ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1332245 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/WSSConfig.java main/java/org/apache/ws/security/validate/SamlAssertionValidator.java test/java/org/apache/ws/security/saml/SamlConditionsTest.java
Date Mon, 30 Apr 2012 15:36:22 GMT
Author: coheigea
Date: Mon Apr 30 15:36:22 2012
New Revision: 1332245

URL: http://svn.apache.org/viewvc?rev=1332245&view=rev
Log:
[WSS-387] - Support future TTL setting when processing SAML Tokens

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlConditionsTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java?rev=1332245&r1=1332244&r2=1332245&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSConfig.java Mon Apr 30
15:36:22 2012
@@ -557,8 +557,7 @@ public class WSSConfig {
     }
 
     /**
-     * @param timeStampTTL
-     *            The new value for timeStampTTL
+     * @param timeStampTTL The new value for timeStampTTL
      */
     public void setTimeStampTTL(int timeStampTTL) {
         this.timeStampTTL = timeStampTTL;
@@ -572,7 +571,7 @@ public class WSSConfig {
     }
 
     /**
-     * @param timeStampFutureTTL he new value for timeStampFutureTTL
+     * @param timeStampFutureTTL the new value for timeStampFutureTTL
      */
     public void setTimeStampFutureTTL(int timeStampFutureTTL) {
         this.timeStampFutureTTL = timeStampFutureTTL;

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java?rev=1332245&r1=1332244&r2=1332245&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
Mon Apr 30 15:36:22 2012
@@ -44,6 +44,20 @@ public class SamlAssertionValidator exte
         org.apache.commons.logging.LogFactory.getLog(SamlAssertionValidator.class);
     
     /**
+     * The time in seconds in the future within which the NotBefore time of an incoming 
+     * Assertion is valid. The default is 60 seconds.
+     */
+    private int futureTTL = 60;
+    
+    /**
+     * Set the time in seconds in the future within which the NotBefore time of an incoming

+     * Assertion is valid. The default is 60 seconds.
+     */
+    public void setFutureTTL(int newFutureTTL) {
+        futureTTL = newFutureTTL;
+    }
+    
+    /**
      * Validate the credential argument. It must contain a non-null AssertionWrapper. 
      * A Crypto and a CallbackHandler implementation is also required to be set.
      * 
@@ -123,9 +137,13 @@ public class SamlAssertionValidator exte
             validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
         }
         
-        if (validFrom != null && validFrom.isAfterNow()) {
-            LOG.debug("SAML Token condition (Not Before) not met");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        if (validFrom != null) {
+            DateTime currentTime = new DateTime();
+            currentTime = currentTime.plusSeconds(futureTTL);
+            if (validFrom.isAfter(currentTime)) {
+                LOG.debug("SAML Token condition (Not Before) not met");
+                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            }
         }
 
         if (validTill != null && validTill.isBeforeNow()) {

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlConditionsTest.java?rev=1332245&r1=1332244&r2=1332245&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlConditionsTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlConditionsTest.java
Mon Apr 30 15:36:22 2012
@@ -186,6 +186,44 @@ public class SamlConditionsTest extends 
     }
     
     /**
+     * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+     * with a Conditions statement that has a NotBefore "in the future".
+     */
+    @org.junit.Test
+    public void testSAML2FutureTTLConditions() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        ConditionsBean conditions = new ConditionsBean();
+        DateTime notBefore = new DateTime();
+        conditions.setNotBefore(notBefore.plusSeconds(30));
+        conditions.setNotAfter(notBefore.plusMinutes(5));
+        callbackHandler.setConditions(conditions);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+            LOG.debug(outputString);
+        }
+        
+        verify(unsignedDoc);
+    }
+    
+    /**
      * Verifies the soap envelope
      * <p/>
      * 



Mime
View raw message