Repository: cxf Updated Branches: refs/heads/master 71e9ada9b -> c04c27200
http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java deleted file mode 100644 index 7238deb..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java +++ /dev/null @@ -1,212 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rt.security.saml; - -import java.net.URI; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Set; - -import org.w3c.dom.Document; -import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.rt.security.claims.Claim; -import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.claims.SAMLClaim; -import org.apache.wss4j.common.saml.SAMLCallback; -import org.apache.wss4j.common.saml.SAMLUtil; -import org.apache.wss4j.common.saml.SamlAssertionWrapper; -import org.apache.wss4j.common.saml.bean.AttributeBean; -import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.junit.Assert; - -public class SAMLClaimsTest extends Assert { - - @org.junit.Test - public void testSAML2Claims() throws Exception { - AttributeBean attributeBean = new AttributeBean(); - attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT); - attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - attributeBean.addAttributeValue("employee"); - - SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(); - samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean)); - - // Create the SAML Assertion via the CallbackHandler - SAMLCallback samlCallback = new SAMLCallback(); - SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback); - SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback); - - Document doc = DOMUtils.newDocument(); - samlAssertion.toDOM(doc); - - ClaimCollection claims = SAMLUtils.getClaims(samlAssertion); - assertEquals(claims.getDialect().toString(), - "http://schemas.xmlsoap.org/ws/2005/05/identity";); - assertEquals(1, claims.size()); - - // Check Claim values - Claim claim = claims.get(0); - assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT)); - assertEquals(1, claim.getValues().size()); - assertTrue(claim.getValues().contains("employee")); - - // Check SAMLClaim values - assertTrue(claim instanceof SAMLClaim); - assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim)claim).getName()); - assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim)claim).getNameFormat()); - - // Check roles - Set<Principal> roles = - SAMLUtils.parseRolesFromClaims(claims, - SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, - SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - assertEquals(1, roles.size()); - Principal p = roles.iterator().next(); - assertEquals("employee", p.getName()); - } - - @org.junit.Test - public void testSAML2MultipleRoles() throws Exception { - AttributeBean attributeBean = new AttributeBean(); - attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT); - attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - attributeBean.addAttributeValue("employee"); - attributeBean.addAttributeValue("boss"); - - SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(); - samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean)); - - // Create the SAML Assertion via the CallbackHandler - SAMLCallback samlCallback = new SAMLCallback(); - SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback); - SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback); - - Document doc = DOMUtils.newDocument(); - samlAssertion.toDOM(doc); - - ClaimCollection claims = SAMLUtils.getClaims(samlAssertion); - assertEquals(claims.getDialect().toString(), - "http://schemas.xmlsoap.org/ws/2005/05/identity";); - assertEquals(1, claims.size()); - - // Check Claim values - Claim claim = claims.get(0); - assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT)); - assertEquals(2, claim.getValues().size()); - assertTrue(claim.getValues().contains("employee")); - assertTrue(claim.getValues().contains("boss")); - - // Check SAMLClaim values - assertTrue(claim instanceof SAMLClaim); - assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim)claim).getName()); - assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim)claim).getNameFormat()); - - // Check roles - Set<Principal> roles = - SAMLUtils.parseRolesFromClaims(claims, - SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, - SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - assertEquals(2, roles.size()); - } - - @org.junit.Test - public void testSAML2MultipleClaims() throws Exception { - AttributeBean attributeBean = new AttributeBean(); - attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT); - attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - attributeBean.addAttributeValue("employee"); - - AttributeBean attributeBean2 = new AttributeBean(); - attributeBean2.setQualifiedName( - "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";); - attributeBean2.