svn commit: r1375400 - in /cxf/fediz/trunk/plugins/core/src: main/java/org/apache/cxf/fediz/core/config/ main/resources/schemas/ test/java/org/apache/cxf/fediz/core/ test/resources/

Tue, 21 Aug 2012 00:06:09 -0700 

Author: owulff
Date: Tue Aug 21 07:04:29 2012
New Revision: 1375400

URL: http://svn.apache.org/viewvc?rev=1375400&view=rev
Log:
maximumClockSkew is optional now, default 5 seconds

Modified:
    
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
    
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
    cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml

Modified: 
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- 
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
 (original)
+++ 
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
 Tue Aug 21 07:04:29 2012
@@ -112,7 +112,11 @@ public class FederationContext implement
     }
 
     public BigInteger getMaximumClockSkew() {
-        return config.getMaximumClockSkew();
+        if (config.getMaximumClockSkew() == null) {
+            return BigInteger.valueOf(5L);
+        } else {
+            return config.getMaximumClockSkew();
+        }
     }
     
     public void setMaximumClockSkew(BigInteger maximumClockSkew) {

Modified: 
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd 
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Tue 
Aug 21 07:04:29 2012
@@ -70,7 +70,7 @@
                </xs:restriction>
        </xs:simpleType>
 
-       <xs:element name="maximumClockSkew" type="xs:integer" default="60"/>
+       <xs:element name="maximumClockSkew" type="xs:integer" default="5"/>
        
        <xs:element name="tokenReplayCache" type="xs:string" />
 

Modified: 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
 (original)
+++ 
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
 Tue Aug 21 07:04:29 2012
@@ -826,6 +826,44 @@ public class FederationProcessorTest {
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, 
wfRes.getIssuer());
     }
+
+    /**
+     * "Validate" SAML 2 token with a custom token validator
+     * If a validator is configured it precedes the SAMLTokenValidator as part 
of Fediz
+     */
+    @org.junit.Test
+    public void validateSAML2TokenMaxClockSkewNotDefined() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        ConditionsBean cp = new ConditionsBean();
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey", true);
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = 
getFederationConfigurator().getFederationContext("NOCLOCKSKEW");
+        
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                            wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, 
wfRes.getIssuer());
+        Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
+                            .size());
+        Assert.assertEquals("Audience wrong", TEST_AUDIENCE, 
wfRes.getAudience());
+    }
     
     
     private String createSamlToken(AssertionWrapper assertion, String alias, 
boolean sign)

Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
URL: 
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1375400&r1=1375399&r2=1375400&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml 
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Tue 
Aug 21 07:04:29 2012
@@ -143,5 +143,36 @@
                                
<validator>org.apache.cxf.fediz.core.NonexistentCustomValidator</validator>
                        </tokenValidators>
                </protocol>
+       </contextConfig>
+       <contextConfig name="NOCLOCKSKEW">
+               <audienceUris>
+                       <audienceItem>http://host_one:port/url</audienceItem>
+               </audienceUris>
+               <certificateStores>
+                       <trustManager>
+                               <keyStore file="stsstore.jks" 
password="stsspass"
+                                       type="JKS" />
+                       </trustManager>         
+               </certificateStores>
+               <trustedIssuers>
+                       <issuer subject=".*CN=www.sts.com.*" 
certificateValidation="ChainTrust"
+                               name="FedizSTSIssuer" />                        
        
+               </trustedIssuers>
+
+               <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+                       xsi:type="federationProtocolType" version="1.2">
+                       <realm>target realm</realm>
+                       <issuer>http://url_to_the_issuer</issuer>
+                       <roleDelimiter>;</roleDelimiter>
+                       
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+                       <authenticationType value="some auth type" 
type="String" />
+                       <homeRealm 
type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+                       <freshness>10000</freshness>
+                       <reply>reply value</reply>
+                       <request>REQUEST</request>
+                       <claimTypesRequested>
+                               <claimType type="a particular claim type" 
optional="true" />
+                       </claimTypesRequested>
+               </protocol>
        </contextConfig>        
 </FedizConfig>

Reply via email to