You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/02/08 17:34:46 UTC
[4/6] cxf git commit: Adding AppliesTo support
Adding AppliesTo support
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ddc0034a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ddc0034a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ddc0034a
Branch: refs/heads/master
Commit: ddc0034a6345578edcd551ec158dd324af7b2eaf
Parents: aef773a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 11:58:36 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:34:01 2016 +0000
----------------------------------------------------------------------
.../cxf/sts/rest/RESTSecurityTokenService.java | 5 +-
.../sts/rest/RESTSecurityTokenServiceImpl.java | 27 +++++++--
.../cxf/systest/sts/rest/RESTUnitTest.java | 62 ++++++++++++++++++++
3 files changed, 87 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index a68194d..3014da3 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -62,7 +62,8 @@ public interface RESTSecurityTokenService {
MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
})
Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
- @QueryParam("claim") List<String> requestedClaims);
+ @QueryParam("claim") List<String> requestedClaims,
+ @QueryParam("appliesTo") String appliesTo);
@GET
@Path("ws-trust/{tokenType}")
@@ -70,7 +71,7 @@ public interface RESTSecurityTokenService {
MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
})
Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
- @QueryParam("claim") List<String> requestedClaims);
+ @QueryParam("claim") List<String> requestedClaims, @QueryParam("appliesTo") String appliesTo);
@POST
@Produces({
http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index ae454ab..181a05a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -90,9 +90,9 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
private boolean requestClaimsOptional = true;
@Override
- public Response getToken(String tokenType, String keyType, List<String> requestedClaims) {
+ public Response getToken(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
RequestSecurityTokenResponseType response =
- issueToken(tokenType, keyType, requestedClaims);
+ issueToken(tokenType, keyType, requestedClaims, appliesTo);
RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
@@ -100,8 +100,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
}
@Override
- public Response getTokenViaWSTrust(String tokenType, String keyType, List<String> requestedClaims) {
- return getToken(tokenType, keyType, requestedClaims);
+ public Response getTokenViaWSTrust(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
+ return getToken(tokenType, keyType, requestedClaims, appliesTo);
}
private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
@@ -119,7 +119,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
private RequestSecurityTokenResponseType issueToken(
String tokenType,
String keyType,
- List<String> requestedClaims
+ List<String> requestedClaims,
+ String appliesTo
) {
if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
tokenType = tokenTypeMap.get(tokenType);
@@ -158,6 +159,22 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
}
request.getAny().add(claims);
}
+
+ if (appliesTo != null) {
+ String wspNamespace = "http://www.w3.org/ns/ws-policy";
+ Document doc = DOMUtils.createDocument();
+ Element appliesToElement = doc.createElementNS(wspNamespace, "AppliesTo");
+
+ String addressingNamespace = "http://www.w3.org/2005/08/addressing";
+ Element eprElement = doc.createElementNS(addressingNamespace, "EndpointReference");
+ Element addressElement = doc.createElementNS(addressingNamespace, "Address");
+ addressElement.setTextContent(appliesTo);
+
+ eprElement.appendChild(addressElement);
+ appliesToElement.appendChild(eprElement);
+
+ request.getAny().add(appliesToElement);
+ }
// OnBehalfOf
// User Authentication done with JWT or SAML?
http://git-wip-us.apache.org/repos/asf/cxf/blob/ddc0034a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index de6981c..e0ed538 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -58,6 +58,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
private static final String BEARER_KEYTYPE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+ private static final String DEFAULT_ADDRESS =
+ "https://localhost:8081/doubleit/services/doubleittransportsaml1";
static final String STSPORT = allocatePort(STSRESTServer.class);
@@ -267,6 +269,66 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testIssueSAML2TokenAppliesTo() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+ client.query("appliesTo", DEFAULT_ADDRESS);
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testIssueSAML2TokenUnknownAppliesTo() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+ client.query("appliesTo", "https://localhost:8081/tripleit/");
+
+ Response response = client.get();
+ try {
+ response.readEntity(Document.class);
+ fail("Failure expected on an unknown AppliesTo address");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
@org.junit.Ignore
public void testIssueJWTToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();