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - attributeBean2.addAttributeValue("smith"); - - SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(); - List<AttributeBean> attributes = new ArrayList<AttributeBean>(); - attributes.add(attributeBean); - attributes.add(attributeBean2); - samlCallbackHandler.setAttributes(attributes); - - // Create the SAML Assertion via the CallbackHandler - SAMLCallback samlCallback = new SAMLCallback(); - SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback); - SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback); - - Document doc = DOMUtils.newDocument(); - samlAssertion.toDOM(doc); - - ClaimCollection claims = SAMLUtils.getClaims(samlAssertion); - assertEquals(claims.getDialect().toString(), - "http://schemas.xmlsoap.org/ws/2005/05/identity";); - assertEquals(2, claims.size()); - - // Check roles - Set<Principal> roles = - SAMLUtils.parseRolesFromClaims(claims, - SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, - SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED); - assertEquals(1, roles.size()); - Principal p = roles.iterator().next(); - assertEquals("employee", p.getName()); - } - - @org.junit.Test - public void testSAML1Claims() throws Exception { - AttributeBean attributeBean = new AttributeBean(); - attributeBean.setSimpleName("role"); - attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims";); - attributeBean.addAttributeValue("employee"); - - SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false); - samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean)); - - // Create the SAML Assertion via the CallbackHandler - SAMLCallback samlCallback = new SAMLCallback(); - SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback); - SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback); - - Document doc = DOMUtils.newDocument(); - samlAssertion.toDOM(doc); - - ClaimCollection claims = SAMLUtils.getClaims(samlAssertion); - assertEquals(claims.getDialect().toString(), - "http://schemas.xmlsoap.org/ws/2005/05/identity";); - assertEquals(1, claims.size()); - - // Check Claim values - Claim claim = claims.get(0); - assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT)); - assertEquals(1, claim.getValues().size()); - assertTrue(claim.getValues().contains("employee")); - - // Check SAMLClaim values - assertTrue(claim instanceof SAMLClaim); - assertEquals("role", ((SAMLClaim)claim).getName()); - - // Check roles - Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null); - assertEquals(1, roles.size()); - Principal p = roles.iterator().next(); - assertEquals("employee", p.getName()); - - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java deleted file mode 100644 index 6703ac5..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java +++ /dev/null @@ -1,99 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rt.security.saml; - -import java.io.IOException; -import java.util.Collections; -import java.util.List; - -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.UnsupportedCallbackException; - -import org.apache.wss4j.common.saml.SAMLCallback; -import org.apache.wss4j.common.saml.bean.AttributeBean; -import org.apache.wss4j.common.saml.bean.AttributeStatementBean; -import org.apache.wss4j.common.saml.bean.SubjectBean; -import org.apache.wss4j.common.saml.bean.Version; -import org.apache.wss4j.common.saml.builder.SAML1Constants; -import org.apache.wss4j.common.saml.builder.SAML2Constants; - -/** - * A CallbackHandler instance to mock up a SAML Attribute Assertion. - */ -public class SamlCallbackHandler implements CallbackHandler { - private boolean saml2 = true; - private String confirmationMethod = SAML2Constants.CONF_BEARER; - private List<AttributeBean> attributes; - - public SamlCallbackHandler() { - // - } - - public SamlCallbackHandler(boolean saml2) { - this.saml2 = saml2; - } - - public void setConfirmationMethod(String confirmationMethod) { - this.confirmationMethod = confirmationMethod; - } - - public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - if (callbacks[i] instanceof SAMLCallback) { - SAMLCallback callback = (SAMLCallback) callbacks[i]; - if (saml2) { - callback.setSamlVersion(Version.SAML_20); - } else { - callback.setSamlVersion(Version.SAML_11); - } - - callback.setIssuer("sts"); - String subjectName = "uid=sts-client,o=mock-sts.com"; - String subjectQualifier = "www.mock-sts.com"; - if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) { - confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES; - } - SubjectBean subjectBean = - new SubjectBean( - subjectName, subjectQualifier, confirmationMethod - ); - callback.setSubject(subjectBean); - - if (attributes != null) { - AttributeStatementBean attrBean = new AttributeStatementBean(); - attrBean.setSubject(subjectBean); - attrBean.setSamlAttributes(attributes); - callback.setAttributeStatementData(Collections.singletonList(attrBean)); - } - - } - } - } - - public List<AttributeBean> getAttributes() { - return attributes; - } - - public void setAttributes(List<AttributeBean> attributes) { - this.attributes = attributes; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java deleted file mode 100644 index 45222b3..