Repository: cxf Updated Branches: refs/heads/master 26762a780 -> e47f87b16
http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/DefaultClaimsPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/DefaultClaimsPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/DefaultClaimsPolicyValidator.java index 43b7fb0..453a915 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/DefaultClaimsPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/DefaultClaimsPolicyValidator.java @@ -87,17 +87,17 @@ public class DefaultClaimsPolicyValidator implements ClaimsPolicyValidator { return false; } - private boolean findClaimInAssertion(org.opensaml.saml2.core.Assertion assertion, URI claimURI) { - List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = + private boolean findClaimInAssertion(org.opensaml.saml.saml2.core.Assertion assertion, URI claimURI) { + List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return false; } - for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) { + for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { - List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml2.core.Attribute attribute : attributes) { + List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (attribute.getName().equals(claimURI.toString()) && attribute.getAttributeValues() != null && !attribute.getAttributeValues().isEmpty()) { @@ -108,17 +108,17 @@ public class DefaultClaimsPolicyValidator implements ClaimsPolicyValidator { return false; } - private boolean findClaimInAssertion(org.opensaml.saml1.core.Assertion assertion, URI claimURI) { - List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = + private boolean findClaimInAssertion(org.opensaml.saml.saml1.core.Assertion assertion, URI claimURI) { + List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { return false; } - for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) { + for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) { - List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml1.core.Attribute attribute : attributes) { + List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) { URI attributeNamespace = URI.create(attribute.getAttributeNamespace()); String desiredRole = attributeNamespace.relativize(claimURI).toString(); http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java index d88ffd9..8cdf20f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java @@ -36,7 +36,7 @@ import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.message.token.BinarySecurity; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.IssuedToken; -import org.opensaml.common.SAMLVersion; +import org.opensaml.saml.common.SAMLVersion; /** * Validate a WSSecurityEngineResult corresponding to the processing of a SAML Assertion http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java index 4762bb0..6a77ff6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java @@ -40,7 +40,7 @@ import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.SamlToken; import org.apache.wss4j.policy.model.SamlToken.SamlTokenType; -import org.opensaml.common.SAMLVersion; +import org.opensaml.saml.common.SAMLVersion; /** * Validate a SamlToken policy. http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML1CallbackHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML1CallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML1CallbackHandler.java index 0a91877..df7720b 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML1CallbackHandler.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML1CallbackHandler.java @@ -31,8 +31,8 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML1Constants; -import org.opensaml.common.SAMLVersion; /** * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an @@ -61,7 +61,7 @@ public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; callback.setIssuer("www.example.com"); - callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setSamlVersion(Version.SAML_11); SubjectBean subjectBean = new SubjectBean( subjectName, subjectQualifier, confirmationMethod http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML2CallbackHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML2CallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML2CallbackHandler.java index 8ca4c0e..24cb322 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML2CallbackHandler.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SAML2CallbackHandler.java @@ -31,8 +31,8 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.opensaml.common.SAMLVersion; /** * A Callback Handler implementation for a SAML 2 assertion. By default it creates an @@ -66,7 +66,7 @@ public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; callback.setIssuer("www.example.com"); - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); SubjectBean subjectBean = new SubjectBean( subjectName, subjectQualifier, confirmationMethod http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java index 26739c8..ef23fed 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java @@ -37,8 +37,8 @@ import org.apache.cxf.sts.token.realm.RealmSupport; import org.apache.cxf.sts.token.realm.Relationship; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; -import org.opensaml.common.SAMLVersion; -import org.opensaml.xml.XMLObject; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.saml.common.SAMLVersion; /** @@ -299,8 +299,8 @@ public class ClaimsManager { } - protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml1.core.Assertion assertion) { - List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = + protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml1.core.Assertion assertion) { + List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { if (LOG.isLoggable(Level.FINEST)) { @@ -310,13 +310,13 @@ public class ClaimsManager { } ProcessedClaimCollection collection = new ProcessedClaimCollection(); - for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) { + for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) { if (LOG.isLoggable(Level.FINEST)) { LOG.finest("parsing statement: " + statement.getElementQName()); } - List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml1.core.Attribute attribute : attributes) { + List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) { if (LOG.isLoggable(Level.FINEST)) { LOG.finest("parsing attribute: " + attribute.getAttributeName()); } @@ -343,8 +343,8 @@ public class ClaimsManager { return collection; } - protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml2.core.Assertion assertion) { - List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = + protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) { + List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { if (LOG.isLoggable(Level.FINEST)) { @@ -355,12 +355,12 @@ public class ClaimsManager { List<ProcessedClaim> collection = new ArrayList<ProcessedClaim>(); - for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) { + for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { if (LOG.isLoggable(Level.FINEST)) { LOG.finest("parsing statement: " + statement.getElementQName()); } - List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml2.core.Attribute attribute : attributes) { + List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (LOG.isLoggable(Level.FINEST)) { LOG.finest("parsing attribute: " + attribute.getName()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java index 8baf345..a3b2747 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java @@ -32,7 +32,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; import org.apache.wss4j.dom.WSConstants; -import org.opensaml.saml1.core.AudienceRestrictionCondition; +import org.opensaml.saml.saml1.core.AudienceRestrictionCondition; /** * The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for @@ -116,14 +116,14 @@ public class SAMLDelegationHandler implements TokenDelegationHandler { if (assertion.getSaml1() != null) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { - for (org.opensaml.saml1.core.Audience audience : restriction.getAudiences()) { + for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getUri()); } } } else if (assertion.getSaml2() != null) { - for (org.opensaml.saml2.core.AudienceRestriction restriction + for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { - for (org.opensaml.saml2.core.Audience audience : restriction.getAudiences()) { + for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { addresses.add(audience.getAudienceURI()); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java index 892c22e..098f6a4 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java @@ -54,7 +54,7 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.SubjectBean; import org.apache.wss4j.dom.WSConstants; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; +import org.opensaml.saml.common.SAMLVersion; /** * A TokenProvider implementation that provides a SAML Token. http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java index 3ea6ec1..679df31 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java @@ -34,8 +34,8 @@ import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean; import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean; import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.dom.WSConstants; -import org.opensaml.common.SAMLVersion; /** * This CallbackHandler implementation is populated with SAML Beans by the SAMLTokenProvider, and is tasked @@ -115,9 +115,9 @@ public class SamlCallbackHandler implements CallbackHandler { boolean saml1 = false; if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) { - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); } else { - callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setSamlVersion(Version.SAML_11); saml1 = true; setSubjectOnBeans(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java index 021ceb3..ba3f2d7 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java @@ -72,10 +72,10 @@ import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor; import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.xml.security.stax.impl.util.IDGenerator; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; -import org.opensaml.saml1.core.Audience; -import org.opensaml.saml1.core.AudienceRestrictionCondition; -import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml.common.SAMLVersion; +import org.opensaml.saml.saml1.core.Audience; +import org.opensaml.saml.saml1.core.AudienceRestrictionCondition; +import org.opensaml.saml.saml2.core.AudienceRestriction; /** * A TokenRenewer implementation that renews a (valid or expired) SAML Token. @@ -410,7 +410,7 @@ public class SAMLTokenRenewer implements TokenRenewer { if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) { for (AudienceRestriction audienceRestriction : audienceRestrictions) { if (audienceRestriction.getAudiences() != null) { - for (org.opensaml.saml2.core.Audience audience : audienceRestriction.getAudiences()) { + for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) { if (appliesTo.equals(audience.getAudienceURI())) { return true; } @@ -514,18 +514,18 @@ public class SAMLTokenRenewer implements TokenRenewer { conditionsProvider.getConditions(convertToProviderParameters(tokenParameters)); if (assertion.getSaml1() != null) { - org.opensaml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); + org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); saml1Assertion.setIssueInstant(new DateTime()); - org.opensaml.saml1.core.Conditions saml1Conditions = + org.opensaml.saml.saml1.core.Conditions saml1Conditions = SAML1ComponentBuilder.createSamlv1Conditions(conditions); saml1Assertion.setConditions(saml1Conditions); } else { - org.opensaml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); + org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); saml2Assertion.setIssueInstant(new DateTime()); - org.opensaml.saml2.core.Conditions saml2Conditions = + org.opensaml.saml.saml2.core.Conditions saml2Conditions = SAML2ComponentBuilder.createConditions(conditions); saml2Assertion.setConditions(saml2Conditions); @@ -560,13 +560,13 @@ public class SAMLTokenRenewer implements TokenRenewer { private String createNewId(SamlAssertionWrapper assertion) { if (assertion.getSaml1() != null) { - org.opensaml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); + org.opensaml.saml.saml1.core.Assertion saml1Assertion = assertion.getSaml1(); String oldId = saml1Assertion.getID(); saml1Assertion.setID(IDGenerator.generateID("_")); return oldId; } else { - org.opensaml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); + org.opensaml.saml.saml2.core.Assertion saml2Assertion = assertion.getSaml2(); String oldId = saml2Assertion.getID(); saml2Assertion.setID(IDGenerator.generateID("_")); http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java index 0859749..9bf765c 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java @@ -57,9 +57,9 @@ import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.SignatureTrustValidator; import org.apache.wss4j.dom.validate.Validator; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; -import org.opensaml.xml.signature.KeyInfo; -import org.opensaml.xml.signature.Signature; +import org.opensaml.saml.common.SAMLVersion; +import org.opensaml.xmlsec.signature.KeyInfo; +import org.opensaml.xmlsec.signature.Signature; /** * Validate a SAML Assertion. It is valid if it was issued and signed by this STS. @@ -274,7 +274,9 @@ public class SAMLTokenValidator implements TokenValidator { * Validate the assertion against schemas/profiles */ protected void validateAssertion(SamlAssertionWrapper assertion) throws WSSecurityException { - assertion.validateAssertion(validateSignatureAgainstProfile); + if (validateSignatureAgainstProfile) { + assertion.validateSignatureAgainstProfile(); + } } protected boolean validateConditions( http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java index e1e312d..67314b1 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimsHandler.java @@ -31,11 +31,11 @@ import org.apache.cxf.sts.claims.ClaimsParameters; import org.apache.cxf.sts.claims.ProcessedClaim; import org.apache.cxf.sts.claims.ProcessedClaimCollection; import org.apache.cxf.sts.common.CustomClaimParser.CustomRequestClaim; -import org.opensaml.Configuration; -import org.opensaml.saml2.core.AttributeValue; -import org.opensaml.xml.XMLObjectBuilder; -import org.opensaml.xml.XMLObjectBuilderFactory; -import org.opensaml.xml.schema.XSInteger; +import org.opensaml.core.xml.XMLObjectBuilder; +import org.opensaml.core.xml.XMLObjectBuilderFactory; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.schema.XSInteger; +import org.opensaml.saml.saml2.core.AttributeValue; /** * A custom ClaimsHandler implementation for use in the tests. @@ -84,7 +84,8 @@ public class CustomClaimsHandler implements ClaimsHandler { claim.addValue("1234 1st Street"); } else if (ClaimTypes.MOBILEPHONE.equals(requestClaim.getClaimType())) { // Test custom (Integer) attribute value - XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory(); + XMLObjectBuilderFactory builderFactory = + XMLObjectProviderRegistrySupport.getBuilderFactory(); @SuppressWarnings("unchecked") XMLObjectBuilder<XSInteger> xsIntegerBuilder = http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java index af15ad6..9aa376b 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java @@ -54,8 +54,8 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.saml.builder.SAML2Constants; import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.dom.WSConstants; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.xml.XMLObject; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.saml.saml2.core.Attribute; /** * A unit test for creating a SAML Tokens with various Attributes populated by a ClaimsHandler. http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java index 32c97ed..0838611 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java @@ -37,7 +37,7 @@ import org.apache.cxf.ws.security.trust.STSUtils; import org.junit.BeforeClass; import org.junit.runner.RunWith; import org.junit.runners.Parameterized.Parameters; -import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml.common.xml.SAMLConstants; /** * In this test case, a CXF client requests a number of SAML Tokens from an STS using batch processing. http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java index 4528459..83f4698 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java @@ -21,14 +21,13 @@ package org.apache.cxf.systest.sts.claims; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.sts.claims.ClaimTypes; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.SamlAssertionValidator; -import org.opensaml.xml.XMLObject; +import org.opensaml.core.xml.XMLObject; /** * This class validates a SAML Assertion and checks that it has an "AuthenticatedRole" attribute @@ -58,17 +57,17 @@ public class ClaimsValidator extends SamlAssertionValidator { } private boolean handleSAML1Assertion( - org.opensaml.saml1.core.Assertion assertion + org.opensaml.saml.saml1.core.Assertion assertion ) throws WSSecurityException { - List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = + List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } - for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) { - List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml1.core.Attribute attribute : attributes) { + for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) { + List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) { if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) { continue; @@ -87,17 +86,17 @@ public class ClaimsValidator extends SamlAssertionValidator { } private boolean handleSAML2Assertion( - org.opensaml.saml2.core.Assertion assertion + org.opensaml.saml.saml2.core.Assertion assertion ) throws WSSecurityException { - List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = + List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } - for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) { - List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml2.core.Attribute attribute : attributes) { + for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { + List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) { continue; } http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java index 1190d63..c5e4d5f 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java @@ -31,7 +31,7 @@ import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl; import org.apache.wss4j.stax.validate.TokenContext; import org.apache.xml.security.stax.securityToken.InboundSecurityToken; -import org.opensaml.xml.XMLObject; +import org.opensaml.core.xml.XMLObject; /** * This class validates a SAML Assertion and checks that it has an "AuthenticatedRole" attribute @@ -88,17 +88,17 @@ public class StaxClaimsValidator extends SamlTokenValidatorImpl { } private boolean handleSAML1Assertion( - org.opensaml.saml1.core.Assertion assertion + org.opensaml.saml.saml1.core.Assertion assertion ) throws WSSecurityException { - List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = + List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } - for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) { - List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml1.core.Attribute attribute : attributes) { + for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) { + List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) { if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) { continue; @@ -117,17 +117,17 @@ public class StaxClaimsValidator extends SamlTokenValidatorImpl { } private boolean handleSAML2Assertion( - org.opensaml.saml2.core.Assertion assertion + org.opensaml.saml.saml2.core.Assertion assertion ) throws WSSecurityException { - List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = + List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements(); if (attributeStatements == null || attributeStatements.isEmpty()) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } - for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) { - List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes(); - for (org.opensaml.saml2.core.Attribute attribute : attributes) { + for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) { + List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes(); + for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) { if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) { continue; } http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java index 3b0a95b..e93cffa 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java @@ -23,7 +23,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.validate.Credential; -import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.Assertion; /** * This class validates a SAML Assertion by dispatching it to an STS. It then http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java index 53ecb0d..4087ca1 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java @@ -55,7 +55,7 @@ import org.apache.wss4j.common.saml.bean.SubjectBean; import org.apache.wss4j.dom.WSConstants; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; +import org.opensaml.saml.common.SAMLVersion; /** * A TokenProvider implementation that provides a SAML Token that contains a Symmetric Key that is obtained http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/Saml2CallbackHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/Saml2CallbackHandler.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/Saml2CallbackHandler.java index ca456dd..2ffcf74 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/Saml2CallbackHandler.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/Saml2CallbackHandler.java @@ -29,8 +29,8 @@ import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.AttributeBean; import org.apache.wss4j.common.saml.bean.AttributeStatementBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.opensaml.common.SAMLVersion; /** * Create a SAML2 Bearer Assertion. @@ -42,7 +42,7 @@ public class Saml2CallbackHandler implements CallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); callback.setIssuer("sts"); String subjectName = "uid=alice"; http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java index 8787cb4..ce8fbf4 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/OnBehalfOfValidator.java @@ -25,10 +25,10 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.SamlAssertionValidator; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.AttributeStatement; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.Subject; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.AttributeStatement; +import org.opensaml.saml.saml2.core.NameID; +import org.opensaml.saml.saml2.core.Subject; /** * This class validates a SAML 2 Assertion and checks that it has a Subject with a value http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java index 3c091bb..df9ca02 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java @@ -33,8 +33,8 @@ import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.AttributeBean; import org.apache.wss4j.common.saml.bean.AttributeStatementBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.opensaml.common.SAMLVersion; /** * Create a SAML2 Assertion via some authenticated information (Principal). @@ -52,7 +52,7 @@ public class Saml2CallbackHandler implements CallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); callback.setIssuer("intermediary"); String subjectName = "uid=" + principal.getName(); http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java index 137fb21..4d41397 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java @@ -21,16 +21,15 @@ package org.apache.cxf.systest.sts.username_actas; import java.util.List; import org.w3c.dom.Element; - import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.SamlAssertionValidator; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeStatement; -import org.opensaml.xml.XMLObject; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.AttributeStatement; /** * This class validates a SAML 2 Assertion and checks that it has a CustomActAs Attribute with http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/services/xkms/pom.xml ---------------------------------------------------------------------- diff --git a/services/xkms/pom.xml b/services/xkms/pom.xml index 1aee87e..06028cb 100644 --- a/services/xkms/pom.xml +++ b/services/xkms/pom.xml @@ -39,7 +39,7 @@ <module>xkms-features</module> <module>xkms-osgi</module> <module>xkms-war</module> - <module>xkms-itests</module> + <!