[jboss-cvs] Picketlink SVN: r905 - in trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws: jaas and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Sat Apr 23 00:38:10 EDT 2011 

Author: anil.saldhana at jboss.com
Date: 2011-04-23 00:38:10 -0400 (Sat, 23 Apr 2011)
New Revision: 905

Added:
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java
Log:
a subclass of the PicketLink STSIssuingLoginModule that allows us to inject JBWS client handlers

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.java	2011-04-23 04:38:10 UTC (rev 905)
@@ -0,0 +1,102 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.jaas;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.transform.Source;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.handler.Handler;
+
+import org.picketlink.identity.federation.core.wstrust.STSClient;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
+import org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
+import org.picketlink.trust.jbossws.handler.BinaryTokenHandler;
+import org.picketlink.trust.jbossws.handler.SAML2Handler;
+
+/**
+ * A subclass of {@link STSIssuingLoginModule} that adds in JBoss WS specific
+ * details
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 22, 2011
+ */
+public class JBWSTokenIssuingLoginModule extends STSIssuingLoginModule
+{ 
+   @Override
+   protected STSClient createWSTrustClient(STSClientConfig config)
+   { 
+      return new JBWSTokenClient(config);
+   } 
+   
+   public class JBWSTokenClient extends STSClient
+   { 
+      public JBWSTokenClient()
+      {
+         super(); 
+      }
+
+      public JBWSTokenClient(STSClientConfig config)
+      {
+         super(config);  
+      }
+      
+      @SuppressWarnings("rawtypes")
+      public JBWSTokenClient(STSClientConfig config, Map<String,?> options)
+      {
+         super(config); 
+         
+         //Get pre-constructed Dispatch from super
+         Dispatch<Source> dispatch = super.getDispatch();
+
+         BindingProvider bp =  (BindingProvider) dispatch.getBinding();
+         List<Handler> handlers = bp.getBinding().getHandlerChain();
+         
+         String handlerStr = (String) options.get("handlerChain");
+         
+         //Lets utilize the login module options
+         if( handlerStr != null && handlerStr.contains("binary"))
+         {
+            BinaryTokenHandler binaryTokenHandler = new BinaryTokenHandler();
+            
+            handlers.add(binaryTokenHandler);
+         }
+         else if( handlerStr != null && handlerStr.contains("saml2"))
+         {
+            SAML2Handler samlHandler = new SAML2Handler();
+            handlers.add(samlHandler);
+         }
+
+         bp.getBinding().setHandlerChain(handlers);
+         
+         //Check if we have security domain factory installed
+         String secDomainFactory = SecurityActions.getSystemProperty("org.jboss.security.ssl.server.domain.name", null);
+         if(secDomainFactory != null )
+         {
+            //StubExt.PROPERTY_SOCKET_FACTORY
+            bp.getRequestContext().put( "org.jboss.ws.socketFactory", 
+                  "org.jboss.security.ssl.JaasSecurityDomainServerSocketFactory");
+         }
+      }
+   }
+}
\ No newline at end of file

Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java	                        (rev 0)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SecurityActions.java	2011-04-23 04:38:10 UTC (rev 905)
@@ -0,0 +1,141 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.jaas;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged actions.
+ * 
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @author Anil Saldhana
+ * @version $Revision: 1 $
+ */
+class SecurityActions
+{ 
+   static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject subject)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+      {
+         public SecurityContext run()
+         {
+            SecurityContext sc = null;
+            try
+            {
+               sc = SecurityContextFactory.createSecurityContext(p, cred, subject, "SAML2_HANDLER");
+            }
+            catch (Exception e)
+            {
+               throw new RuntimeException(e);
+            }
+            return sc;
+         }
+      });
+   }
+
+   static void setSecurityContext(final SecurityContext sc)
+   {
+      AccessController.doPrivileged(new PrivilegedAction<Object>()
+      {
+         public Object run()
+         {
+            SecurityContextAssociation.setSecurityContext(sc);
+            return null;
+         }
+      });
+   }
+   
+   static SecurityContext getSecurityContext()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+      {
+         public SecurityContext run()
+         {
+            return SecurityContextAssociation.getSecurityContext();
+         }
+      });
+   }
+   /**
+    * Get the {@link Subject} from the {@link SecurityContextAssociation}
+    * @return authenticated subject or null
+    */
+   static Subject getAuthenticatedSubject()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+      { 
+         public Subject run()
+         {
+            SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+            if( sc != null )
+               return sc.getUtil().getSubject();
+            return null;
+         }
+      });
+   }
+   
+   /**
+    * Get a system property
+    * @param key the property name
+    * @param defaultValue default value in absence of property
+    * @return
+    */
+   static String getSystemProperty( final String key, final String defaultValue)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<String>()
+      { 
+         public String run()
+         {
+            return System.getProperty(key, defaultValue);
+         }
+      });
+   }
+   
+   static ClassLoader getClassLoader( final Class<?> clazz)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+      { 
+         public ClassLoader run()
+         {
+            return clazz.getClassLoader();
+         }
+      });
+   }
+   
+   static ClassLoader getContextClassLoader()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+      { 
+         public ClassLoader run()
+         {
+            return Thread.currentThread().getContextClassLoader();
+         }
+      });
+   }
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list