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java +++ /dev/null @@ -1,153 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rt.security.xacml; - -import java.util.List; - -import javax.xml.transform.Source; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.dom.DOMSource; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.rt.security.xacml.pdp.api.PolicyDecisionPoint; -import org.apache.wss4j.common.ext.WSSecurityException; -import org.apache.wss4j.common.saml.OpenSAMLUtil; -import org.opensaml.core.xml.XMLObjectBuilderFactory; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.xacml.XACMLObjectBuilder; -import org.opensaml.xacml.ctx.AttributeType; -import org.opensaml.xacml.ctx.DecisionType; -import org.opensaml.xacml.ctx.DecisionType.DECISION; -import org.opensaml.xacml.ctx.RequestType; -import org.opensaml.xacml.ctx.ResponseType; -import org.opensaml.xacml.ctx.ResultType; -import org.opensaml.xacml.ctx.StatusCodeType; -import org.opensaml.xacml.ctx.StatusType; -import org.opensaml.xacml.ctx.SubjectType; - -/** - * A test implementation of AbstractXACMLAuthorizingInterceptor. It just mocks up a Response - * object based on the role of the Subject. If the role is "manager" then it permits the - * request, otherwise it denies it. - */ -public class DummyPDP implements PolicyDecisionPoint { - - public Source evaluate(Source requestSource) { - RequestType request = requestSourceToRequestType(requestSource); - String role = getSubjectRole(request); - DECISION decision = "manager".equals(role) ? DecisionType.DECISION.Permit : DecisionType.DECISION.Deny; - ResponseType response = createResponse(decision); - return responseType2Source(response); - } - - private RequestType requestSourceToRequestType(Source requestSource) { - try { - Transformer trans = TransformerFactory.newInstance().newTransformer(); - DOMResult res = new DOMResult(); - trans.transform(requestSource, res); - Node nd = res.getNode(); - if (nd instanceof Document) { - nd = ((Document)nd).getDocumentElement(); - } - return (RequestType)OpenSAMLUtil.fromDom((Element)nd); - } catch (Exception e) { - throw new RuntimeException("Error converting pdp response to ResponseType", e); - } - } - - private Source responseType2Source(ResponseType response) { - Document doc = DOMUtils.createDocument(); - Element responseElement; - try { - responseElement = OpenSAMLUtil.toDom(response, doc); - } catch (WSSecurityException e) { - throw new RuntimeException("Error converting PDP RequestType to Dom", e); - } - return new DOMSource(responseElement); - } - - private ResponseType createResponse(DECISION decision) { - XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory(); - - @SuppressWarnings("unchecked") - XACMLObjectBuilder<ResponseType> responseTypeBuilder = - (XACMLObjectBuilder<ResponseType>) - builderFactory.getBuilder(ResponseType.DEFAULT_ELEMENT_NAME); - - @SuppressWarnings("unchecked") - XACMLObjectBuilder<ResultType> resultTypeBuilder = - (XACMLObjectBuilder<ResultType>) - builderFactory.getBuilder(ResultType.DEFAULT_ELEMENT_NAME); - - @SuppressWarnings("unchecked") - XACMLObjectBuilder<DecisionType> decisionTypeBuilder = - (XACMLObjectBuilder<DecisionType>) - builderFactory.getBuilder(DecisionType.DEFAULT_ELEMENT_NAME); - - @SuppressWarnings("unchecked") - XACMLObjectBuilder<StatusType> statusTypeBuilder = - (XACMLObjectBuilder<StatusType>) - builderFactory.getBuilder(StatusType.DEFAULT_ELEMENT_NAME); - - @SuppressWarnings("unchecked") - XACMLObjectBuilder<StatusCodeType> statusCodeTypeBuilder = - (XACMLObjectBuilder<StatusCodeType>) - builderFactory.getBuilder(StatusCodeType.DEFAULT_ELEMENT_NAME); - - ResultType result = resultTypeBuilder.buildObject(); - - DecisionType decisionType = decisionTypeBuilder.buildObject(); - decisionType.setDecision(decision); - result.setDecision(decisionType); - - StatusType status = statusTypeBuilder.buildObject(); - StatusCodeType statusCode = statusCodeTypeBuilder.buildObject(); - statusCode.setValue("urn:oasis:names:tc:xacml:1.0:status:ok"); - status.setStatusCode(statusCode); - result.setStatus(status); - - ResponseType response = responseTypeBuilder.buildObject(); - response.getResults().add(result); - return response; - } - - private String getSubjectRole(RequestType request) { - List<SubjectType> subjects = request.getSubjects(); - if (subjects != null) { - for (SubjectType subject : subjects) { - List<AttributeType> attributes = subject.getAttributes(); - if (attributes != null) { - for (AttributeType attribute : attributes) { - if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeId())) { - return attribute.getAttributeValues().get(0).getValue(); - } - } - } - } - } - return null; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java deleted file mode 100644 index 1b4c84b..