[jboss-cvs] Picketlink SVN: r679 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jan 31 10:51:18 EST 2011
Author: anil.saldhana at jboss.com
Date: 2011-01-31 10:51:17 -0500 (Mon, 31 Jan 2011)
New Revision: 679
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/SecurityActions.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
Log:
add the customization of group principal name
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2011-01-27 18:18:29 UTC (rev 678)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2011-01-31 15:51:17 UTC (rev 679)
@@ -37,7 +37,6 @@
import org.apache.log4j.Logger;
import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.identity.Role;
@@ -48,10 +47,10 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.picketlink.identity.federation.core.wstrust.STSClientFactory;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
-import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.w3c.dom.Element;
/**
@@ -138,6 +137,12 @@
* Also note that subclasses are not forced to put configuration options in a file. They
* can all be set as options just like the 'configFile' is specified above.
*
+ * <h3>Additional Configuration</h3>
+ * <p>
+ * groupPrincipalName: If you want the group principal in the subject representing the subject roles to have a name that is different
+ * from "Roles".
+ * </p>
+ *
* @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
*/
public abstract class AbstractSTSLoginModule implements LoginModule
@@ -164,51 +169,62 @@
* file for WSTrustClient.
*/
public static final String STS_CONFIG_FILE = "configFile";
+
+ /**
+ * Historically, JBoss has used the "Roles" as the group principal name in the subject
+ * to represent the subject roles. Users can customize this name with this option.
+ */
+ public static final String GROUP_PRINCIPAL_NAME = "groupPrincipalName";
/**
* The subject to be populated.
*/
- private Subject subject;
+ protected Subject subject;
/**
* Callback handler used to gather information from the caller.
*/
- private CallbackHandler callbackHandler;
+ protected CallbackHandler callbackHandler;
/**
* WS-Trust SAML Assertion element.
*/
- private Element samlToken;
+ protected Element samlToken;
/**
* The outcome of the authentication process.
*/
- private boolean success;
+ protected boolean success;
/**
* The options map passed into this login modules initalize method.
*/
- private Map<String, ?> options;
+ protected Map<String, ?> options;
/**
* The shared state map passed into this login modules initalize method.
*/
- private Map<String, ?> sharedState;
+ protected Map<String, ?> sharedState;
/**
* Indicates whether password stacking option was configured.
*/
- private boolean passwordStacking;
+ protected boolean passwordStacking;
/**
* Indicates whether the password-stacking options was specifed as 'useFirstPass'.
*/
- private boolean useFirstPass;
+ protected boolean useFirstPass;
/**
* Indicates whether the 'useOptionsCredentials' was configured.
*/
- private boolean useOptionsCredentials;
+ protected boolean useOptionsCredentials;
+
+ /**
+ * Name of the group principal. If unconfigured, will be "null"
+ */
+ protected String groupPrincipalName = null;
/**
* Initialized this login module. Simple stores the passed in fields and
@@ -241,6 +257,10 @@
final Boolean useOptionsCreds = Boolean.valueOf((String) options.get(OPTIONS_CREDENTIALS));
if (useOptionsCreds != null)
useOptionsCredentials = useOptionsCreds.booleanValue();
+
+ final String gpPrincipalName = (String) options.get( GROUP_PRINCIPAL_NAME );
+ if( gpPrincipalName != null && gpPrincipalName.length() > 0 )
+ groupPrincipalName = gpPrincipalName;
}
/**
@@ -559,7 +579,18 @@
{
roleMappingContext.performMapping(contextMap, null);
RoleGroup group = roleMappingContext.getMappingResult().getMappedObject();
- SimpleGroup rolePrincipal = new SimpleGroup(group.getRoleName());
+
+ SimpleGroup rolePrincipal = null;
+
+ if( groupPrincipalName != null )
+ {
+ rolePrincipal = new SimpleGroup( groupPrincipalName );
+ }
+ else
+ {
+ rolePrincipal= new SimpleGroup( group.getRoleName() );
+ }
+
for (Role role : group.getRoles())
{
rolePrincipal.addMember(new SimplePrincipal(role.getRoleName()));
@@ -570,7 +601,7 @@
protected MappingManager getMappingManager()
{
- SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
+ SecurityContext securityContext = SecurityActions.getSecurityContext();
if (securityContext == null)
{
return null;
@@ -580,5 +611,4 @@
return securityContext.getMappingManager();
}
}
-
-}
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/SecurityActions.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/SecurityActions.java 2011-01-31 15:51:17 UTC (rev 679)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.wstrust.auth;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 31, 2011
+ */
+class SecurityActions
+{
+ /**
+ * Get the current security context on the association
+ * @return
+ */
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged( new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ } );
+
+ }
+
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list