Repository: cxf Updated Branches: refs/heads/master 95e8711bd -> 4800bc8de
[CXF-6521] Updating RS SAML Interceptors to get STS SAML token if available Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4800bc8d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4800bc8d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4800bc8d Branch: refs/heads/master Commit: 4800bc8de7d7626fab25d8ab775e3da1ecec5007 Parents: 95e8711 Author: Sergey Beryozkin <[email protected]> Authored: Wed Aug 5 16:47:51 2015 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Aug 5 16:47:51 2015 +0100 ---------------------------------------------------------------------- .../org/apache/cxf/rs/security/saml/SAMLConstants.java | 1 + .../org/apache/cxf/rs/security/saml/SAMLUtils.java | 13 +++++++++++++ .../cxf/rs/security/saml/SamlFormOutInterceptor.java | 10 ++-------- .../cxf/rs/security/saml/SamlHeaderOutInterceptor.java | 10 ++-------- .../org/apache/cxf/ws/security/SecurityConstants.java | 1 + .../cxf/ws/security/trust/STSTokenRetriever.java | 2 ++ 6 files changed, 21 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java index d69b004..75458c3 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLConstants.java @@ -29,6 +29,7 @@ public final class SAMLConstants { * SamlHeaderOutInterceptor will use this token instead of creating a new SAML Token. */ public static final String SAML_TOKEN_ELEMENT = "rs-security.saml.token.element"; + public static final String WS_SAML_TOKEN_ELEMENT = "ws-security.token.element"; private SAMLConstants() { // complete http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java index f4ebcb0..1471191 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java @@ -24,10 +24,13 @@ import java.util.logging.Logger; import javax.security.auth.callback.CallbackHandler; +import org.w3c.dom.Element; + import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.common.CryptoLoader; import org.apache.cxf.rs.security.common.RSSecurityUtils; import org.apache.cxf.rs.security.saml.assertion.Subject; @@ -64,6 +67,16 @@ public final class SAMLUtils { public static SamlAssertionWrapper createAssertion(Message message) throws Fault { try { + // Check if the token is already available in the current context; + // For example, STS Client can set it up. + Element samlToken = + (Element)MessageUtils.getContextualProperty(message, + SAMLConstants.WS_SAML_TOKEN_ELEMENT, + SAMLConstants.SAML_TOKEN_ELEMENT); + if (samlToken != null) { + return new SamlAssertionWrapper(samlToken); + } + // Finally try to get a self-signed assertion CallbackHandler handler = RSSecurityUtils.getCallbackHandler( message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER); return createAssertion(message, handler); http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java index 62756a9..757003e 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java @@ -28,6 +28,7 @@ import javax.ws.rs.core.MultivaluedMap; import org.w3c.dom.Document; import org.w3c.dom.Element; + import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.Fault; @@ -48,14 +49,7 @@ public class SamlFormOutInterceptor extends AbstractSamlOutInterceptor { } try { - Element samlToken = - (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT); - SamlAssertionWrapper assertionWrapper; - if (samlToken != null) { - assertionWrapper = new SamlAssertionWrapper(samlToken); - } else { - assertionWrapper = createAssertion(message); - } + SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(message); Document doc = DOMUtils.newDocument(); Element assertionElement = assertionWrapper.toDOM(doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java index 29f3b7c..c1e840c 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java @@ -28,6 +28,7 @@ import java.util.logging.Logger; import org.w3c.dom.Document; import org.w3c.dom.Element; + import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; @@ -42,14 +43,7 @@ public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor { public void handleMessage(Message message) throws Fault { try { - Element samlToken = - (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT); - SamlAssertionWrapper assertionWrapper; - if (samlToken != null) { - assertionWrapper = new SamlAssertionWrapper(samlToken); - } else { - assertionWrapper = createAssertion(message); - } + SamlAssertionWrapper assertionWrapper = createAssertion(message); Document doc = DOMUtils.newDocument(); Element assertionElement = assertionWrapper.toDOM(doc); http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index 28702ad..96e1dc2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -496,6 +496,7 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security public static final String TOKEN = "ws-security.token"; public static final String TOKEN_ID = "ws-security.token.id"; + public static final String TOKEN_ELEMENT = "ws-security.token.element"; public static final Set<String> ALL_PROPERTIES; http://git-wip-us.apache.org/repos/asf/cxf/blob/4800bc8d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java index 5c9c578..c9e5dc0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java @@ -69,12 +69,14 @@ public final class STSTokenRetriever { if (cacheIssuedToken) { message.getExchange().getEndpoint().put(SecurityConstants.TOKEN, tok); message.getExchange().put(SecurityConstants.TOKEN, tok); + message.put(SecurityConstants.TOKEN_ELEMENT, tok.getToken()); message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId()); message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, tok.getId()); } else { message.put(SecurityConstants.TOKEN, tok); message.put(SecurityConstants.TOKEN_ID, tok.getId()); + message.put(SecurityConstants.TOKEN_ELEMENT, tok.getToken()); } // ? TokenStoreUtils.getTokenStore(message).add(tok);