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java +++ /dev/null @@ -1,222 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rt.security.xacml; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import org.apache.wss4j.common.saml.OpenSAMLUtil; -import org.joda.time.DateTime; -import org.opensaml.xacml.ctx.ActionType; -import org.opensaml.xacml.ctx.AttributeType; -import org.opensaml.xacml.ctx.AttributeValueType; -import org.opensaml.xacml.ctx.EnvironmentType; -import org.opensaml.xacml.ctx.RequestType; -import org.opensaml.xacml.ctx.ResourceType; -import org.opensaml.xacml.ctx.SubjectType; - - -/** - * Some unit tests to create a XACML Request using the RequestComponentBuilder. - */ -public class RequestComponentBuilderTest extends org.junit.Assert { - - private DocumentBuilder docBuilder; - static { - OpenSAMLUtil.initSamlEngine(); - } - - public RequestComponentBuilderTest() throws ParserConfigurationException { - DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); - docBuilderFactory.setNamespaceAware(true); - docBuilder = docBuilderFactory.newDocumentBuilder(); - } - - @org.junit.Test - public void testCreateXACMLRequest() throws Exception { - Document doc = docBuilder.newDocument(); - - // Subject - AttributeValueType subjectIdAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "[email protected]" - ); - AttributeType subjectIdAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.SUBJECT_ID, - XACMLConstants.RFC_822_NAME, - null, - Collections.singletonList(subjectIdAttributeValue) - ); - - AttributeValueType subjectGroupAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "manager" - ); - AttributeType subjectGroupAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.SUBJECT_ROLE, - XACMLConstants.XS_ANY_URI, - "[email protected]", - Collections.singletonList(subjectGroupAttributeValue) - ); - List<AttributeType> attributes = new ArrayList<AttributeType>(); - attributes.add(subjectIdAttribute); - attributes.add(subjectGroupAttribute); - SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null); - - // Resource - AttributeValueType resourceAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "{http://www.example.org/contract/DoubleIt}DoubleIt"; - ); - AttributeType resourceAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.RESOURCE_ID, - XACMLConstants.XS_STRING, - null, - Collections.singletonList(resourceAttributeValue) - ); - attributes.clear(); - attributes.add(resourceAttribute); - ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null); - - // Action - AttributeValueType actionAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "execute" - ); - AttributeType actionAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.ACTION_ID, - XACMLConstants.XS_STRING, - null, - Collections.singletonList(actionAttributeValue) - ); - attributes.clear(); - attributes.add(actionAttribute); - ActionType action = RequestComponentBuilder.createActionType(attributes); - - // Request - RequestType request = - RequestComponentBuilder.createRequestType( - Collections.singletonList(subject), - Collections.singletonList(resource), - action, - null - ); - - Element policyElement = OpenSAMLUtil.toDom(request, doc); - // String outputString = DOM2Writer.nodeToString(policyElement); - assertNotNull(policyElement); - } - - @org.junit.Test - public void testEnvironment() throws Exception { - Document doc = docBuilder.newDocument(); - - // Subject - AttributeValueType subjectIdAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "[email protected]" - ); - AttributeType subjectIdAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.SUBJECT_ID, - XACMLConstants.RFC_822_NAME, - null, - Collections.singletonList(subjectIdAttributeValue) - ); - - List<AttributeType> attributes = new ArrayList<AttributeType>(); - attributes.add(subjectIdAttribute); - SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null); - - // Resource - AttributeValueType resourceAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "{http://www.example.org/contract/DoubleIt}DoubleIt"; - ); - AttributeType resourceAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.RESOURCE_ID, - XACMLConstants.XS_STRING, - null, - Collections.singletonList(resourceAttributeValue) - ); - attributes.clear(); - attributes.add(resourceAttribute); - ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null); - - // Action - AttributeValueType actionAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "execute" - ); - AttributeType actionAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.ACTION_ID, - XACMLConstants.XS_STRING, - null, - Collections.singletonList(actionAttributeValue) - ); - attributes.clear(); - attributes.add(actionAttribute); - ActionType action = RequestComponentBuilder.createActionType(attributes); - - // Environment - DateTime dateTime = new DateTime(); - AttributeValueType environmentAttributeValue = - RequestComponentBuilder.createAttributeValueType(dateTime.toString()); - AttributeType environmentAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.CURRENT_DATETIME, - XACMLConstants.XS_DATETIME, - null, - Collections.singletonList(environmentAttributeValue) - ); - attributes.clear(); - attributes.add(environmentAttribute); - EnvironmentType environmentType = - RequestComponentBuilder.createEnvironmentType(attributes); - - // Request - RequestType request = - RequestComponentBuilder.createRequestType( - Collections.singletonList(subject), - Collections.singletonList(resource), - action, - environmentType - ); - - Element policyElement = OpenSAMLUtil.toDom(request, doc); - // String outputString = DOM2Writer.nodeToString(policyElement); - assertNotNull(policyElement); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java deleted file mode 100644 index be485f3..