[jboss-cvs] Picketlink SVN: r325 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 1 17:29:14 EDT 2010
Author: sguilhen at redhat.com
Date: 2010-07-01 17:29:13 -0400 (Thu, 01 Jul 2010)
New Revision: 325
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
Log:
PLFED-84: Fixed issues detected by the new PicketLink STS integration tests.
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-30 22:42:29 UTC (rev 324)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-07-01 21:29:13 UTC (rev 325)
@@ -1,26 +1,23 @@
/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
*/
package org.picketlink.identity.federation.api.wstrust;
+import java.net.URI;
import java.security.Principal;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
@@ -28,7 +25,9 @@
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
import org.picketlink.identity.federation.core.wstrust.STSClientFactory;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.w3c.dom.Element;
/**
@@ -95,9 +94,8 @@
}
/**
- * This method will send a RequestSecurityToken with a RequestType of issue
- * and the passed-in tokenType identifies the type of token to be issued by
- * the STS.
+ * This method will send a RequestSecurityToken with a RequestType of issue and the passed-in tokenType identifies
+ * the type of token to be issued by the STS.
*
* @param tokenType - The type of token to be issued.
* @return Element - The Security Token element. Will be of the tokenType specified.
@@ -105,51 +103,104 @@
*/
public Element issueToken(String tokenType) throws WSTrustException
{
- return this.issueInternal(null, tokenType, null, 0);
+ if (tokenType == null)
+ throw new IllegalArgumentException("The token type cannot be null");
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(tokenType));
+ return this.issueInternal(request, 0);
}
/**
- * This method will send a RequestSecurityToken with a RequestType of issue
- * and the passed-in endpointURI identifies the ultimate recipient of the token.
+ * This method will send a RequestSecurityToken with a RequestType of issue and the passed-in endpointURI identifies
+ * the ultimate recipient of the token.
*
- * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for
- * the RequestSecurityToken which is an optional element so it may be null.
+ * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the
+ * RequestSecurityToken which is an optional element so it may be null.
* @return Element - The Security Token element. Will be of the tokenType configured for the endpointURI.
* @throws WSTrustException
*/
public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException
{
- return this.issueInternal(endpointURI, null, null, 0);
+ if (endpointURI == null)
+ throw new IllegalArgumentException("The endpoint URI cannot be null");
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setAppliesTo(WSTrustUtil.createAppliesTo(endpointURI));
+ return this.issueInternal(request, 0);
}
/**
- * Issues a Security Token from the STS. This methods has the option of
- * specifying both or one of endpointURI/tokenType but at least one must
- * specified.
+ * Issues a Security Token from the STS. This methods has the option of specifying both or one of
+ * endpointURI/tokenType but at least one must specified.
*
- * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for
- * the RequestSecurityToken which is an optional element so it may be null.
+ * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the
+ * RequestSecurityToken which is an optional element so it may be null.
* @param tokenType - The type of security token to be issued.
* @return Element - The Security Token Element issued.
- * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified.
* @throws WSTrustException
*/
public Element issueToken(String endpointURI, String tokenType) throws WSTrustException
{
- return this.issueInternal(endpointURI, tokenType, null, 0);
+ if (endpointURI == null && tokenType == null)
+ throw new IllegalArgumentException("Either the token type or endpoint URI must be specified");
+
+ RequestSecurityToken request = new RequestSecurityToken();
+ if (tokenType != null)
+ request.setTokenType(URI.create(tokenType));
+ if (endpointURI != null)
+ request.setAppliesTo(WSTrustUtil.createAppliesTo(endpointURI));
+ return this.issueInternal(request, 0);
}
+ /**
+ * <p>
+ * Issues a security token on behalf of the specified principal.
+ * </p>
+ *
+ * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the
+ * RequestSecurityToken which is an optional element so it may be null.
+ * @param tokenType - The type of security token to be issued.
+ * @param principal - The {@code Principal} on behalf of whom the token is to be issued.
+ * @return an {@code Element} representing the issued security token.
+ * @throws WSTrustException if a processing error occurs while issuing the security token.
