Author: ay
Date: Tue Aug 14 13:36:04 2012
New Revision: 1372877
URL: http://svn.apache.org/viewvc?rev=1372877&view=rev
Log:
[CXF-4469] 2.6.x rt-ws-security bundle is requiring opensaml
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
(with props)
Modified:
cxf/trunk/rt/ws/security/pom.xml
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Modified: cxf/trunk/rt/ws/security/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/pom.xml?rev=1372877&r1=1372876&r2=1372877&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/pom.xml (original)
+++ cxf/trunk/rt/ws/security/pom.xml Tue Aug 14 13:36:04 2012
@@ -34,6 +34,7 @@
<properties>
<cxf.osgi.import>
net.sf.ehcache*;resolution:=optional;version="[2.5, 3.0.0)",
+ org.opensaml*;resolution:=optional,
</cxf.osgi.import>
</properties>
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java?rev=1372877&view=auto
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
(added)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
Tue Aug 14 13:36:04 2012
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * internal SAMLUtils to avoid direct reference to opensaml from WSS4J
interceptors.
+ */
+final class SAMLUtils {
+ private SAMLUtils() {
+ }
+
+ public static List<String> parseRolesInAssertion(Object assertion, String
roleAttributeName) {
+ if (((AssertionWrapper)
assertion).getSamlVersion().equals(SAMLVersion.VERSION_20)) {
+ return
parseRolesInAssertion(((AssertionWrapper)assertion).getSaml2(),
roleAttributeName);
+ } else {
+ return
parseRolesInAssertion(((AssertionWrapper)assertion).getSaml1(),
roleAttributeName);
+ }
+ }
+
+ //
+ // these methods are moved from previous WSS4JInInterceptor
+ //
+ private static List<String>
parseRolesInAssertion(org.opensaml.saml1.core.Assertion assertion,
+ String roleAttributeName) {
+ List<org.opensaml.saml1.core.AttributeStatement> attributeStatements =
+ assertion.getAttributeStatements();
+ if (attributeStatements == null || attributeStatements.isEmpty()) {
+ return null;
+ }
+ List<String> roles = new ArrayList<String>();
+
+ for (org.opensaml.saml1.core.AttributeStatement statement :
attributeStatements) {
+
+ List<org.opensaml.saml1.core.Attribute> attributes =
statement.getAttributes();
+ for (org.opensaml.saml1.core.Attribute attribute : attributes) {
+
+ if (attribute.getAttributeName().equals(roleAttributeName)) {
+ for (XMLObject attributeValue :
attribute.getAttributeValues()) {
+ Element attributeValueElement =
attributeValue.getDOM();
+ String value = attributeValueElement.getTextContent();
+ roles.add(value);
+ }
+ if (attribute.getAttributeValues().size() > 1) {
+// Don't search for other attributes with the same name
if
+// <saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+//
AttributeNamespace="http://schemas.xmlsoap.org/claims"; AttributeName="roles">
+// <saml:AttributeValue>Value1</saml:AttributeValue>
+// <saml:AttributeValue>Value2</saml:AttributeValue>
+// </saml:Attribute>
+ break;
+ }
+ }
+
+ }
+ }
+ return Collections.unmodifiableList(roles);
+ }
+
+
+ private static List<String>
parseRolesInAssertion(org.opensaml.saml2.core.Assertion assertion,
+ String roleAttributeName) {
+ List<org.opensaml.saml2.core.AttributeStatement> attributeStatements =
+ assertion.getAttributeStatements();
+ if (attributeStatements == null || attributeStatements.isEmpty()) {
+ return null;
+ }
+ List<String> roles = new ArrayList<String>();
+
+ for (org.opensaml.saml2.core.AttributeStatement statement :
attributeStatements) {
+
+ List<org.opensaml.saml2.core.Attribute> attributes =
statement.getAttributes();
+ for (org.opensaml.saml2.core.Attribute attribute : attributes) {
+
+ if (attribute.getName().equals(roleAttributeName)) {
+ for (XMLObject attributeValue :
attribute.getAttributeValues()) {
+ Element attributeValueElement =
attributeValue.getDOM();
+ String value = attributeValueElement.getTextContent();
+ roles.add(value);
+ }
+ if (attribute.getAttributeValues().size() > 1) {
+// Don't search for other attributes with the same name
if
+// <saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+//
AttributeNamespace="http://schemas.xmlsoap.org/claims"; AttributeName="roles">
+// <saml:AttributeValue>Value1</saml:AttributeValue>
+// <saml:AttributeValue>Value2</saml:AttributeValue>
+// </saml:Attribute>
+ break;
+ }
+ }
+
+ }
+ }
+ return Collections.unmodifiableList(roles);
+ }
+
+}
Propchange:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SAMLUtils.java
------------------------------------------------------------------------------
svn:executable = *
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1372877&r1=1372876&r2=1372877&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Tue Aug 14 13:36:04 2012
@@ -22,7 +22,6 @@ import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -81,14 +80,10 @@ import org.apache.ws.security.handler.WS
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.processor.Processor;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.validate.NoOpValidator;
import org.apache.ws.security.validate.Validator;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.xml.XMLObject;
-
/**
* Performs WS-Security inbound actions.