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java +++ /dev/null @@ -1,153 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rt.security.xacml; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import org.apache.wss4j.common.saml.OpenSAMLUtil; -import org.opensaml.xacml.ctx.ActionType; -import org.opensaml.xacml.ctx.AttributeType; -import org.opensaml.xacml.ctx.AttributeValueType; -import org.opensaml.xacml.ctx.RequestType; -import org.opensaml.xacml.ctx.ResourceType; -import org.opensaml.xacml.ctx.SubjectType; -import org.opensaml.xacml.profile.saml.SAMLProfileConstants; -import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType; - - -/** - * Some unit tests for creating a SAML XACML Request. - */ -public class SamlRequestComponentBuilderTest extends org.junit.Assert { - - private DocumentBuilder docBuilder; - static { - OpenSAMLUtil.initSamlEngine(); - } - - public SamlRequestComponentBuilderTest() throws ParserConfigurationException { - DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); - docBuilderFactory.setNamespaceAware(true); - docBuilder = docBuilderFactory.newDocumentBuilder(); - } - - @org.junit.Test - public void testCreateXACMLSamlAuthzQueryRequest() throws Exception { - Document doc = docBuilder.newDocument(); - - // - // Create XACML request - // - - // Subject - AttributeValueType subjectIdAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "[email protected]" - ); - AttributeType subjectIdAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.SUBJECT_ID, - XACMLConstants.RFC_822_NAME, - null, - Collections.singletonList(subjectIdAttributeValue) - ); - - AttributeValueType subjectGroupAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "manager" - ); - AttributeType subjectGroupAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.SUBJECT_ROLE, - XACMLConstants.XS_ANY_URI, - "[email protected]", - Collections.singletonList(subjectGroupAttributeValue) - ); - List<AttributeType> attributes = new ArrayList<AttributeType>(); - attributes.add(subjectIdAttribute); - attributes.add(subjectGroupAttribute); - SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null); - - // Resource - AttributeValueType resourceAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "{http://www.example.org/contract/DoubleIt}DoubleIt"; - ); - AttributeType resourceAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.RESOURCE_ID, - XACMLConstants.XS_STRING, - null, - Collections.singletonList(resourceAttributeValue) - ); - attributes.clear(); - attributes.add(resourceAttribute); - ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null); - - // Action - AttributeValueType actionAttributeValue = - RequestComponentBuilder.createAttributeValueType( - "execute" - ); - AttributeType actionAttribute = - RequestComponentBuilder.createAttributeType( - XACMLConstants.ACTION_ID, - XACMLConstants.XS_STRING, - null, - Collections.singletonList(actionAttributeValue) - ); - attributes.clear(); - attributes.add(actionAttribute); - ActionType action = RequestComponentBuilder.createActionType(attributes); - - // Request - RequestType request = - RequestComponentBuilder.createRequestType( - Collections.singletonList(subject), - Collections.singletonList(resource), - action, - null - ); - - // - // Create SAML wrapper - // - - XACMLAuthzDecisionQueryType authzQuery = - SamlRequestComponentBuilder.createAuthzDecisionQuery( - "Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS - ); - - Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc); - // String outputString = DOM2Writer.nodeToString(policyElement); - assertNotNull(policyElement); - } - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java deleted file mode 100644 index ce231c5..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java +++ /dev/null @@ -1,127 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rt.security.xacml; - -import java.security.Principal; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.Subject; -import javax.xml.namespace.QName; - -import org.apache.cxf.message.Message; -import org.apache.cxf.message.MessageImpl; -import org.apache.cxf.rt.security.xacml.pdp.api.PolicyDecisionPoint; -import org.apache.cxf.security.LoginSecurityContext; -import org.apache.cxf.security.SecurityContext; - - -/** - * Some unit tests to test the AbstractXACMLAuthorizingInterceptor. - */ -public class XACMLAuthorizingInterceptorTest extends org.junit.Assert { - - static { - org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(); - } - - @SuppressWarnings("deprecation") - @org.junit.Test - public void testPermit() throws Exception { - // Mock up a Security Context - SecurityContext sc = createSecurityContext("alice", "manager"); - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURI = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URI, resourceURI); - msg.put(SecurityContext.class, sc); - - PolicyDecisionPoint pdp = new DummyPDP(); - XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp); - authorizingInterceptor.handleMessage(msg); - } - - @SuppressWarnings("deprecation") - @org.junit.Test - public void testDeny() throws Exception { - // Mock up a Security Context - SecurityContext sc = createSecurityContext("alice", "boss"); - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURI = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URI, resourceURI); - msg.put(SecurityContext.class, sc); - - PolicyDecisionPoint pdp = new DummyPDP(); - XACMLAuthorizingInterceptor authorizingInterceptor = new XACMLAuthorizingInterceptor(pdp); - - try { - authorizingInterceptor.handleMessage(msg); - fail("Failure expected on deny"); - } catch (Exception ex) { - // Failure expected - } - } - - private SecurityContext createSecurityContext(final String user, final String role) { - return new LoginSecurityContext() { - - @Override - public Principal getUserPrincipal() { - return new Principal() { - public String getName() { - return user; - } - }; - } - - @Override - public boolean isUserInRole(String role) { - return false; - } - - @Override - public Subject getSubject() { - return null; - } - - @Override - public Set<Principal> getUserRoles() { - Set<Principal> principals = new HashSet<Principal>(); - principals.add(new Principal() { - public String getName() { - return role; - } - }); - return principals; - } - - }; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java ---------------------------------------------------------------------- diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java deleted file mode 100644 index 29ab5d5..0000000 --- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java +++ /dev/null @@ -1,307 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rt.security.xacml; - -import java.security.Principal; -import java.util.Collections; -import java.util.List; - -import javax.xml.namespace.QName; - -import org.apache.cxf.message.Message; -import org.apache.cxf.message.MessageImpl; -import org.opensaml.xacml.ctx.AttributeType; -import org.opensaml.xacml.ctx.RequestType; -import org.opensaml.xacml.ctx.ResourceType; - - -/** - * Some unit tests to create a XACML Request via the XACMLRequestBuilder interface. - */ -public class XACMLRequestBuilderTest extends org.junit.Assert { - - static { - org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(); - } - - @org.junit.Test - public void testXACMLRequestBuilder() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URI, resourceURL); - - XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - } - - - @org.junit.Test - public void testAction() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URI, resourceURL); - - DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - - String action = - request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue(); - assertEquals("execute", action); - - builder.setAction("write"); - request = builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - - action = - request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue(); - assertEquals("write", action); - } - - @org.junit.Test - public void testEnvironment() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URL, resourceURL); - - XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - assertFalse(request.getEnvironment().getAttributes().isEmpty()); - - ((DefaultXACMLRequestBuilder)builder).setSendDateTime(false); - request = builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - assertTrue(request.getEnvironment().getAttributes().isEmpty()); - } - - @org.junit.Test - public void testSOAPResource() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URL, resourceURL); - - XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - - List<ResourceType> resources = request.getResources(); - assertNotNull(resources); - assertEquals(1, resources.size()); - - ResourceType resource = resources.get(0); - assertEquals(4, resource.getAttributes().size()); - - boolean resourceIdSatisfied = false; - boolean soapServiceSatisfied = false; - boolean soapOperationSatisfied = false; - boolean resourceURISatisfied = false; - for (AttributeType attribute : resource.getAttributes()) { - String attributeValue = attribute.getAttributeValues().get(0).getValue(); - if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId()) - && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals( - attributeValue)) { - resourceIdSatisfied = true; - } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId()) - && service.equals(attributeValue)) { - soapServiceSatisfied = true; - } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId()) - && operation.equals(attributeValue)) { - soapOperationSatisfied = true; - } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId()) - && resourceURL.equals(attributeValue)) { - resourceURISatisfied = true; - } - } - - assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied - && resourceURISatisfied); - } - - @org.junit.Test - public void testSOAPResourceDifferentNamespace() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";; - MessageImpl msg = new MessageImpl(); - msg.put(Message.WSDL_OPERATION, QName.valueOf(operation)); - String service = "{http://www.example.org/contract/DoubleItService}DoubleItService";; - msg.put(Message.WSDL_SERVICE, QName.valueOf(service)); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URL, resourceURL); - - XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - - List<ResourceType> resources = request.getResources(); - assertNotNull(resources); - assertEquals(1, resources.size()); - - ResourceType resource = resources.get(0); - assertEquals(4, resource.getAttributes().size()); - - boolean resourceIdSatisfied = false; - boolean soapServiceSatisfied = false; - boolean soapOperationSatisfied = false; - boolean resourceURISatisfied = false; - String expectedResourceId = - service + "#" + operation; - for (AttributeType attribute : resource.getAttributes()) { - String attributeValue = attribute.getAttributeValues().get(0).getValue(); - if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId()) - && expectedResourceId.equals(attributeValue)) { - resourceIdSatisfied = true; - } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId()) - && service.equals(attributeValue)) { - soapServiceSatisfied = true; - } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId()) - && operation.equals(attributeValue)) { - soapOperationSatisfied = true; - } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId()) - && resourceURL.equals(attributeValue)) { - resourceURISatisfied = true; - } - } - - assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied - && resourceURISatisfied); - } - - @org.junit.Test - public void testRESTResource() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - MessageImpl msg = new MessageImpl(); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URL, resourceURL); - - XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - - List<ResourceType> resources = request.getResources(); - assertNotNull(resources); - assertEquals(1, resources.size()); - - ResourceType resource = resources.get(0); - assertEquals(1, resource.getAttributes().size()); - - for (AttributeType attribute : resource.getAttributes()) { - String attributeValue = attribute.getAttributeValues().get(0).getValue(); - assertEquals(attributeValue, resourceURL); - } - } - - @org.junit.Test - public void testRESTResourceTruncatedURI() throws Exception { - // Mock up a request - Principal principal = new Principal() { - public String getName() { - return "alice"; - } - }; - - MessageImpl msg = new MessageImpl(); - String resourceURL = "https://localhost:8080/doubleit";; - msg.put(Message.REQUEST_URL, resourceURL); - String resourceURI = "/doubleit"; - msg.put(Message.REQUEST_URI, resourceURI); - - XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder(); - ((DefaultXACMLRequestBuilder)builder).setSendFullRequestURL(false); - RequestType request = - builder.createRequest(principal, Collections.singletonList("manager"), msg); - assertNotNull(request); - - List<ResourceType> resources = request.getResources(); - assertNotNull(resources); - assertEquals(1, resources.size()); - - ResourceType resource = resources.get(0); - assertEquals(1, resource.getAttributes().size()); - - for (AttributeType attribute : resource.getAttributes()) { - String attributeValue = attribute.getAttributeValues().get(0).getValue(); - assertEquals(attributeValue, resourceURI); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/ws/security/pom.xml ---------------------------------------------------------------------- diff --git a/rt/ws/security/pom.xml b/rt/ws/security/pom.xml index ed2ab38..e1f2b9c 100644 --- a/rt/ws/security/pom.xml +++ b/rt/ws/security/pom.xml @@ -49,7 +49,7 @@ </dependency> <dependency> <groupId>org.apache.cxf</groupId> - <artifactId>cxf-rt-security</artifactId> + <artifactId>cxf-rt-security-saml</artifactId> <version>${project.version}</version> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java index 5ea8ec8..061febd 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AuthPolicyValidatingInterceptor.java @@ -24,7 +24,6 @@ import java.util.Set; import java.util.logging.Logger; import org.w3c.dom.Document; - import org.apache.cxf.common.i18n.BundleUtils; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.configuration.security.AuthorizationPolicy; @@ -34,8 +33,8 @@ import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.saml.SAMLSecurityContext; -import org.apache.cxf.rt.security.saml.SAMLUtils; +import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java index ec4e816..0410e49 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java @@ -40,7 +40,6 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; - import org.w3c.dom.Document; import org.apache.cxf.Bus; import org.apache.cxf.BusException; @@ -54,7 +53,7 @@ import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.saml.SAMLUtils; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore; import