Author: coheigea
Date: Wed May 16 15:50:48 2012
New Revision: 1339239
URL: http://svn.apache.org/viewvc?rev=1339239&view=rev
Log:
Adding an interface and default implementation to create AuthnRequests for SAML
SSO
Added:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java?rev=1339239&r1=1339238&r2=1339239&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
Wed May 16 15:50:48 2012
@@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.saml.
import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
-import java.util.Collections;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.UUID;
@@ -48,14 +47,8 @@ import org.apache.cxf.rs.security.saml.s
import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.apache.ws.security.util.DOM2Writer;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.xml.io.MarshallingException;
public abstract class AbstractServiceProviderFilter extends
AbstractSSOSpHandler
implements RequestHandler {
@@ -69,6 +62,11 @@ public abstract class AbstractServicePro
private String issuerId;
private String assertionConsumerServiceAddress;
private String webAppDomain;
+ private AuthnRequestBuilder authnRequestBuilder = new
DefaultAuthnRequestBuilder();
+
+ public void setAuthnRequestBuilder(AuthnRequestBuilder
authnRequestBuilder) {
+ this.authnRequestBuilder = authnRequestBuilder;
+ }
public void setAssertionConsumerServiceAddress(
String assertionConsumerServiceAddress) {
@@ -130,40 +128,8 @@ public abstract class AbstractServicePro
return true;
}
- protected AuthnRequest createAuthnRequest(Message m, Document doc) throws
Exception {
- Issuer issuer =
- SamlpRequestComponentBuilder.createIssuer(getIssuerId(m));
- NameIDPolicy nameIDPolicy =
- SamlpRequestComponentBuilder.createNameIDPolicy(
- true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
getIssuerId(m)
- );
-
- AuthnContextClassRef authnCtxClassRef =
- SamlpRequestComponentBuilder.createAuthnCtxClassRef(
-
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
- );
- RequestedAuthnContext authnCtx =
- SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
- AuthnContextComparisonTypeEnumeration.EXACT,
- Collections.singletonList(authnCtxClassRef), null
- );
-
- //CHECKSTYLE:OFF
- return SamlpRequestComponentBuilder.createAuthnRequest(
- getAbsoluteAssertionServiceAddress(m),
- false,
- false,
- "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
- SAMLVersion.VERSION_20,
- issuer,
- nameIDPolicy,
- authnCtx
- );
- //CHECKSTYLE:ON
- }
-
protected String encodeAuthnRequest(Element authnRequestElement)
- throws MarshallingException, IOException {
+ throws IOException {
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
@@ -177,7 +143,11 @@ public abstract class AbstractServicePro
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
- AuthnRequest authnRequest = createAuthnRequest(m, doc);
+ // Create the AuthnRequest
+ AuthnRequest authnRequest =
+ authnRequestBuilder.createAuthnRequest(
+ m, getIssuerId(m), getAbsoluteAssertionServiceAddress(m)
+ );
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
Added:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java?rev=1339239&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
(added)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
Wed May 16 15:50:48 2012
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.sso;
+
+import org.apache.cxf.message.Message;
+import org.opensaml.saml2.core.AuthnRequest;
+
+/**
+ * This interface defines a method to create a SAML 2.0 Protocol AuthnRequest.
+ */
+public interface AuthnRequestBuilder {
+
+ /**
+ * Create a SAML 2.0 Protocol AuthnRequest
+ */
+ AuthnRequest createAuthnRequest(
+ Message message,
+ String issuerId,
+ String assertionConsumerServiceAddress
+ ) throws Exception;
+}
Added:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java?rev=1339239&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
(added)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
Wed May 16 15:50:48 2012
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.sso;
+
+import java.util.Collections;
+
+import org.apache.cxf.message.Message;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+
+/**
+ * A default implementation of the AuthnRequestBuilder interface to create a
SAML 2.0
+ * Protocol AuthnRequest.
