Add a new SubjectProviderParameters interface to make it easier to pass more parameters through to the SubjectProviders
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f97ef837 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f97ef837 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f97ef837 Branch: refs/heads/master Commit: f97ef83725ba3f54083efe99a7dd97bab6e44dec Parents: 3348a29 Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Jun 3 15:19:59 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Jun 3 15:19:59 2015 +0100 ---------------------------------------------------------------------- .../token/provider/DefaultSubjectProvider.java | 27 +++--- .../sts/token/provider/SAMLTokenProvider.java | 10 ++- .../cxf/sts/token/provider/SubjectProvider.java | 3 +- .../provider/SubjectProviderParameters.java | 88 ++++++++++++++++++++ .../token/provider/CustomSubjectProvider.java | 5 +- .../sts/secure_conv/SCTSAMLTokenProvider.java | 11 ++- 6 files changed, 124 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f97ef837/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java index 4aa6253..2d5540f 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java @@ -84,21 +84,20 @@ public class DefaultSubjectProvider implements SubjectProvider { /** * Get a SubjectBean object. */ - public SubjectBean getSubject( - TokenProviderParameters providerParameters, Document doc, byte[] secret - ) { + public SubjectBean getSubject(SubjectProviderParameters subjectProviderParameters) { + // 1. Get the principal - Principal principal = getPrincipal(providerParameters); + Principal principal = getPrincipal(subjectProviderParameters); if (principal == null) { LOG.fine("Error in getting principal"); throw new STSException("Error in getting principal", STSException.REQUEST_FAILED); } // 2. Create the SubjectBean using the principal - SubjectBean subjectBean = createSubjectBean(principal, providerParameters); + SubjectBean subjectBean = createSubjectBean(principal, subjectProviderParameters); // 3. Create the KeyInfoBean and set it on the SubjectBean - KeyInfoBean keyInfo = createKeyInfo(providerParameters, doc, secret); + KeyInfoBean keyInfo = createKeyInfo(subjectProviderParameters); subjectBean.setKeyInfo(keyInfo); return subjectBean; @@ -112,7 +111,9 @@ public class DefaultSubjectProvider implements SubjectProvider { * - The principal associated with the request. We don't need to check to see if it is "valid" here, as it * is not parsed by the STS (but rather the WS-Security layer). */ - protected Principal getPrincipal(TokenProviderParameters providerParameters) { + protected Principal getPrincipal(SubjectProviderParameters subjectProviderParameters) { + TokenProviderParameters providerParameters = subjectProviderParameters.getProviderParameters(); + Principal principal = null; //TokenValidator in IssueOperation has validated the ReceivedToken //if validation was successful, the principal was set in ReceivedToken @@ -141,7 +142,10 @@ public class DefaultSubjectProvider implements SubjectProvider { /** * Create the SubjectBean using the specified principal. */ - protected SubjectBean createSubjectBean(Principal principal, TokenProviderParameters providerParameters) { + protected SubjectBean createSubjectBean( + Principal principal, SubjectProviderParameters subjectProviderParameters + ) { + TokenProviderParameters providerParameters = subjectProviderParameters.getProviderParameters(); TokenRequirements tokenRequirements = providerParameters.getTokenRequirements(); KeyRequirements keyRequirements = providerParameters.getKeyRequirements(); @@ -199,9 +203,8 @@ public class DefaultSubjectProvider implements SubjectProvider { /** * Create and return the KeyInfoBean to be inserted into the SubjectBean */ - protected KeyInfoBean createKeyInfo( - TokenProviderParameters providerParameters, Document doc, byte[] secret - ) { + protected KeyInfoBean createKeyInfo(SubjectProviderParameters subjectProviderParameters) { + TokenProviderParameters providerParameters = subjectProviderParameters.getProviderParameters(); KeyRequirements keyRequirements = providerParameters.getKeyRequirements(); STSPropertiesMBean stsProperties = providerParameters.getStsProperties(); @@ -241,6 +244,8 @@ public class DefaultSubjectProvider implements SubjectProvider { if ((certs == null) || (certs.length == 0)) { throw new STSException("Encryption certificate is not found for alias: " + encryptionName); } + Document doc = subjectProviderParameters.getDoc(); + byte[] secret = subjectProviderParameters.getSecret(); KeyInfoBean keyInfo = createEncryptedKeyKeyInfo(certs[0], secret, doc, encryptionProperties, crypto); return keyInfo; http://git-wip-us.apache.org/repos/asf/cxf/blob/f97ef837/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java index 388f3a7..feac5bd 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java @@ -383,7 +383,15 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke } // Get the Subject and Conditions - SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret); + SubjectProviderParameters subjectProviderParameters = new SubjectProviderParameters(); + subjectProviderParameters.setProviderParameters(tokenParameters); + subjectProviderParameters.setDoc(doc); + subjectProviderParameters.setSecret(secret); + subjectProviderParameters.setAttrBeanList(attrBeanList); + subjectProviderParameters.setAuthBeanList(authBeanList); + subjectProviderParameters.setAuthDecisionBeanList(authDecisionBeanList); + SubjectBean subjectBean = subjectProvider.getSubject(subjectProviderParameters); + ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters); // Set all of the beans on the SamlCallbackHandler http://git-wip-us.apache.org/repos/asf/cxf/blob/f97ef837/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java index 70801ef..9715119 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java @@ -18,7 +18,6 @@ */ package org.apache.cxf.sts.token.provider; -import org.w3c.dom.Document; import org.apache.wss4j.common.saml.bean.SubjectBean; /** @@ -30,6 +29,6 @@ public interface SubjectProvider { /** * Get a SubjectBean object. */ - SubjectBean getSubject(TokenProviderParameters providerParameters, Document doc, byte[] secret); + SubjectBean getSubject(SubjectProviderParameters subjectProviderParameters); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f97ef837/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProviderParameters.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProviderParameters.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProviderParameters.java new file mode 100644 index 0000000..d0476a0 --- /dev/null +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProviderParameters.java @@ -0,0 +1,88 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.sts.token.provider; + +import java.util.List; +import org.w3c.dom.Document; + +import org.apache.wss4j.common.saml.bean.AttributeStatementBean; +import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean; +import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean; + +/** + * The parameters that are passed through to a SubjectProvider implementation to create a Subject(Bean). + */ +public class SubjectProviderParameters { + + private TokenProviderParameters providerParameters; + private Document doc; + private byte[] secret; + private List<AttributeStatementBean> attrBeanList; + private List<AuthenticationStatementBean> authBeanList; + private List<AuthDecisionStatementBean> authDecisionBeanList; + + public TokenProviderParameters getProviderParameters() { + return providerParameters; + } + + public void setProviderParameters(TokenProviderParameters providerParameters) { + this.providerParameters = providerParameters; + } + + public Document getDoc() { + return doc; + } + + public void setDoc(Document doc) { + this.doc = doc; + } + + public byte[] getSecret() { + return secret; + } + + public void setSecret(byte[] secret) { + this.secret = secret; + } + + public List<AttributeStatementBean> getAttrBeanList() { + return attrBeanList; + } + + public void setAttrBeanList(List<AttributeStatementBean> attrBeanList) { + this.attrBeanList = attrBeanList; + } + + public List<AuthenticationStatementBean> getAuthBeanList() { + return authBeanList; + } + + public void setAuthBeanList(List<AuthenticationStatementBean> authBeanList) { + this.authBeanList = authBeanList; + } + + public List<AuthDecisionStatementBean> getAuthDecisionBeanList() { + return authDecisionBeanList; + } + + public void setAuthDecisionBeanList(List<AuthDecisionStatementBean> authDecisionBeanList) { + this.authDecisionBeanList = authDecisionBeanList; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/f97ef837/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomSubjectProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomSubjectProvider.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomSubjectProvider.java index ddbd844..bbd770c 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomSubjectProvider.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/CustomSubjectProvider.java @@ -20,8 +20,6 @@ package org.apache.cxf.sts.token.provider; import java.security.Principal; -import org.w3c.dom.Document; - import org.apache.cxf.sts.STSConstants; import org.apache.cxf.sts.request.KeyRequirements; import org.apache.cxf.sts.request.TokenRequirements; @@ -40,7 +38,8 @@ public class CustomSubjectProvider implements SubjectProvider { /** * Get a SubjectBean object. */ - public SubjectBean getSubject(TokenProviderParameters providerParameters, Document doc, byte[] secret) { + public SubjectBean getSubject(SubjectProviderParameters subjectProviderParameters) { + TokenProviderParameters providerParameters = subjectProviderParameters.getProviderParameters(); TokenRequirements tokenRequirements = providerParameters.getTokenRequirements(); KeyRequirements keyRequirements = providerParameters.getKeyRequirements(); http://git-wip-us.apache.org/repos/asf/cxf/blob/f97ef837/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java index 81f257e..b1e4abb 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java @@ -26,7 +26,6 @@ import java.util.logging.Logger; import org.w3c.dom.Document; import org.w3c.dom.Element; - import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.sts.STSConstants; @@ -40,6 +39,7 @@ import org.apache.cxf.sts.token.provider.DefaultConditionsProvider; import org.apache.cxf.sts.token.provider.DefaultSubjectProvider; import org.apache.cxf.sts.token.provider.SamlCallbackHandler; import org.apache.cxf.sts.token.provider.SubjectProvider; +import org.apache.cxf.sts.token.provider.SubjectProviderParameters; import org.apache.cxf.sts.token.provider.TokenProvider; import org.apache.cxf.sts.token.provider.TokenProviderParameters; import org.apache.cxf.sts.token.provider.TokenProviderResponse; @@ -53,7 +53,6 @@ import org.apache.wss4j.common.saml.bean.AttributeStatementBean; import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.SubjectBean; import org.apache.wss4j.dom.WSConstants; - import org.joda.time.DateTime; import org.opensaml.saml.common.SAMLVersion; @@ -250,7 +249,13 @@ public class SCTSAMLTokenProvider implements TokenProvider { } // Get the Subject and Conditions - SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret); + SubjectProviderParameters subjectProviderParameters = new SubjectProviderParameters(); + subjectProviderParameters.setProviderParameters(tokenParameters); + subjectProviderParameters.setDoc(doc); + subjectProviderParameters.setSecret(secret); + subjectProviderParameters.setAttrBeanList(attrBeanList); + SubjectBean subjectBean = subjectProvider.getSubject(subjectProviderParameters); + ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters); // Set all of the beans on the SamlCallbackHandler
