Author: sergeyb
Date: Mon Jul 11 13:28:24 2011
New Revision: 1145168
URL: http://svn.apache.org/viewvc?rev=1145168&view=rev
Log:
[CXF-3588] Some initial refactoring to do with generalizing deflate/inflate
handling and the way saml tokens can be created/validated
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
- copied, changed from r1144894,
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
- copied, changed from r1144965,
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
(with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
(with props)
Removed:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Copied:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
(from r1144894,
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java)
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java?p2=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java&p1=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java&r1=1144894&r2=1145168&rev=1145168&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlInRequestHandler.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
Mon Jul 11 13:28:24 2011
@@ -19,33 +19,24 @@
package org.apache.cxf.systest.jaxrs.security.saml;
-import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.Certificate;
-import java.util.List;
import java.util.Properties;
import java.util.logging.Logger;
-import java.util.zip.DataFormatException;
-import java.util.zip.Inflater;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.w3c.dom.Document;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
-import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
@@ -62,14 +53,10 @@ import org.apache.ws.security.validate.C
import org.apache.ws.security.validate.SamlAssertionValidator;
import org.apache.ws.security.validate.Validator;
-public class SamlInRequestHandler implements RequestHandler {
+public abstract class AbstractSamlInHandler implements RequestHandler {
private static final Logger LOG =
- LogUtils.getL7dLogger(SamlInRequestHandler.class);
- private static final String SAML_AUTH = "SAML";
-
- @Context
- private HttpHeaders headers;
+ LogUtils.getL7dLogger(AbstractSamlInHandler.class);
private Validator samlValidator = new SamlAssertionValidator();
@@ -77,32 +64,11 @@ public class SamlInRequestHandler implem
samlValidator = validator;
}
- public Response handleRequest(Message message, ClassResourceInfo
resourceClass) {
-
- List<String> values =
headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
- if (values == null || values.size() != 1 ||
!values.get(0).startsWith(SAML_AUTH)) {
- throwFault("Authorization header must be available and use SAML
profile", null);
- }
-
- String[] parts = values.get(0).split(" ");
- if (parts.length != 2) {
- throwFault("Authorization header is malformed", null);
- }
+ public void validateToken(Message message, InputStream tokenStream) {
Document doc = null;
try {
- byte[] deflatedToken = Base64Utility.decode(parts[1]);
- Inflater inflater = new Inflater();
- inflater.setInput(deflatedToken);
- byte[] input = new byte[4096];
- int length = inflater.inflate(input);
-
- ByteArrayInputStream bis = new ByteArrayInputStream(input, 0,
length);
- doc = DOMUtils.readXml(new InputStreamReader(bis, "UTF-8"));
- } catch (Base64Exception ex) {
- throwFault("Base64 decoding has failed", ex);
- } catch (DataFormatException ex) {
- throwFault("Encoded assertion can not be inflated", ex);
+ doc = DOMUtils.readXml(new InputStreamReader(tokenStream,
"UTF-8"));
} catch (Exception ex) {
throwFault("Assertion can not be read as XML document", ex);
}
@@ -140,18 +106,16 @@ public class SamlInRequestHandler implem
// return Response.status(401).build();
//}
if (!checkSenderVouches(assertion, tlsCerts)) {
- return Response.status(401).build();
+ throwFault("Sender vouchers claim fails", null);
}
}
} catch (Exception ex) {
throwFault("Assertion can not be validated", ex);
}
-
- return null;
}
- private void throwFault(String error, Exception ex) {
+ protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
LOG.warning(error);
@@ -241,4 +205,5 @@ public class SamlInRequestHandler implem
// }
// return true;
}
+
}
Copied:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
(from r1144965,
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java)
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java?p2=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java&p1=cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java&r1=1144965&r2=1145168&rev=1145168&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlOutInterceptor.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
Mon Jul 11 13:28:24 2011
@@ -23,21 +23,16 @@ import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
-import java.util.zip.Deflater;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.Bus;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
@@ -56,16 +51,17 @@ import org.apache.ws.security.components
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.SAMLParms;
-public class SamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
+public abstract class AbstractSamlOutInterceptor extends
AbstractPhaseInterceptor<Message> {
private static final Logger LOG =
- LogUtils.getL7dLogger(SamlOutInterceptor.class);
+ LogUtils.getL7dLogger(AbstractSamlOutInterceptor.class);
private static final String CRYPTO_CACHE = "ws-security.crypto.cache";
- public SamlOutInterceptor() {
+ protected AbstractSamlOutInterceptor() {
super(Phase.PRE_MARSHAL);
}
- public void handleMessage(Message message) throws Fault {
+
+ protected AssertionWrapper createAssertion(Message message) throws Fault {
SAMLParms samlParms = new SAMLParms();
samlParms.setCallbackHandler(new SamlCallbackHandler());
try {
@@ -89,7 +85,7 @@ public class SamlOutInterceptor extends
}
}
if (StringUtils.isEmpty(user)) {
- return;
+ return assertion;
}
CallbackHandler handler = getCallbackHandler(message);
@@ -100,30 +96,8 @@ public class SamlOutInterceptor extends
// TODO configure using a KeyValue here
assertion.signAssertion(user, password, crypto, false);
-
- String assertionValue = assertion.assertionToString();