org.apache.cxf.ws.security.tokenstore.TokenStore; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java index 12d8299..9f7d7b1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java @@ -33,8 +33,8 @@ import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.saml.SAMLSecurityContext; -import org.apache.cxf.rt.security.saml.SAMLUtils; +import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.ext.WSSecurityException; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index e7eb8e1..345e237 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -39,8 +39,8 @@ import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.saml.SAMLSecurityContext; -import org.apache.cxf.rt.security.saml.SAMLUtils; +import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.policy.AssertionInfo; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index af43f97..111c93f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -45,7 +45,6 @@ import javax.xml.transform.dom.DOMSource; import org.w3c.dom.Element; import org.w3c.dom.Node; - import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.SoapVersion; @@ -61,8 +60,8 @@ import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.Phase; import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.saml.SAMLSecurityContext; -import org.apache.cxf.rt.security.saml.SAMLUtils; +import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.security.transport.TLSSessionInfo; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java index b76cce9..21a94f9 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/DefaultSAMLRoleParser.java @@ -24,8 +24,8 @@ import java.util.Set; import javax.security.auth.Subject; import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.rt.security.saml.SAMLSecurityContext; -import org.apache.cxf.rt.security.saml.SAMLUtils; +import org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.wss4j.common.saml.SamlAssertionWrapper; /** http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java index 4e22422..cd5d734 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java @@ -31,7 +31,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; -import org.apache.cxf.rt.security.claims.SAMLClaim; +import org.apache.cxf.rt.security.saml.claims.SAMLClaim; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.ActionBean; import org.apache.wss4j.common.saml.bean.AttributeBean; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java index 9e35949..2d03211 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java @@ -31,7 +31,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; -import org.apache.cxf.rt.security.claims.SAMLClaim; +import org.apache.cxf.rt.security.saml.claims.SAMLClaim; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.ext.WSSecurityException; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java index 2cc75f2..d178cb7 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java @@ -34,7 +34,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.common.CryptoLoader; import org.apache.cxf.rs.security.common.SecurityUtils; -import org.apache.cxf.rt.security.claims.SAMLClaim; +import org.apache.cxf.rt.security.saml.claims.SAMLClaim; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.saml.SAMLCallback; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java index 4e27b22..d149db1 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/PolicyDecisionPointMockImpl.java @@ -31,8 +31,8 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.rt.security.xacml.XACMLConstants; -import org.apache.cxf.rt.security.xacml.pdp.api.PolicyDecisionPoint; +import org.apache.cxf.rt.security.saml.xacml.XACMLConstants; +import org.apache.cxf.rt.security.saml.xacml.pdp.api.PolicyDecisionPoint; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.OpenSAMLUtil; import org.opensaml.core.xml.XMLObjectBuilderFactory; http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml index 14a803a..3b74a14 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml @@ -230,7 +230,7 @@ </jaxws:features> </jaxws:endpoint> <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" /> - <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor"> + <bean class="org.apache.cxf.rt.security.saml.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor"> <constructor-arg ref="MockPDP"/> </bean> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2PEP"; serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl"> http://git-wip-us.apache.org/repos/asf/cxf/blob/c04c2720/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml index ce0eb3f..7dd9388 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml @@ -253,7 +253,7 @@ </jaxws:features> </jaxws:endpoint> <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" /> - <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor"> + <bean class="org.apache.cxf.rt.security.saml.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor"> <constructor-arg ref="MockPDP"/> </bean> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2PEP"; serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
