svn commit: r1347143 - in /cxf/fediz/trunk: examples/wsclientWebapp/ plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/ plugins/core/src/test/java/org/apache/cxf/fediz/core/

Wed, 06 Jun 2012 14:29:57 -0700 

Author: owulff
Date: Wed Jun  6 21:29:34 2012
New Revision: 1347143

URL: http://svn.apache.org/viewvc?rev=1347143&view=rev
Log:
NPE fixed when roleURI not configured

Modified:
    cxf/fediz/trunk/examples/wsclientWebapp/README.txt
    
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
    
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java

Modified: cxf/fediz/trunk/examples/wsclientWebapp/README.txt
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/README.txt?rev=1347143&r1=1347142&r2=1347143&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/README.txt (original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/README.txt Wed Jun  6 21:29:34 2012
@@ -55,7 +55,7 @@ Demo Web Service
 The main and only code lives in the class GreeterImpl. It reads the 
authenticated principal from the JAX-WS WebServiceContext
 and returns the principal name to the Web Service Client (Web Application).
 
-The interesting pieces are in beans.xml and the WS-SecurityPolicy definition 
in the WSDL hello_world.wsdl.
+The interesting pieces are in applicationContext.xml and the WS-SecurityPolicy 
definition in the WSDL hello_world.wsdl.
 
 There is no security related programming required. CXF processes the 
information in the Spring configuration and
 the policy document and enforces that.

Modified: 
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1347143&r1=1347142&r2=1347143&view=diff
==============================================================================
--- 
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
 (original)
+++ 
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
 Wed Jun  6 21:29:34 2012
@@ -178,9 +178,9 @@ public class SAMLTokenValidator implemen
 
             List<String> roles = null;
             FederationProtocol fp = (FederationProtocol)config.getProtocol();
-            URI roleURI = URI.create(fp.getRoleURI());
-            String delim = fp.getRoleDelimiter();
-            if (roleURI != null) {
+            if (fp.getRoleURI() != null) {
+                URI roleURI = URI.create(fp.getRoleURI());
+                String delim = fp.getRoleDelimiter();
                 for (Claim c : claims) {
                     URI claimURI = URI.create(c.getNamespace() + "/"
                             + c.getClaimType());
@@ -204,7 +204,7 @@ public class SAMLTokenValidator implemen
                     }
                 }
             }
-
+            
             SAMLTokenPrincipal p = new SAMLTokenPrincipal(assertion);
 
             TokenValidatorResponse response = new TokenValidatorResponse(

Modified: 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java?rev=1347143&r1=1347142&r2=1347143&view=diff
==============================================================================
--- 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
 (original)
+++ 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
 Wed Jun  6 21:29:34 2012
@@ -170,6 +170,21 @@ public abstract class AbstractSAMLCallba
         } else if (statement == Statement.ATTR) {
             AttributeStatementBean attrStateBean = new 
AttributeStatementBean();
             
+            if (this.roles == null) {
+                AttributeBean attributeBean = new AttributeBean();
+                if (subjectBean != null) {
+                    attrStateBean.setSubject(subjectBean);
+                    attributeBean.setSimpleName("name");
+                    attributeBean.setQualifiedName("dummy-ns");
+                } else {
+                    attributeBean.setQualifiedName("dummy-ns");
+                }
+                
attributeBean.setAttributeValues(Collections.singletonList("myvalue"));
+                
attrStateBean.setSamlAttributes(Collections.singletonList(attributeBean));
+                
callback.setAttributeStatementData(Collections.singletonList(attrStateBean));
+                return;
+            }
+            
             if (this.multiValueType.equals(MultiValue.MULTI_VALUE)
                 || this.multiValueType.equals(MultiValue.ENC_VALUE)) {
 //              <saml:Attribute 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
@@ -226,7 +241,6 @@ public abstract class AbstractSAMLCallba
                 }
                 attrStateBean.setSamlAttributes(attrBeans);
             }
-            
             
callback.setAttributeStatementData(Collections.singletonList(attrStateBean));
                        
         } else {

Modified: 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1347143&r1=1347142&r2=1347143&view=diff
==============================================================================
--- 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
 (original)
+++ 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
 Wed Jun  6 21:29:34 2012
@@ -181,6 +181,81 @@ public class FederationProcessorTest {
     }
     
     /**
+     * Validate SAML 2 token which doesn't include the role SAML attribute
+     */
+    @org.junit.Test
+    public void validateSAML2TokenWithoutRoles() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        callbackHandler.setRoles(null);
+        ConditionsBean cp = new ConditionsBean();
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey", true);
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = 
getFederationConfigurator().getFederationContext("ROOT");
+        
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                            wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, 
wfRes.getIssuer());
+        Assert.assertEquals("No roles must be found", null, wfRes.getRoles());
+        Assert.assertEquals("Audience wrong", TEST_AUDIENCE, 
wfRes.getAudience());
+    }
+    
+    /**
+     * Validate SAML 2 token which includes role attribute
+     * but RoleURI is not configured
+     */
+    @org.junit.Test
+    public void validateSAML2TokenRoleURINotConfigured() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        ConditionsBean cp = new ConditionsBean();
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey", true);
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = 
getFederationConfigurator().getFederationContext("ROOT");
+        ((FederationProtocol)config.getProtocol()).setRoleURI(null);
+        
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                            wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, 
wfRes.getIssuer());
+        Assert.assertEquals("Two roles must be found", null, wfRes.getRoles());
+        Assert.assertEquals("Audience wrong", TEST_AUDIENCE, 
wfRes.getAudience());
+    }
+    
+    /**
      * Validate SAML 2 token which includes the role attribute with 2 values
      * Roles are encoded as a multi-value saml attribute
      */

Reply via email to