Author: coheigea
Date: Wed Sep 28 16:08:12 2011
New Revision: 1176938
URL: http://svn.apache.org/viewvc?rev=1176938&view=rev
Log:
Adding support for SAML realms when validating tokens.
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -18,6 +18,8 @@
*/
package org.apache.cxf.sts.token.validator;
+import java.util.HashMap;
+import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -29,6 +31,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
import org.apache.ws.security.SAMLTokenPrincipal;
import org.apache.ws.security.WSConstants;
@@ -52,6 +55,8 @@ public class SAMLTokenValidator implemen
private Validator validator = new SignatureTrustValidator();
+ private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
+
/**
* Set the WSS4J Validator instance to use to validate the token.
* @param validator the WSS4J Validator instance to use to validate the
token
@@ -65,6 +70,18 @@ public class SAMLTokenValidator implemen
* ReceivedToken argument.
*/
public boolean canHandleToken(ReceivedToken validateTarget) {
+ return canHandleToken(validateTarget, null);
+ }
+
+ /**
+ * Return true if this TokenValidator implementation is capable of
validating the
+ * ReceivedToken argument.
+ */
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+ if (realm != null && !realmMap.containsKey(realm)) {
+ return false;
+ }
+
Object token = validateTarget.getToken();
if (token instanceof Element) {
Element tokenElement = (Element)token;
@@ -88,7 +105,6 @@ public class SAMLTokenValidator implemen
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
- String issuer = stsProperties.getIssuer();
RequestData requestData = new RequestData();
requestData.setSigCrypto(sigCrypto);
@@ -123,13 +139,24 @@ public class SAMLTokenValidator implemen
validator.validate(trustCredential, requestData);
- // Finally check the issuer
+ // Finally check that the issuer is trusted
+ String trustedIssuer = null;
String assertionIssuer = assertion.getIssuerString();
-
- if (issuer.equals(assertionIssuer)) {
+ for (String realm : realmMap.keySet()) {
+ SAMLRealm samlRealm = realmMap.get(realm);
+ if (samlRealm.getIssuer().equals(assertionIssuer)) {
+ trustedIssuer = realm;
+ break;
+ }
+ }
+ if (trustedIssuer == null &&
assertionIssuer.equals(stsProperties.getIssuer())) {
+ trustedIssuer = stsProperties.getIssuer();
+ }
+ if (trustedIssuer != null) {
response.setValid(true);
SAMLTokenPrincipal samlPrincipal = new
SAMLTokenPrincipal(assertion);
response.setPrincipal(samlPrincipal);
+ response.setTokenRealm(trustedIssuer);
}
} catch (WSSecurityException ex) {
LOG.log(Level.WARNING, "", ex);
@@ -138,5 +165,20 @@ public class SAMLTokenValidator implemen
return response;
}
+ /**
+ * Set the map of realm->SAMLRealm for this token provider
+ * @param realms the map of realm->SAMLRealm for this token provider
+ */
+ public void setRealmMap(Map<String, SAMLRealm> realms) {
+ this.realmMap = realms;
+ }
+
+ /**
+ * Get the map of realm->SAMLRealm for this token provider
+ * @return the map of realm->SAMLRealm for this token provider
+ */
+ public Map<String, SAMLRealm> getRealmMap() {
+ return realmMap;
+ }
}
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
Wed Sep 28 16:08:12 2011
@@ -51,9 +51,17 @@ public class SCTValidator implements Tok
/**
* Return true if this TokenValidator implementation is capable of
validating the
- * ReceivedToken argument.
+ * ReceivedToken argument. The realm is ignored in this token Validator.
*/
public boolean canHandleToken(ReceivedToken validateTarget) {
+ return canHandleToken(validateTarget, null);
+ }
+
+ /**
+ * Return true if this TokenValidator implementation is capable of
validating the
+ * ReceivedToken argument. The realm is ignored in this token Validator.
+ */
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
Object token = validateTarget.getToken();
if (token instanceof Element) {
Element tokenElement = (Element)token;
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -30,6 +30,12 @@ public interface TokenValidator {
* ReceivedToken argument.
*/
boolean canHandleToken(ReceivedToken validateTarget);
+
+ /**
+ * Return true if this TokenValidator implementation is capable of
validating the
+ * ReceivedToken argument in the given realm.
+ */
+ boolean canHandleToken(ReceivedToken validateTarget, String realm);
/**
* Validate a Token using the given TokenValidatorParameters.
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorParameters.java
Wed Sep 28 16:08:12 2011
@@ -41,6 +41,7 @@ public class TokenValidatorParameters {
private KeyRequirements keyRequirements;
private TokenRequirements tokenRequirements;
private STSTokenStore tokenStore;
+ private String realm;
public STSTokenStore getTokenStore() {
return tokenStore;
@@ -90,4 +91,12 @@ public class TokenValidatorParameters {
return principal;
}
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
}
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/TokenValidatorResponse.java
Wed Sep 28 16:08:12 2011
@@ -29,6 +29,7 @@ public class TokenValidatorResponse {
private boolean valid;
private Principal principal;
private Map<String, Object> additionalProperties;
+ private String realm;
public void setValid(boolean valid) {
this.valid = valid;
@@ -54,4 +55,12 @@ public class TokenValidatorResponse {
return additionalProperties;
}
+ public void setTokenRealm(String tokenRealm) {
+ this.realm = tokenRealm;
+ }
+
+ public String getTokenRealm() {
+ return realm;
+ }
+
}
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -72,6 +72,14 @@ public class UsernameTokenValidator impl
* ReceivedToken argument.
*/
public boolean canHandleToken(ReceivedToken validateTarget) {
+ return canHandleToken(validateTarget, null);
+ }
+
+ /**
+ * Return true if this TokenValidator implementation is capable of
validating the
+ * ReceivedToken argument. The realm is ignored in this token Validator.
+ */
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
if (validateTarget.getToken() instanceof UsernameTokenType) {
return true;
}
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -73,6 +73,14 @@ public class X509TokenValidator implemen
* ReceivedToken argument.
*/
public boolean canHandleToken(ReceivedToken validateTarget) {
+ return canHandleToken(validateTarget, null);
+ }
+
+ /**
+ * Return true if this TokenValidator implementation is capable of
validating the
+ * ReceivedToken argument. The realm is ignored in this token Validator.
+ */
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
Object token = validateTarget.getToken();
if ((token instanceof BinarySecurityTokenType)
&&
X509_V3_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
Modified:
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java?rev=1176938&r1=1176937&r2=1176938&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/DummyTokenValidator.java
Wed Sep 28 16:08:12 2011
@@ -44,6 +44,9 @@ public class DummyTokenValidator impleme
return false;
}
+ public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+ return canHandleToken(validateTarget);
+ }
public TokenValidatorResponse validateToken(TokenValidatorParameters
tokenParameters) {
TokenRequirements tokenRequirements =
tokenParameters.getTokenRequirements();