+ */
public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal)
throws WSTrustException
{
- return this.issueInternal(endpointURI, tokenType, principal, 0);
+ if (endpointURI == null && tokenType == null)
+ throw new IllegalArgumentException("Either the token type or endpoint URI must be specified");
+ if (principal == null)
+ throw new IllegalArgumentException("The on-behalf-of principal cannot be null");
+
+ RequestSecurityToken request = new RequestSecurityToken();
+ if (tokenType != null)
+ request.setTokenType(URI.create(tokenType));
+ if (endpointURI != null)
+ request.setAppliesTo(WSTrustUtil.createAppliesTo(endpointURI));
+ request.setOnBehalfOf(WSTrustUtil.createOnBehalfOfWithUsername(principal.getName(), "ID"));
+ return this.issueInternal(request, 0);
}
/**
- * This method will send a RequestSecurityToken with a RequestType of renew
- * and the passed-in tokenType identifies the type of token to be renewed by
- * the STS.
+ * <p>
+ * Issues a security token using the specified {@code RequestSecurityToken} object.
+ * </p>
*
+ * @param request an instance of {@code RequestSecurityToken} that contains the WS-Trust request information.
+ * @return an {@code Element} representing the issued security token.
+ * @throws IllegalArgumentException if the specified request is null.
+ * @throws WSTrustException if a processing error occurs while issuing the token.
+ */
+ public Element issueToken(RequestSecurityToken request) throws WSTrustException
+ {
+ if (request == null)
+ throw new IllegalArgumentException("The specified request cannot be null");
+ return this.issueInternal(request, 0);
+ }
+
+ /**
+ * This method will send a RequestSecurityToken with a RequestType of renew and the passed-in tokenType identifies
+ * the type of token to be renewed by the STS.
+ *
* @param tokenType - The type of token to be renewed.
* @param token - The security token to be renewed.
* @return Element - The Security Token element. Will be of the tokenType specified.
@@ -160,8 +211,7 @@
}
/**
- * This method will send a RequestSecurityToken with a RequestType of validated by
- * the STS.
+ * This method will send a RequestSecurityToken with a RequestType of validated by the STS.
*
* @param token - The security token to be validated.
* @return true - If the security token was sucessfully valiated.
@@ -187,35 +237,31 @@
/**
* <p>
- * This method issues a token of the specified type for the specified service endpoint and has failover support when
- * more than one endpoint URI has been provided in the constructor. If a {@code ConnectException} occurs when sending
- * the WS-Trust request to one endpoint, the code makes a new attempt using the next URI until the request reaches an
- * STS instance or all URIs have been tried.
+ * This method issues a token using the specified request and has failover support when more than one endpoint URI
+ * has been provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to
+ * one endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all
+ * URIs have been tried.
* </p>
*
- * @param serviceEndpointURI a {@code String} representing the endpoint URI of the service that will be the ultimate
- * recipient of the security token.
- * @param tokenType a {@code String} representing the type of token to be issued.
- * @param principal the {@code Principal} on behalf of whom the token will be issued.
- * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform
- * the request.
+ * @param request a {@code RequestSecurityToken} instance that contains the WS-Trust request information.
+ * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to
+ * perform the request.
* @return an {@code Element} representing the security token that has been issued.
* @throws WSTrustException if a WS-Trust exception is thrown by the STS.
*/
- private Element issueInternal(String serviceEndpointURI, String tokenType, Principal principal, int clientIndex)
- throws WSTrustException
+ private Element issueInternal(RequestSecurityToken request, int clientIndex) throws WSTrustException
{
STSClient client = this.clients[clientIndex];
try
{
- return client.issueTokenOnBehalfOf(serviceEndpointURI, tokenType, principal);
+ return client.issueToken(request);
}
catch (RuntimeException e)
{
// if this was a connection refused exception and we still have clients to try, call the next client.
if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1)
{
- return this.issueInternal(serviceEndpointURI, tokenType, principal, ++clientIndex);
+ return this.issueInternal(request, ++clientIndex);
}
throw e;
}
@@ -230,8 +276,8 @@
*
* @param tokenType the type of the token being renewed.
* @param token an {@code Element} representing the security token being renewed.
- * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform
- * the request.
+ * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to
+ * perform the request.
* @return an {@code Element} representing the security token that has been renewed.