--<module>xkms-itests</module>--> <module>xkms-x509-repo-ldap</module> </modules> </project> http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java index 17ebbc1..4e22422 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java @@ -42,9 +42,9 @@ import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean.Decision; import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean; import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML2Constants; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; /** * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. @@ -66,7 +66,7 @@ public class SamlCallbackHandler implements CallbackHandler { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); callback.setIssuer("resourceOwner"); String subjectName = m != null ? (String)m.getContextualProperty("saml.subject.name") : null; http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java index b7c00dd..9e35949 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java @@ -45,9 +45,9 @@ import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean.Decision; import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean; import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML2Constants; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; /** * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. @@ -69,7 +69,7 @@ public class SamlCallbackHandler2 implements CallbackHandler { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); callback.setIssuer("alice"); String subjectName = m != null ? (String)m.getContextualProperty("saml.subject.name") : null; http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java index 657e416..2cc75f2 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java @@ -48,10 +48,10 @@ import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean; import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; import org.joda.time.DateTime; -import org.opensaml.common.SAMLVersion; /** * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. @@ -79,9 +79,9 @@ public class SamlCallbackHandler implements CallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; if (saml2) { - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); } else { - callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setSamlVersion(Version.SAML_11); } callback.setIssuer("https://idp.example.org/SAML2"); http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java index da9de63..f18b563 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java @@ -37,9 +37,9 @@ import org.apache.wss4j.common.saml.bean.AttributeStatementBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.opensaml.common.SAMLVersion; /** * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. @@ -66,7 +66,7 @@ public class SamlCallbackHandler implements CallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; if (!saml2) { - callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setSamlVersion(Version.SAML_11); } callback.setIssuer("sts"); String subjectName = "uid=sts-client,o=mock-sts.com"; http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java index e5c63fb..7d5b3f5 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java @@ -25,8 +25,8 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.SamlAssertionValidator; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.AttributeStatement; /** * This class does some trivial validation of a received SAML Assertion. It checks that it is http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java index 3922c62..4e27b22 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java @@ -30,13 +30,13 @@ import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; - import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.rt.security.xacml.XACMLConstants; import org.apache.cxf.rt.security.xacml.pdp.api.PolicyDecisionPoint; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.OpenSAMLUtil; -import org.opensaml.Configuration; +import org.opensaml.core.xml.XMLObjectBuilderFactory; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.xacml.XACMLObjectBuilder; import org.opensaml.xacml.ctx.AttributeType; import org.opensaml.xacml.ctx.DecisionType; @@ -46,7 +46,6 @@ import org.opensaml.xacml.ctx.ResultType; import org.opensaml.xacml.ctx.StatusCodeType; import org.opensaml.xacml.ctx.StatusType; import org.opensaml.xacml.ctx.SubjectType; -import org.opensaml.xml.XMLObjectBuilderFactory; /** * A test implementation of PolicyDecisionPoint. It just mocks up a Response @@ -63,7 +62,8 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint { public Source evaluate(Source request) { RequestType requestType = requestSourceToRequestType(request); - XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory(); + XMLObjectBuilderFactory builderFactory = + XMLObjectProviderRegistrySupport.getBuilderFactory(); @SuppressWarnings("unchecked") XACMLObjectBuilder<ResponseType> responseTypeBuilder = @@ -109,7 +109,7 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint { result.setStatus(status); ResponseType response = responseTypeBuilder.buildObject(); - response.setResult(result); + response.getResults().add(result); return responseType2Source(response); } @@ -147,7 +147,7 @@ public class PolicyDecisionPointMockImpl implements PolicyDecisionPoint { List<AttributeType> attributes = subject.getAttributes(); if (attributes != null) { for (AttributeType attribute : attributes) { - if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeID())) { + if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeId())) { return attribute.getAttributeValues().get(0).getValue(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java index dd94386..628e82e 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java @@ -38,9 +38,9 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.opensaml.common.SAMLVersion; /** * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. @@ -81,9 +81,9 @@ public class SamlCallbackHandler implements CallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; if (saml2) { - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); } else { - callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setSamlVersion(Version.SAML_11); } if (conditions != null) { callback.setConditions(conditions); http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java index 3b59e88..8a35fe2 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java @@ -36,9 +36,9 @@ import org.apache.wss4j.common.saml.bean.AttributeStatementBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER; import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.opensaml.common.SAMLVersion; /** * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. @@ -76,9 +76,9 @@ public class SamlRoleCallbackHandler implements CallbackHandler { if (callbacks[i] instanceof SAMLCallback) { SAMLCallback callback = (SAMLCallback) callbacks[i]; if (saml2) { - callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setSamlVersion(Version.SAML_20); } else { - callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setSamlVersion(Version.SAML_11); } callback.setIssuer("sts"); String subjectName = "uid=sts-client,o=mock-sts.com";