*
@@ -481,7 +476,7 @@ public class WSS4JInInterceptor extends
if (!utWithCallbacks) {
WSS4JTokenConverter.convertToken(msg, p);
}
- AssertionWrapper receivedAssertion = null;
+ Object receivedAssertion = null;
List<String> roles = null;
if (o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
@@ -490,13 +485,8 @@ public class WSS4JInInterceptor extends
if (roleAttributeName == null ||
roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
- receivedAssertion =
- (AssertionWrapper)
o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- if
(receivedAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
- roles =
this.parseRolesInAssertion(receivedAssertion.getSaml2(), roleAttributeName);
- } else {
- roles =
this.parseRolesInAssertion(receivedAssertion.getSaml1(), roleAttributeName);
- }
+ receivedAssertion =
o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ roles = SAMLUtils.parseRolesInAssertion(receivedAssertion,
roleAttributeName);
msg.put(SecurityContext.class, createSecurityContext(p,
roles));
} else {
msg.put(SecurityContext.class, createSecurityContext(p));
@@ -800,79 +790,6 @@ public class WSS4JInInterceptor extends
return fault;
}
- protected List<String>
parseRolesInAssertion(org.opensaml.saml1.core.Assertion assertion,
- String roleAttributeName) {
- List<org.opensaml.saml1.core.AttributeStatement> attributeStatements =
- assertion.getAttributeStatements();
- if (attributeStatements == null || attributeStatements.isEmpty()) {
- return null;
- }
- List<String> roles = new ArrayList<String>();
-
- for (org.opensaml.saml1.core.AttributeStatement statement :
attributeStatements) {
-
- List<org.opensaml.saml1.core.Attribute> attributes =
statement.getAttributes();
- for (org.opensaml.saml1.core.Attribute attribute : attributes) {
-
- if (attribute.getAttributeName().equals(roleAttributeName)) {
- for (XMLObject attributeValue :
attribute.getAttributeValues()) {
- Element attributeValueElement =
attributeValue.getDOM();
- String value = attributeValueElement.getTextContent();
- roles.add(value);
- }
- if (attribute.getAttributeValues().size() > 1) {
-// Don't search for other attributes with the same name
if
-// <saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-//
AttributeNamespace="http://schemas.xmlsoap.org/claims"; AttributeName="roles">
-// <saml:AttributeValue>Value1</saml:AttributeValue>
-// <saml:AttributeValue>Value2</saml:AttributeValue>
-// </saml:Attribute>
- break;
- }
- }
-
- }
- }
- return Collections.unmodifiableList(roles);
- }
-
-
- protected List<String>
parseRolesInAssertion(org.opensaml.saml2.core.Assertion assertion,
- String roleAttributeName) {
- List<org.opensaml.saml2.core.AttributeStatement> attributeStatements =
- assertion.getAttributeStatements();
- if (attributeStatements == null || attributeStatements.isEmpty()) {
- return null;
- }
- List<String> roles = new ArrayList<String>();
-
- for (org.opensaml.saml2.core.AttributeStatement statement :
attributeStatements) {
-
- List<org.opensaml.saml2.core.Attribute> attributes =
statement.getAttributes();
- for (org.opensaml.saml2.core.Attribute attribute : attributes) {
-
- if (attribute.getName().equals(roleAttributeName)) {
- for (XMLObject attributeValue :
attribute.getAttributeValues()) {
- Element attributeValueElement =
attributeValue.getDOM();
- String value = attributeValueElement.getTextContent();
- roles.add(value);
- }
- if (attribute.getAttributeValues().size() > 1) {
-// Don't search for other attributes with the same name
if
-// <saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
-//
AttributeNamespace="http://schemas.xmlsoap.org/claims"; AttributeName="roles">
-// <saml:AttributeValue>Value1</saml:AttributeValue>
-// <saml:AttributeValue>Value2</saml:AttributeValue>
-// </saml:Attribute>
- break;
- }
- }
-
- }
- }
- return Collections.unmodifiableList(roles);
- }
-
static class CXFRequestData extends RequestData {
public CXFRequestData() {
