[jboss-cvs] Picketlink SVN: r1170 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp.

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2011-08-10 12:43:53 -0400 (Wed, 10 Aug 2011)
New Revision: 1170

Modified:
   federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
Log:
PLFED-220:

Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java	2011-08-10 16:42:40 UTC (rev 1169)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java	2011-08-10 16:43:53 UTC (rev 1170)
@@ -37,6 +37,8 @@
 import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
 import org.w3c.dom.Document;
 
 /**
@@ -51,26 +53,17 @@
 
    private final boolean trace = log.isTraceEnabled();
 
+   protected String idpAddress = null;
+
    /**
-    * Flag to indicate whether we want to sign the assertions
+    * If the request.getRemoteAddr is not exactly the IDP address that you have keyed
+    * in your deployment descriptor for keystore alias, you can set it here explicitly
     */
-   protected boolean signAssertions = false;
-
-   public SPPostSignatureFormAuthenticator()
+   public void setIdpAddress(String idpAddress)
    {
-      this.validateSignature = true;
+      this.idpAddress = idpAddress;
    }
 
-   public boolean isSignAssertions()
-   {
-      return signAssertions;
-   }
-
-   public void setSignAssertions(boolean signAssertions)
-   {
-      this.signAssertions = signAssertions;
-   }
-
    @Override
    public void start() throws LifecycleException
    {
@@ -95,6 +88,16 @@
          List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
          keyManager.setAuthProperties(authProperties);
          keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+
+         /**
+          * Since the user has explicitly configured the idp address, we need
+          * to add an option on the keymanager such that users of keymanager
+          * can choose the proper idp key for validation
+          */
+         if (StringUtil.isNotNull(idpAddress))
+         {
+            keyManager.addAdditionalOption(ServiceProviderBaseProcessor.IDP_KEY, this.idpAddress);
+         }
       }
       catch (Exception e)
       {