-
- Deflater compresser = new Deflater();
- compresser.setInput(assertionValue.getBytes("UTF-8"));
- compresser.finish();
-
- byte[] output = new byte[4096];
- int compressedDataLength = compresser.deflate(output);
-
- StringWriter writer = new StringWriter();
- Base64Utility.encode(output, 0, compressedDataLength, writer);
-
- Map<String, List<String>> headers =
- CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
- if (headers == null) {
- headers = new HashMap<String, List<String>>();
- }
-
- StringBuilder builder = new StringBuilder();
- builder.append("SAML").append(" ").append(writer.toString());
- headers.put("Authorization",
-
CastUtils.cast(Collections.singletonList(builder.toString()), String.class));
}
+ return assertion;
} catch (Exception ex) {
StringWriter sw = new StringWriter();
ex.printStackTrace(new PrintWriter(sw));
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java?rev=1145168&r1=1145167&r2=1145168&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
Mon Jul 11 13:28:24 2011
@@ -45,7 +45,7 @@ public class BookServerSaml extends Abst
sf.setResourceClasses(BookStore.class);
- sf.setProvider(new SamlInRequestHandler());
+ sf.setProvider(new SamlHeaderInHandler());
sf.setResourceProvider(BookStore.class,
new SingletonResourceProvider(new BookStore(),
true));
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1145168&r1=1145167&r2=1145168&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Mon Jul 11 13:28:24 2011
@@ -63,7 +63,8 @@ public class JAXRSSamlTest extends Abstr
"org/apache/cxf/systest/jaxrs/security/alice.properties");
properties.put("ws-security.self-sign-saml-assertion", "true");
bean.setProperties(properties);
- bean.getOutInterceptors().add(new SamlOutInterceptor());
+ bean.getOutInterceptors().add(new SamlHeaderOutInterceptor());
+
WebClient wc = bean.createWebClient();
try {
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java?rev=1145168&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
Mon Jul 11 13:28:24 2011
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.saml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.SequenceInputStream;
+import java.util.List;
+import java.util.zip.DataFormatException;
+import java.util.zip.Inflater;
+
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.message.Message;
+
+public class SamlHeaderInHandler extends AbstractSamlInHandler {
+
+ private static final String SAML_AUTH = "SAML";
+
+ @Context
+ private HttpHeaders headers;
+
+ public Response handleRequest(Message message, ClassResourceInfo
resourceClass) {
+
+ List<String> values =
headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
+ if (values == null || values.size() != 1 ||
!values.get(0).startsWith(SAML_AUTH)) {
+ throwFault("Authorization header must be available and use SAML
profile", null);
+ }
+
+ String[] parts = values.get(0).split(" ");
+ if (parts.length != 2) {
+ throwFault("Authorization header is malformed", null);
+ }
+
+ try {
+ validateToken(message, decodeAndInflateToken(parts[1]));
+ } catch (Base64Exception ex) {
+ throwFault("Base64 decoding has failed", ex);
+ } catch (DataFormatException ex) {
+ throwFault("Encoded assertion can not be inflated", ex);
+ }
+ return null;
+ }
+
+
+ private InputStream decodeAndInflateToken(String encodedToken)
+ throws DataFormatException, Base64Exception {
+ byte[] deflatedToken = Base64Utility.decode(encodedToken);
+ Inflater inflater = new Inflater();
+ inflater.setInput(deflatedToken);
+
+ byte[] input = new byte[deflatedToken.length * 2];
+
+ int inflatedLen = 0;
+ int inputLen = 0;
+ byte[] inflatedToken = input;
+ while (!inflater.finished()) {
+ inputLen = inflater.inflate(input);
+ if (!inflater.finished()) {
+ inflatedToken = new byte[input.length + inflatedLen];
+ System.arraycopy(input, 0, inflatedToken, inflatedLen,
inputLen);
+ inflatedLen += inputLen;
+ }
+ }
+ InputStream is = new ByteArrayInputStream(input, 0, inputLen);
+ if (inflatedToken != input) {
+ is = new SequenceInputStream(new
ByteArrayInputStream(inflatedToken, 0, inflatedLen),
+ is);
+ }
+ return is;
+ }
+}
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderInHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java?rev=1145168&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
Mon Jul 11 13:28:24 2011
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.saml;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+import java.util.zip.Deflater;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+
+public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(SamlHeaderOutInterceptor.class);
+
+ public SamlHeaderOutInterceptor() {
+ }
+
+ public void handleMessage(Message message) throws Fault {
+ AssertionWrapper assertion = createAssertion(message);
+ try {
+ String encodedToken =
deflateAndEncodeToken(assertion.assertionToString());
+
+ Map<String, List<String>> headers =
+ CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
+ if (headers == null) {
+ headers = new HashMap<String, List<String>>();
+ }
+
+ StringBuilder builder = new StringBuilder();
+ builder.append("SAML").append(" ").append(encodedToken);
+ headers.put("Authorization",
+ CastUtils.cast(Collections.singletonList(builder.toString()),
String.class));
+
+ } catch (Exception ex) {
+ StringWriter sw = new StringWriter();
+ ex.printStackTrace(new PrintWriter(sw));
+ LOG.warning(sw.toString());
+ throw new Fault(new RuntimeException(ex.getMessage() + ",
stacktrace: " + sw.toString()));
+ }
+
+ }
+
+
+ private String deflateAndEncodeToken(String token) throws Base64Exception {
+ Deflater compresser = new Deflater();
+ byte[] tokenBytes = null;
+ try {
+ tokenBytes = token.getBytes("UTF-8");
+ compresser.setInput(tokenBytes);
+ } catch (UnsupportedEncodingException ex) {
+ // won't happen
+ }
+ compresser.finish();
+
+ byte[] output = new byte[tokenBytes.length];
+
+ int compressedDataLength = compresser.deflate(output);
+
+ StringWriter writer = new StringWriter();
+ Base64Utility.encode(output, 0, compressedDataLength, writer);
+ return writer.toString();
+ }
+
+}
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
