Author: owulff
Date: Tue Jun 5 10:56:56 2012
New Revision: 1346338
URL: http://svn.apache.org/viewvc?rev=1346338&view=rev
Log:
CustomTokenValidator support added
Added:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
Tue Jun 5 10:56:56 2012
@@ -46,9 +46,30 @@ public class FederationProtocol extends
public FederationProtocol(ProtocolType protocolType) {
super(protocolType);
- // [TODO] Flexible tokenvalidator selection, based on class list
+
+ FederationProtocolType fp = (FederationProtocolType)protocolType;
+ if (fp.getTokenValidators() != null &&
fp.getTokenValidators().getValidator() != null) {
+ for (String validatorClassname :
fp.getTokenValidators().getValidator()) {
+ Object obj = null;
+ try {
+ obj =
Thread.currentThread().getContextClassLoader().loadClass(validatorClassname).newInstance();
+ } catch (Exception ex) {
+ LOG.error("Failed to instantiate TokenValidator
implementation class: '"
+ + validatorClassname + "'", ex);
+ }
+ if (obj instanceof TokenValidator) {
+ validators.add((TokenValidator)obj);
+ } else if (obj != null) {
+ LOG.error("Invalid TokenValidator implementation class: '"
+ validatorClassname + "'");
+ }
+ }
+ }
+
+ // add SAMLTokenValidator as the last one
+ // Fediz chooses the first validator in the list if its
+ // canHandleToken or canHandleTokenType method return true
SAMLTokenValidator validator = new SAMLTokenValidator();
- validators.add(validator);
+ validators.add(validators.size(), validator);
}
protected FederationProtocolType getFederationProtocol() {
Modified:
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue
Jun 5 10:56:56 2012
@@ -99,9 +99,7 @@
<xs:element ref="reply" />
<xs:element ref="request" />
<xs:element ref="claimTypesRequested" />
- <xs:sequence minOccurs="1"
maxOccurs="unbounded">
<xs:element ref="tokenValidators" />
- </xs:sequence>
</xs:sequence>
<!-- <xs:attribute name="roleDelimiter"
type="xs:string"/> -->
<!--<xs:attribute name="roleURI" use="required"
type="xs:string"/> -->
@@ -158,7 +156,13 @@
</xs:complexType>
</xs:element>
- <xs:element name="tokenValidators" type="xs:string" />
+ <xs:element name="tokenValidators">
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element name="validator" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
<xs:simpleType name="optionalType">
<xs:restriction base="xs:boolean" />
Added:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java?rev=1346338&view=auto
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
(added)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java
Tue Jun 5 10:56:56 2012
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.config.FederationContext;
+
+
+public class CustomValidator implements TokenValidator {
+
+ @Override
+ public boolean canHandleTokenType(String tokenType) {
+ return true;
+ }
+
+ @Override
+ public boolean canHandleToken(Element token) {
+ return true;
+ }
+
+ @Override
+ public TokenValidatorResponse validateAndProcessToken(Element token,
FederationContext config) {
+ return new TokenValidatorResponse(null,
+ FederationProcessorTest.TEST_USER,
+
FederationProcessorTest.TEST_RSTR_ISSUER,
+ null,
+ null,
+
FederationProcessorTest.TEST_AUDIENCE);
+ }
+
+}
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
Tue Jun 5 10:56:56 2012
@@ -23,6 +23,7 @@ import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
+import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -56,9 +57,9 @@ import org.junit.BeforeClass;
import static org.junit.Assert.fail;
public class FederationProcessorTest {
- private static final String TEST_USER = "alice";
- private static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
- private static final String TEST_AUDIENCE =
"https://localhost/fedizhelloworld";;
+ static final String TEST_USER = "alice";
+ static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
+ static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";;
private static final String CONFIG_FILE = "fediz_test_config.xml";
@@ -463,6 +464,46 @@ public class FederationProcessorTest {
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
.size());
}
+
+ /**
+ * "Validate" SAML 2 token with a custom token validator
+ * If a validator is configured it precedes the SAMLTokenValidator as part
of Fediz
+ */
+ @org.junit.Test
+ public void validateSAML2TokenCustomValidator() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+ callbackHandler.setSubjectName(TEST_USER);
+ ConditionsBean cp = new ConditionsBean();
+ cp.setAudienceURI(TEST_AUDIENCE);
+ callbackHandler.setConditions(cp);
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ String rstr = createSamlToken(assertion, "mystskey");
+
+ FederationRequest wfReq = new FederationRequest();
+ wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+ wfReq.setWresult(rstr);
+
+ configurator = null;
+ FederationContext config =
getFederationConfigurator().getFederationContext("CUSTTOK");
+ FederationProtocol fp = (FederationProtocol)config.getProtocol();
+ List<TokenValidator> validators = fp.getTokenValidators();
+ Assert.assertEquals("Two validators must be found", 2,
validators.size());
+ Assert.assertEquals("First validator must be custom validator",
+ CustomValidator.class.getName(),
validators.get(0).getClass().getName());
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+
+ Assert.assertEquals("Principal name wrong", TEST_USER,
+ wfRes.getUsername());
+ Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER,
wfRes.getIssuer());
+ }
private String createSamlToken(AssertionWrapper assertion, String alias)
throws IOException,
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Tue Jun 5 10:56:56 2012
@@ -40,6 +40,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
+import org.apache.cxf.fediz.core.config.jaxb.TokenValidators;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
@@ -73,6 +74,7 @@ public class FedizConfigurationWriterTes
private static final String AUTH_TYPE_VALUE = "some auth type";
private static final String CLAIM_TYPE_1 = "a particular claim type";
+ private static final String CLAIM_TYPE_2 = "another claim type";
private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
@@ -131,6 +133,10 @@ public class FedizConfigurationWriterTes
claimType.setOptional(true);
claimType.setType(CLAIM_TYPE_1);
claimTypeReq.getClaimType().add(claimType);
+ ClaimType claimType2 = new ClaimType();
+ claimType2.setOptional(true);
+ claimType2.setType(CLAIM_TYPE_2);
+ claimTypeReq.getClaimType().add(claimType2);
protocol.setClaimTypesRequested(claimTypeReq);
@@ -149,6 +155,11 @@ public class FedizConfigurationWriterTes
CallbackType issuer = new CallbackType();
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
+
+ TokenValidators x = new TokenValidators();
+ x.getValidator().add("org.apache.cxf.fediz.CustomValidator");
+ x.getValidator().add("org.apache.cxf.fediz.CustomValidator2");
+ protocol.setTokenValidators(x);
return rootConfig;
Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1346338&r1=1346337&r2=1346338&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Tue
Jun 5 10:56:56 2012
@@ -108,4 +108,40 @@
</claimTypesRequested>
</protocol>
</contextConfig>
+ <contextConfig name="CUSTTOK">
+ <audienceUris>
+ <audienceItem>http://host_one:port/url</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="stsstore.jks"
password="stsspass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer subject=".*CN=www.sts.com.*"
certificateValidation="ChainTrust"
+ name="FedizSTSIssuer" />
+ </trustedIssuers>
+
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>target realm</realm>
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type"
type="String" />
+ <homeRealm
type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
optional="true" />
+ </claimTypesRequested>
+ <tokenValidators>
+
<validator>org.apache.cxf.fediz.core.CustomValidator</validator>
+
<validator>org.apache.cxf.fediz.core.CustomValidator2</validator>
+ </tokenValidators>
+ </protocol>
+ </contextConfig>
</FedizConfig>
