Author: thilinamb
Date: Thu Feb 24 05:05:59 2011
New Revision: 1074044
URL: http://svn.apache.org/viewvc?rev=1074044&view=rev
Log:
Fixing RAMPART-317 : Fixing an error when handling SAML tokens with bearer
subject confirmation.
Modified:
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
Modified:
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1074044&r1=1074043&r2=1074044&view=diff
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
(original)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
Thu Feb 24 05:05:59 2011
@@ -30,8 +30,10 @@ import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.util.SAML2KeyInfo;
import org.apache.rahas.impl.util.SAML2Utils;
import org.apache.rampart.policy.RampartPolicyData;
@@ -188,8 +190,15 @@ public class RampartEngine {
// If this is a SAML2.0 assertion
if (wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION)
instanceof Assertion) {
+ final Assertion assertion = (Assertion) wser.get(
+ WSSecurityEngineResult.TAG_SAML_ASSERTION);
+
+ // if the subject confirmation method is Bearer, do not
try to get the KeyInfo
+
if(TrustUtil.getSAML2SubjectConfirmationMethod(assertion).equals(
+
RahasConstants.SAML20_SUBJECT_CONFIRMATION_BEARER)){
+ break;
+ }
- final Assertion assertion = (Assertion)
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
String id = assertion.getID();
Subject subject = assertion.getSubject();
@@ -236,10 +245,15 @@ public class RampartEngine {
}
//if this is a SAML1.1 assertion
else {
- final SAMLAssertion assertion =
+ final SAMLAssertion assertion = ((SAMLAssertion) wser.get(
+ WSSecurityEngineResult.TAG_SAML_ASSERTION));
+
+ // if the subject confirmation method is Bearer, do not
try to get the KeyInfo
+
if(RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER.equals(
+
TrustUtil.getSAML11SubjectConfirmationMethod(assertion))){
+ break;
+ }
- ((SAMLAssertion) wser
-
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
String id = assertion.getId();
Date created = assertion.getNotBefore();
Date expires = assertion.getNotOnOrAfter();
Modified:
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java?rev=1074044&r1=1074043&r2=1074044&view=diff
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
(original)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
Thu Feb 24 05:05:59 2011
@@ -132,4 +132,13 @@ public class RahasConstants {
//Constants required for SAML2 assertion generation
public final static String X509_CERT ="X509Certificate";
public final static String USERNAME = "username";
+
+ //Constants required for SubjectConfirmation methods
+ public static final String SAML11_SUBJECT_CONFIRMATION_HOK =
"urn:oasis:names:tc:SAML:1.0:cm:" +
+ "holder-of-key";
+ public static final String SAML11_SUBJECT_CONFIRMATION_BEARER =
"urn:oasis:names:tc:SAML:1.0:cm:bearer";
+
+ public static final String SAML20_SUBJECT_CONFIRMATION_HOK =
"urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
+
+ public static final String SAML20_SUBJECT_CONFIRMATION_BEARER =
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
}
Modified:
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java?rev=1074044&r1=1074043&r2=1074044&view=diff
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
(original)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
Thu Feb 24 05:05:59 2011
@@ -31,6 +31,10 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLSubjectStatement;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.SubjectConfirmation;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -39,6 +43,7 @@ import javax.xml.namespace.QName;
import java.security.SecureRandom;
import java.text.DateFormat;
import java.util.Date;
+import java.util.List;
import java.util.Properties;
import java.util.Iterator;
@@ -612,6 +617,38 @@ public class TrustUtil {
.getAttributeValue().trim());
return properties;
}
-
+
+ /**
+ * Get subject confirmation method of the given SAML 1.1 Assertion
+ * @param assertion SAML 1.1 Assertion
+ * @return subject confirmation method
+ */
+ public static String getSAML11SubjectConfirmationMethod(SAMLAssertion
assertion){
+ String subjectConfirmationMethod =
RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK;
+ // iterate the statements and get the subject confirmation method.
+ Iterator statements = assertion.getStatements();
+ if(statements.hasNext()){
+ SAMLSubjectStatement stmt =
(SAMLSubjectStatement)statements.next();
+ Iterator subjectConfirmations =
stmt.getSubject().getConfirmationMethods();
+ if(subjectConfirmations.hasNext()){
+ subjectConfirmationMethod =
(String)subjectConfirmations.next();
+ }
+ }
+ return subjectConfirmationMethod;
+ }
+
+ /**
+ * Get the subject confirmation method of a SAML 2.0 assertion
+ * @param assertion SAML 2.0 assertion
+ * @return Subject Confirmation method
+ */
+ public static String getSAML2SubjectConfirmationMethod(Assertion
assertion){
+ String subjectConfirmationMethod =
RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK;
+ List<SubjectConfirmation> subjectConfirmations =
assertion.getSubject().getSubjectConfirmations();
+ if(subjectConfirmations.size() > 0){
+ subjectConfirmationMethod =
subjectConfirmations.get(0).getMethod();
+ }
+ return subjectConfirmationMethod;
+ }
}