* @throws WSTrustException if a WS-Trust exception is thrown by the STS.
*/
@@ -255,14 +301,15 @@
/**
* <p>
- * This method validates the specified token and has failover support when more than one endpoint URI has been provided
- * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the
- * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried.
+ * This method validates the specified token and has failover support when more than one endpoint URI has been
+ * provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one
+ * endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all URIs
+ * have been tried.
* </p>
*
* @param token an {@code Element} representing the security token being validated.
- * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform
- * the request.
+ * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to
+ * perform the request.
* @return {@code true} if the token was considered valid; {@code false} otherwise.
* @throws WSTrustException if a WS-Trust exception is thrown by the STS.
*/
@@ -292,8 +339,8 @@
* </p>
*
* @param token an {@code Element} representing the security token being canceled.
- * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform
- * the request.
+ * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to
+ * perform the request.
* @return {@code true} if the token was canceled; {@code false} otherwise.
* @throws WSTrustException if a WS-Trust exception is thrown by the STS.
*/
@@ -317,7 +364,7 @@
/**
* <p>
- * Checks if the root of the specified {@code Throwable} is an instance of {@code java.net.ConnectException}.
+ * Checks if the root of the specified {@code Throwable} is an instance of {@code java.net.ConnectException}.
* </p>
*
* @param throwable the {@code Throwable} that will be inspected.
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-06-30 22:42:29 UTC (rev 324)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-07-01 21:29:13 UTC (rev 325)
@@ -154,7 +154,7 @@
}
catch (WSTrustException we)
{
- throw new WebServiceException("Exception in handling token request:", we);
+ throw new WebServiceException("Exception in handling token request: " + we.getMessage(), we);
}
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-30 22:42:29 UTC (rev 324)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-07-01 21:29:13 UTC (rev 325)
@@ -177,10 +177,12 @@
return request;
}
- private Element issueToken(RequestSecurityToken request) throws WSTrustException
+ public Element issueToken(RequestSecurityToken request) throws WSTrustException
{
- request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
- request.setContext("context");
+ if (request.getRequestType() == null)
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ if (request.getContext() == null)
+ request.setContext("default-context");
WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
Source response = dispatchLocal.get().invoke(requestSource);
@@ -192,10 +194,6 @@
Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode
.getOwnerDocument();
- Document myDocument = DocumentUtil.createDocument();
- Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
- myDocument.appendChild(importedNode);
-
nodes = null;
if (responseDoc instanceof SOAPPart)
{
@@ -243,16 +241,12 @@
DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
Source response = dispatchLocal.get().invoke(requestSource);
- Node documentNode = ((DOMSource) response).getNode();
- Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode
- .getOwnerDocument();
-
NodeList nodes;
try
{
- Document myDocument = DocumentUtil.createDocument();
- Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
- myDocument.appendChild(importedNode);
+ Node documentNode = DocumentUtil.getNodeFromSource(response);
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode
+ .getOwnerDocument();
nodes = null;
if (responseDoc instanceof SOAPPart)
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-06-30 22:42:29 UTC (rev 324)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-07-01 21:29:13 UTC (rev 325)
@@ -397,7 +397,7 @@
* the request).
* </p>
*
- * @throws Exception
+ * @throws Exception if an error occurs while running the test.
*/
public void testInvokeSAML20OnBehalfOf() throws Exception
{
@@ -483,8 +483,8 @@
@SuppressWarnings("unchecked")
public void testInvokeSAML20WithCombinedSymmetricKey() throws Exception
{
- // create a 128-bit random client secret.
- byte[] clientSecret = WSTrustUtil.createRandomSecret(16);
+ // create a 64-bit random client secret.
+ byte[] clientSecret = WSTrustUtil.createRandomSecret(8);
BinarySecretType clientBinarySecret = new BinarySecretType();
clientBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
clientBinarySecret.setValue(clientSecret);
@@ -856,7 +856,6 @@
}
catch (WebServiceException we)
{
- assertEquals("Unexpected exception message", "Exception in handling token request:", we.getMessage());
assertNotNull("Unexpected null cause", we.getCause());
assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
assertEquals("Unexpected exception message", "Unable to find a token provider for the token request", we
More information about the jboss-cvs-commits
mailing list