[jboss-cvs] Picketlink SVN: r859 - trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Apr 5 13:06:43 EDT 2011 

Author: anil.saldhana at jboss.com
Date: 2011-04-05 13:06:43 -0400 (Tue, 05 Apr 2011)
New Revision: 859

Modified:
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
PLFED-164: pick assertion from subject

Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java	2011-04-05 17:01:06 UTC (rev 858)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java	2011-04-05 17:06:43 UTC (rev 859)
@@ -35,6 +35,7 @@
 import org.jboss.security.SecurityContext;
 import org.jboss.wsf.common.handler.GenericSOAPHandler;
 import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
 import org.picketlink.identity.federation.core.wstrust.SamlCredential;
 import org.picketlink.trust.jbossws.Constants;
@@ -53,7 +54,7 @@
  * @author Anil Saldhana
  * @version $Revision: 1 $
  */
- at SuppressWarnings({"rawtypes", "restriction"})
+ at SuppressWarnings("rawtypes")
 public class SAML2Handler extends GenericSOAPHandler
 {
 
@@ -116,9 +117,15 @@
       SOAPMessageContext ctx = (SOAPMessageContext) msgContext;
       SOAPMessage soapMessage = ctx.getMessage();
       
-      // retrieve assertion
+      // retrieve assertion first from the message context
       Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
       
+      //Assertion can also be obtained from the JAAS subject
+      if( assertion == null)
+      {
+         assertion = getAssertionFromSubject();
+      }
+      
       // add wsse header
       Document document = soapMessage.getSOAPPart();
       Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
@@ -173,5 +180,38 @@
 		}
 		return username;
 	}
-   
-}
+	
+	private Element getAssertionFromSubject()
+	{
+	   Element assertion = null;
+	   Subject subject =  SecurityActions.getAuthenticatedSubject();
+
+       if(subject == null)
+       {
+          log.error("null subject, cannot extract SAML token required for WS-TRUST");
+          return assertion;
+       }
+
+       Set<Object> creds = subject.getPublicCredentials();
+       if( creds != null )
+       {
+          for( Object cred: creds)
+          {
+             if( cred instanceof SamlCredential)
+             {
+                SamlCredential samlCredential = (SamlCredential) cred;
+                try
+                {
+                   assertion = samlCredential.getAssertionAsElement();
+                }
+                catch (ProcessingException e)
+                {
+                   log.error("failed to process SAML credential", e);
+                }
+                break;
+             }
+          } 
+       }
+       return assertion;
+	} 
+}
\ No newline at end of file

Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java	2011-04-05 17:01:06 UTC (rev 858)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java	2011-04-05 17:06:43 UTC (rev 859)
@@ -35,14 +35,14 @@
  * Privileged actions.
  * 
  * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @author Anil Saldhana
  * @version $Revision: 1 $
  */
 class SecurityActions
-{
-
+{ 
    static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject subject)
    {
-      return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+      return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
       {
          public SecurityContext run()
          {
@@ -71,4 +71,21 @@
          }
       });
    }
-}
+   /**
+    * Get the {@link Subject} from the {@link SecurityContextAssociation}
+    * @return authenticated subject or null
+    */
+   static Subject getAuthenticatedSubject()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+      { 
+         public Subject run()
+         {
+            SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+            if( sc != null )
+               return sc.getUtil().getSubject();
+            return null;
+         }
+      });
+   }
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list