[2/6] cxf git commit: Adding AppliesTo support

Mon, 08 Feb 2016 08:40:55 -0800 

Adding AppliesTo support


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/01956cc9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/01956cc9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/01956cc9

Branch: refs/heads/3.1.x-fixes
Commit: 01956cc9af68f80d4f12018a3779c12f36d5308e
Parents: b60702d
Author: Colm O hEigeartaigh <[email protected]>
Authored: Mon Feb 8 11:58:36 2016 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Mon Feb 8 16:35:16 2016 +0000

----------------------------------------------------------------------
 .../cxf/sts/rest/RESTSecurityTokenService.java  |  5 +-
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 27 +++++++--
 .../cxf/systest/sts/rest/RESTUnitTest.java      | 62 ++++++++++++++++++++
 3 files changed, 87 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/01956cc9/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index a68194d..3014da3 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -62,7 +62,8 @@ public interface RESTSecurityTokenService {
         MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
     })
     Response getToken(@PathParam("tokenType") String tokenType, 
@QueryParam("keyType") String keyType,
-        @QueryParam("claim") List<String> requestedClaims);
+        @QueryParam("claim") List<String> requestedClaims,
+        @QueryParam("appliesTo") String appliesTo);
     
     @GET
     @Path("ws-trust/{tokenType}")
@@ -70,7 +71,7 @@ public interface RESTSecurityTokenService {
         MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
     })
     Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, 
@QueryParam("keyType") String keyType,
-        @QueryParam("claim") List<String> requestedClaims);
+        @QueryParam("claim") List<String> requestedClaims, 
@QueryParam("appliesTo") String appliesTo);
 
     @POST
     @Produces({

http://git-wip-us.apache.org/repos/asf/cxf/blob/01956cc9/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index ae454ab..181a05a 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -90,9 +90,9 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
     private boolean requestClaimsOptional = true;
 
     @Override
-    public Response getToken(String tokenType, String keyType, List<String> 
requestedClaims) {
+    public Response getToken(String tokenType, String keyType, List<String> 
requestedClaims, String appliesTo) {
         RequestSecurityTokenResponseType response = 
-            issueToken(tokenType, keyType, requestedClaims);
+            issueToken(tokenType, keyType, requestedClaims, appliesTo);
         
         RequestedSecurityTokenType requestedToken = 
getRequestedSecurityToken(response);
         
@@ -100,8 +100,8 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
     }
     
     @Override
-    public Response getTokenViaWSTrust(String tokenType, String keyType, 
List<String> requestedClaims) {
-        return getToken(tokenType, keyType, requestedClaims);
+    public Response getTokenViaWSTrust(String tokenType, String keyType, 
List<String> requestedClaims, String appliesTo) {
+        return getToken(tokenType, keyType, requestedClaims, appliesTo);
     }
     
     private RequestedSecurityTokenType 
getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
@@ -119,7 +119,8 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
     private RequestSecurityTokenResponseType issueToken(
         String tokenType,
         String keyType,
-        List<String> requestedClaims
+        List<String> requestedClaims,
+        String appliesTo
     ) {
         if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
             tokenType = tokenTypeMap.get(tokenType);
@@ -158,6 +159,22 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
             }
             request.getAny().add(claims);
         }
+        
+        if (appliesTo != null) {
+            String wspNamespace = "http://www.w3.org/ns/ws-policy";;
+            Document doc = DOMUtils.createDocument();
+            Element appliesToElement = doc.createElementNS(wspNamespace, 
"AppliesTo");
+            
+            String addressingNamespace = 
"http://www.w3.org/2005/08/addressing";;
+            Element eprElement = doc.createElementNS(addressingNamespace, 
"EndpointReference");
+            Element addressElement = doc.createElementNS(addressingNamespace, 
"Address");
+            addressElement.setTextContent(appliesTo);
+
+            eprElement.appendChild(addressElement);
+            appliesToElement.appendChild(eprElement);
+            
+            request.getAny().add(appliesToElement);
+        }
 
         // OnBehalfOf
         // User Authentication done with JWT or SAML?

http://git-wip-us.apache.org/repos/asf/cxf/blob/01956cc9/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index de6981c..e0ed538 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -58,6 +58,8 @@ public class RESTUnitTest extends 
AbstractBusClientServerTestBase {
         "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";;
     private static final String BEARER_KEYTYPE = 
         "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";;
+    private static final String DEFAULT_ADDRESS = 
+        "https://localhost:8081/doubleit/services/doubleittransportsaml1";;
     
     static final String STSPORT = allocatePort(STSRESTServer.class);
     
@@ -267,6 +269,66 @@ public class RESTUnitTest extends 
AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testIssueSAML2TokenAppliesTo() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:"; + STSPORT + 
"/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("saml2.0");
+        client.query("appliesTo", DEFAULT_ADDRESS);
+        
+        Response response = client.get();
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
+        
+        // Process the token
+        List<WSSecurityEngineResult> results = 
processToken(assertionDoc.getDocumentElement());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            
(SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == 
null);
+        assertTrue(assertion.isSigned());
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testIssueSAML2TokenUnknownAppliesTo() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:"; + STSPORT + 
"/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("saml2.0");
+        client.query("appliesTo", "https://localhost:8081/tripleit/";);
+        
+        Response response = client.get();
+        try {
+            response.readEntity(Document.class);
+            fail("Failure expected on an unknown AppliesTo address");
+        } catch (Exception ex) {
+            // expected
+        }
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     @org.junit.Ignore
     public void testIssueJWTToken() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();

Reply via email to