+ */
+public class DefaultAuthnRequestBuilder implements AuthnRequestBuilder {
+
+ private boolean forceAuthn;
+ private boolean isPassive;
+ private String protocolBinding =
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+
+ /**
+ * Create a SAML 2.0 Protocol AuthnRequest
+ */
+ public AuthnRequest createAuthnRequest(
+ Message message,
+ String issuerId,
+ String assertionConsumerServiceAddress
+ ) throws Exception {
+ Issuer issuer =
+ SamlpRequestComponentBuilder.createIssuer(issuerId);
+
+ NameIDPolicy nameIDPolicy =
+ SamlpRequestComponentBuilder.createNameIDPolicy(
+ true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
issuerId
+ );
+
+ AuthnContextClassRef authnCtxClassRef =
+ SamlpRequestComponentBuilder.createAuthnCtxClassRef(
+
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+ );
+ RequestedAuthnContext authnCtx =
+ SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
+ AuthnContextComparisonTypeEnumeration.EXACT,
+ Collections.singletonList(authnCtxClassRef), null
+ );
+
+ //CHECKSTYLE:OFF
+ return SamlpRequestComponentBuilder.createAuthnRequest(
+ assertionConsumerServiceAddress,
+ forceAuthn,
+ isPassive,
+ protocolBinding,
+ SAMLVersion.VERSION_20,
+ issuer,
+ nameIDPolicy,
+ authnCtx
+ );
+
+ }
+
+ public boolean isForceAuthn() {
+ return forceAuthn;
+ }
+
+ public void setForceAuthn(boolean forceAuthn) {
+ this.forceAuthn = forceAuthn;
+ }
+
+ public boolean isPassive() {
+ return isPassive;
+ }
+
+ public void setPassive(boolean isPassive) {
+ this.isPassive = isPassive;
+ }
+
+ public String getProtocolBinding() {
+ return protocolBinding;
+ }
+
+ public void setProtocolBinding(String protocolBinding) {
+ this.protocolBinding = protocolBinding;
+ }
+
+}
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java?rev=1339239&r1=1339238&r2=1339239&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
Wed May 16 15:50:48 2012
@@ -27,6 +27,8 @@ import javax.xml.parsers.DocumentBuilder
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.AuthnContextClassRef;
@@ -37,7 +39,7 @@ import org.opensaml.saml2.core.NameIDPol
import org.opensaml.saml2.core.RequestedAuthnContext;
/**
- * Some unit tests for the SamlpRequestComponentBuilder.
+ * Some unit tests for the SamlpRequestComponentBuilder and AuthnRequestBuilder
*/
public class AuthnRequestBuilderTest extends org.junit.Assert {
@@ -53,7 +55,7 @@ public class AuthnRequestBuilderTest ext
Document doc = docBuilder.newDocument();
Issuer issuer =
-
SamlpRequestComponentBuilder.createIssuer("http://localhost:8888/saml2-demo/simple";);
+
SamlpRequestComponentBuilder.createIssuer("http://localhost:9001/app";);
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"Issuer"
@@ -71,7 +73,7 @@ public class AuthnRequestBuilderTest ext
AuthnRequest authnRequest =
SamlpRequestComponentBuilder.createAuthnRequest(
- "http://localhost:8888/saml2-demo/simple";, false, false,
+ "http://localhost:9001/sso";, false, false,
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
SAMLVersion.VERSION_20,
issuer, nameIDPolicy, authnCtx
);
@@ -82,5 +84,24 @@ public class AuthnRequestBuilderTest ext
assertNotNull(policyElement);
}
+ @org.junit.Test
+ public void testAuthnRequestBuilder() throws Exception {
+ DocumentBuilderFactory docBuilderFactory =
DocumentBuilderFactory.newInstance();
+ docBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+ Document doc = docBuilder.newDocument();
+
+ AuthnRequestBuilder authnRequestBuilder = new
DefaultAuthnRequestBuilder();
+ Message message = new MessageImpl();
+
+ AuthnRequest authnRequest =
+ authnRequestBuilder.createAuthnRequest(
+ message, "http://localhost:9001/app";,
"http://localhost:9001/sso";
+ );
+ Element policyElement = OpenSAMLUtil.toDom(authnRequest, doc);
+ doc.appendChild(policyElement);
+ // String outputString = DOM2Writer.nodeToString(policyElement);
+ assertNotNull(policyElement);
+ }
}
