[CXF-5664] - CXF STS does not support wst:Participants
Conflicts:
services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/40414bc1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/40414bc1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/40414bc1
Branch: refs/heads/2.7.x-fixes
Commit: 40414bc1caff4bfb058190705629a885b70a5356
Parents: a242923
Author: Colm O hEigeartaigh <[email protected]>
Authored: Wed Apr 2 15:05:16 2014 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Wed Apr 2 15:41:53 2014 +0100
----------------------------------------------------------------------
.../java/org/apache/cxf/sts/QNameConstants.java | 2 +
.../apache/cxf/sts/request/Participants.java | 46 ++++++++++++++++++++
.../apache/cxf/sts/request/RequestParser.java | 28 ++++++++++++
.../cxf/sts/request/TokenRequirements.java | 9 ++++
.../provider/DefaultConditionsProvider.java | 13 +++++-
5 files changed, 97 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/40414bc1/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
----------------------------------------------------------------------
diff --git
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
index b3cbd3d..0383500 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
@@ -60,6 +60,8 @@ public final class QNameConstants {
WS_TRUST_FACTORY.createClaims(null).getName();
public static final QName RENEWING =
WS_TRUST_FACTORY.createRenewing(null).getName();
+ public static final QName PARTICIPANTS =
+ WS_TRUST_FACTORY.createParticipants(null).getName();
//
// Key Requirement QNames
http://git-wip-us.apache.org/repos/asf/cxf/blob/40414bc1/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
----------------------------------------------------------------------
diff --git
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
new file mode 100644
index 0000000..e108139
--- /dev/null
+++
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Participants.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+import java.util.List;
+
+/**
+ * This class contains values that have been extracted from a Participants
element.
+ */
+public class Participants {
+ private Object primaryParticipant;
+ private List<Object> participants;
+
+ public Object getPrimaryParticipant() {
+ return primaryParticipant;
+ }
+
+ public void setPrimaryParticipant(Object primaryParticipant) {
+ this.primaryParticipant = primaryParticipant;
+ }
+
+ public List<Object> getParticipants() {
+ return participants;
+ }
+
+ public void setParticipants(List<Object> participants) {
+ this.participants = participants;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/40414bc1/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
----------------------------------------------------------------------
diff --git
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
index ceeee13..e87f738 100644
---
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
+++
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
@@ -27,6 +27,7 @@ import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
@@ -63,6 +64,7 @@ import
org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
import org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType;
+import org.apache.cxf.ws.security.sts.provider.model.ParticipantsType;
import org.apache.cxf.ws.security.sts.provider.model.RenewTargetType;
import org.apache.cxf.ws.security.sts.provider.model.RenewingType;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
@@ -311,6 +313,12 @@ public class RequestParser {
}
tokenRequirements.setRenewing(renewing);
LOG.fine("Found Renewing token");
+ } else if (QNameConstants.PARTICIPANTS.equals(jaxbElement.getName())) {
+ ParticipantsType participantsType =
(ParticipantsType)jaxbElement.getValue();
+
+ Participants participants = parseParticipants(participantsType);
+ tokenRequirements.setParticipants(participants);
+ LOG.fine("Found Participants");
} else {
return false;
}
@@ -416,6 +424,26 @@ public class RequestParser {
return null;
}
+ private static Participants parseParticipants(ParticipantsType
participantsType) {
+ Participants participants = new Participants();
+
+ if (participantsType.getPrimary() != null) {
+
participants.setPrimaryParticipant(participantsType.getPrimary().getAny());
+ }
+
+ if (participantsType.getParticipant() != null
+ && !participantsType.getParticipant().isEmpty()) {
+ List<Object> secondaryParticipants =
+ new
ArrayList<Object>(participantsType.getParticipant().size());
+ for (Object object : participantsType.getParticipant()) {
+ secondaryParticipants.add(object);
+ }
+ participants.setParticipants(secondaryParticipants);
+ }
+
+ return participants;
+ }
+
private static <T> T extractType(Object param, Class<T> clazz) {
if (param instanceof JAXBElement<?>) {
JAXBElement<?> jaxbElement = (JAXBElement<?>) param;
http://git-wip-us.apache.org/repos/asf/cxf/blob/40414bc1/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
----------------------------------------------------------------------
diff --git
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
index cf43411..bcc09aa 100644
---
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
+++
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
@@ -39,6 +39,7 @@ public class TokenRequirements {
private RequestClaimCollection primaryClaims;
private RequestClaimCollection secondaryClaims;
private Renewing renewing;
+ private Participants participants;
public Renewing getRenewing() {
return renewing;
@@ -144,4 +145,12 @@ public class TokenRequirements {
this.secondaryClaims = secondaryClaims;
}
+ public Participants getParticipants() {
+ return participants;
+ }
+
+ public void setParticipants(Participants participants) {
+ this.participants = participants;
+ }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/40414bc1/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
----------------------------------------------------------------------
diff --git
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
index 9fc5b6f..7c3d317 100644
---
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
+++
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
@@ -19,14 +19,21 @@
package org.apache.cxf.sts.token.provider;
import java.text.ParseException;
+import java.util.Collections;
import java.util.Date;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.request.Lifetime;
import org.apache.cxf.ws.security.sts.provider.STSException;
+<<<<<<< HEAD
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.util.XmlSchemaDateFormat;
+=======
+import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
+>>>>>>> e50e87d... [CXF-5664] - CXF STS does not support wst:Participants
import org.joda.time.DateTime;
/**
@@ -200,7 +207,11 @@ public class DefaultConditionsProvider implements
ConditionsProvider {
} else {
conditions.setTokenPeriodMinutes(5);
}
- conditions.setAudienceURI(appliesToAddress);
+ if (appliesToAddress != null) {
+ AudienceRestrictionBean audienceRestriction = new
AudienceRestrictionBean();
+
audienceRestriction.setAudienceURIs(Collections.singletonList(appliesToAddress));
+
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+ }
return conditions;
}
