
+ stsProperties.setCallbackHandler(callbackHandler);
+ stsProperties.setIssuer("STS");
+ parameters.setStsProperties(stsProperties);
+
+ parameters.setEncryptionProperties(new EncryptionProperties());
+
+ return parameters;
+ }
+
+
}
Modified: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java?rev=1297588&r1=1297587&r2=1297588&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java (original)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java Tue Mar 6 17:33:04 2012
@@ -36,6 +36,7 @@ import org.apache.cxf.sts.common.CustomA
import org.apache.cxf.sts.common.PasswordCallbackHandler;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.ReceivedToken.STATE;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString;
@@ -72,6 +73,10 @@ public class SAMLProviderOnBehalfOfTest
createProviderParameters(
WSConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType
);
+ //Principal must be set in ReceivedToken/OnBehalfOf
+ providerParameters.getTokenRequirements().getOnBehalfOf().setPrincipal(
+ new CustomTokenPrincipal(username.getValue()));
+
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
@@ -92,12 +97,17 @@ public class SAMLProviderOnBehalfOfTest
public void testDefaultSaml2OnBehalfOfAssertion() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
- Element saml1Assertion = getSAMLAssertion();
+ String user = "alice";
+ Element saml1Assertion = getSAMLAssertion(user);
TokenProviderParameters providerParameters =
createProviderParameters(
WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, saml1Assertion
);
+ //Principal must be set in ReceivedToken/OnBehalfOf
+ providerParameters.getTokenRequirements().getOnBehalfOf().setPrincipal(
+ new CustomTokenPrincipal(user));
+
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
@@ -107,6 +117,7 @@ public class SAMLProviderOnBehalfOfTest
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
+ assertTrue(tokenString.contains(user));
assertTrue(tokenString.contains("OnBehalfOf"));
}
@@ -131,6 +142,10 @@ public class SAMLProviderOnBehalfOfTest
createProviderParameters(
WSConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType
);
+ //Principal must be set in ReceivedToken/OnBehalfOf
+ providerParameters.getTokenRequirements().getOnBehalfOf().setPrincipal(
+ new CustomTokenPrincipal(username.getValue()));
+
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
@@ -163,10 +178,11 @@ public class SAMLProviderOnBehalfOfTest
}
- private Element getSAMLAssertion() throws Exception {
+ private Element getSAMLAssertion(String user) throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
+ providerParameters.setPrincipal(new CustomTokenPrincipal(user));
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
@@ -186,7 +202,9 @@ public class SAMLProviderOnBehalfOfTest
if (onBehalfOf != null) {
ReceivedToken onBehalfOfToken = new ReceivedToken(onBehalfOf);
+ onBehalfOfToken.setValidationState(STATE.VALID);
tokenRequirements.setOnBehalfOf(onBehalfOfToken);
+
}
parameters.setTokenRequirements(tokenRequirements);
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java?rev=1297588&r1=1297587&r2=1297588&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java Tue Mar 6 17:33:04 2012
@@ -42,7 +42,6 @@ public class DoubleItPortTypeImpl implem
Assert.assertNotNull("Principal must not be null", pr);
Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
-
return numberToDouble * 2;
}
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java?rev=1297588&r1=1297587&r2=1297588&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java Tue Mar 6 17:33:04 2012
@@ -87,6 +87,7 @@ public class IntermediaryCachingPortType
Assert.assertNotNull("Principal must not be null", pr);
Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
+ Assert.assertEquals("Princiapl must be alice", "alice", pr.getName());
// Disable the STSClient after the first invocation
if (i > 0) {
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameTokenValidator.java?rev=1297588&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameTokenValidator.java Tue Mar 6 17:33:04 2012
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.username_onbehalfof;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
+import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+public class UsernameTokenValidator implements TokenValidator {
+
+ /**
+ * Return true if this TokenValidator implementation is capable of validating the
+ * ReceivedToken argument.
+ */
+ public boolean canHandleToken(ReceivedToken validateTarget) {
+ return canHandleToken(validateTarget, null);
+ }
+
+ /**
+ * Return true if this TokenValidator implementation is capable of validating the
+ * ReceivedToken argument. The realm is ignored in this token Validator.
+ */
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+ if (validateTarget.getToken() instanceof UsernameTokenType) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Validate a Token using the given TokenValidatorParameters.
+ */
+ public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+ TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+ ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+
+ UsernameTokenType usernameTokenType = (UsernameTokenType)validateTarget.getToken();
+ // Ignore the fact that no password is provided
+ // Some other requirements must be met to issue a token onbehalfof a subject
+ // whose authentication is not proofen
+ TokenValidatorResponse response = new TokenValidatorResponse();
+ response.setValid(true);
+ response.setPrincipal(new CustomTokenPrincipal(usernameTokenType.getUsername().getValue()));
+
+ return response;
+ }
+
+}
+
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1297588&r1=1297587&r2=1297588&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml Tue Mar 6 17:33:04 2012
@@ -55,6 +55,7 @@
<bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
<property name="services" ref="transportService" />
<property name="stsProperties" ref="transportSTSProperties" />
</bean>
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml?rev=1297588&r1=1297587&r2=1297588&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509.xml Tue Mar 6 17:33:04 2012
@@ -49,6 +49,7 @@
<bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="x509SamlTokenProvider" />
+ <property name="tokenValidators" ref="x509TokenValidatorsOBO" />
<property name="services" ref="x509Service" />
<property name="stsProperties" ref="x509STSProperties" />
</bean>
@@ -63,6 +64,11 @@
<bean id="x509SamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
</bean>
+
+ <util:list id="x509TokenValidatorsOBO">
+ <ref bean="x509SamlTokenValidator" />
+ <bean class="org.apache.cxf.systest.sts.username_onbehalfof.UsernameTokenValidator" />
+ </util:list>
<bean id="x509Service" class="org.apache.cxf.sts.service.StaticService">
<property name="endpoints" ref="x509Endpoints" />