Author: veithen
Date: Sat Dec 26 10:21:04 2015
New Revision: 1721721
URL: http://svn.apache.org/viewvc?rev=1721721&view=rev
Log:
RAMPART-381: Fix policy sample 05. Based on a patch provided by Suresh
Attanayake.
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
axis/axis2/java/rampart/trunk/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1721721&r1=1721720&r2=1721721&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Sat Dec 26 10:21:04 2015
@@ -338,8 +338,12 @@ public class PolicyBasedResultsValidator
} else if (token instanceof IssuedToken) {
- //TODO is is enough to check for ST_UNSIGNED results ??
- WSSecurityEngineResult samlResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ WSSecurityEngineResult samlResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ST_SIGNED);
+ // Then check for unsigned saml tokens
+ if (samlResult == null) {
+ log.debug("No signed SAMLToken found. Looking for unsigned
SAMLTokens");
+ samlResult = WSSecurityUtil.fetchActionResult(results,
WSConstants.ST_UNSIGNED);
+ }
if (samlResult == null) {
throw new RampartException("samlTokenMissing");
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java?rev=1721721&r1=1721720&r2=1721721&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
Sat Dec 26 10:21:04 2015
@@ -40,8 +40,8 @@ public class SampleTest extends TestCase
suite.addTest(new SampleTest("policy", "02"));
suite.addTest(new SampleTest("policy", "03"));
suite.addTest(new SampleTest("policy", "04"));
+ suite.addTest(new SampleTest("policy", "05"));
// TODO: these are failing
-// suite.addTest(new SampleTest("policy", "05"));
// suite.addTest(new SampleTest("policy", "06"));
// suite.addTest(new SampleTest("policy", "07"));
suite.addTest(new SampleTest("policy", "08"));
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java?rev=1721721&r1=1721720&r2=1721721&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
Sat Dec 26 10:21:04 2015
@@ -1,5 +1,6 @@
package org.apache.rahas.impl.util;
+import org.apache.axiom.util.UIDGenerator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
@@ -25,8 +26,6 @@ import org.opensaml.xml.schema.impl.XSSt
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.*;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -436,7 +435,8 @@ public class SAMLUtils {
assertion.setIssuer(issuerName);
assertion.setConditions(SAMLUtils.createConditions(notBefore,
notOnOrAfter));
assertion.getStatements().addAll(statements);
-
+ assertion.setID(UIDGenerator.generateUID());
+ assertion.setIssueInstant(new DateTime());
return assertion;
}
@@ -565,7 +565,7 @@ public class SAMLUtils {
// Encoding type set to
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0
// #Base64Binary
keyIdentifier.setEncodingType(KeyIdentifier.ENCODING_TYPE_BASE64_BINARY);
- keyIdentifier.setValueType(WSSecurityConstants.THUMB_PRINT_SHA1);
+
keyIdentifier.setValueType(WSSecurityConstants.WS_SECURITY11_NS+"#ThumbprintSHA1");
keyIdentifier.setValue(getThumbprintSha1(certificate));
securityTokenReference.getUnknownXMLObjects().add(keyIdentifier);
