You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/05/09 09:38:05 UTC
[cxf] branch 3.5.x-fixes updated (f8b2df9110 -> ed938a1b97)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
from f8b2df9110 Updating Kerby to 2.0.2
new 7ac9789e7b Update AbstractSTSClient.java (#944)
new ed938a1b97 Adding a test for the NPE fix in AbstractSTSClient
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../cxf/ws/security/trust/AbstractSTSClient.java | 2 +-
.../systest/sts/claims/ClaimsCallbackHandler.java | 30 ++++++++++++++++++++--
.../apache/cxf/systest/sts/claims/ClaimsTest.java | 26 +++++++++++++++++++
...ent-cbhandler.xml => cxf-client-cbhandler2.xml} | 4 ++-
4 files changed, 58 insertions(+), 4 deletions(-)
copy services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/{cxf-client-cbhandler.xml => cxf-client-cbhandler2.xml} (97%)
[cxf] 02/02: Adding a test for the NPE fix in AbstractSTSClient
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit ed938a1b97445d17eb6db2ca8938bc78fd1d911a
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon May 9 10:15:22 2022 +0100
Adding a test for the NPE fix in AbstractSTSClient
(cherry picked from commit 5d72c8df422e453c414a8c8c839c46ae05c43e4d)
---
.../systest/sts/claims/ClaimsCallbackHandler.java | 30 +++++++++-
.../apache/cxf/systest/sts/claims/ClaimsTest.java | 26 ++++++++
.../systest/sts/claims/cxf-client-cbhandler2.xml | 69 ++++++++++++++++++++++
3 files changed, 123 insertions(+), 2 deletions(-)
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
index 457e2802e3..358405e05b 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
@@ -29,6 +29,8 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
/**
@@ -37,13 +39,18 @@ import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
*/
public class ClaimsCallbackHandler implements CallbackHandler {
+ private boolean createClaimCollection;
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof ClaimsCallback) {
ClaimsCallback callback = (ClaimsCallback) callbacks[i];
- callback.setClaims(createClaims());
-
+ if (isCreateClaimCollection()) {
+ callback.setClaims(createClaimCollection());
+ } else {
+ callback.setClaims(createClaims());
+ }
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
@@ -65,4 +72,23 @@ public class ClaimsCallbackHandler implements CallbackHandler {
return claimsElement;
}
+ /**
+ * Create a Claims Element for a "role"
+ */
+ private ClaimCollection createClaimCollection() {
+ ClaimCollection claimCollection = new ClaimCollection();
+ Claim claim = new Claim();
+ claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+ claimCollection.add(claim);
+
+ return claimCollection;
+ }
+
+ public boolean isCreateClaimCollection() {
+ return createClaimCollection;
+ }
+
+ public void setCreateClaimCollection(boolean createClaimCollection) {
+ this.createClaimCollection = createClaimCollection;
+ }
}
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index 3d3a55fb15..d877cd65ba 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -288,6 +288,32 @@ public class ClaimsTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)transportClaimsPort).close();
}
+ // In this test, the WSDL the client is using has no Claims Element (however the service
+ // is using a WSDL that requires Claims). A CallbackHandler is used to send the Claims
+ // Element to the STS.
+ @org.junit.Test
+ public void testSaml2ClaimsCallbackHandler2() throws Exception {
+ createBus(getClass().getResource("cxf-client-cbhandler2.xml").toString());
+
+ URL wsdl = ClaimsTest.class.getResource("DoubleItNoClaims.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
+ DoubleItPortType transportClaimsPort =
+ service.getPort(portQName, DoubleItPortType.class);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ SecurityTestUtil.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
+
+ doubleIt(transportClaimsPort, 25);
+
+ ((java.io.Closeable)transportClaimsPort).close();
+ }
+
@org.junit.Test
public void testSaml2ChildClaims() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
new file mode 100644
index 0000000000..f55f083de3
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler">
+ <property name="createClaimCollection" value="true"/>
+ </bean>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+ <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+ <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+ <property name="properties">
+ <map>
+ <entry key="security.username" value="alice"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.token.username" value="myclientkey"/>
+ <entry key="security.sts.token.properties" value="clientKeystore.properties"/>
+ <entry key="security.sts.token.usecert" value="true"/>
+ </map>
+ </property>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="ckpass">
+ <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+ </sec:keyManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
\ No newline at end of file
[cxf] 01/02: Update AbstractSTSClient.java (#944)
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 7ac9789e7b505f9d3921f4555d88c04c221f4f79
Author: Ćukasz Pasek <lu...@gmail.com>
AuthorDate: Mon May 9 11:14:35 2022 +0200
Update AbstractSTSClient.java (#944)
Fixed NPE in addClaims() when claims callback returns claim collection.
(cherry picked from commit 6a6c2b6b59c6dbe9406ab9297f92af470ca1bf2f)
---
.../main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index f854fd0e3c..56fd82726f 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -1453,7 +1453,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
if (claimsToSerialize instanceof Element) {
StaxUtils.copy((Element)claimsToSerialize, writer);
} else if (claimsToSerialize instanceof ClaimCollection) {
- ClaimCollection claimCollection = (ClaimCollection)claims;
+ ClaimCollection claimCollection = (ClaimCollection)claimsToSerialize;
claimCollection.serialize(writer, "wst", namespace);
}
}