[jboss-cvs] Picketlink SVN: r1080 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat and 26 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jul 8 13:56:07 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-07-08 13:56:06 -0400 (Fri, 08 Jul 2011)
New Revision: 1080
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java
federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
Log:
PLFED-207: use intiating CL over the tccl first
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,7 +31,7 @@
*/
class SecurityActions
{
- static void setSystemProperty( final String key, final String value)
+ static void setSystemProperty(final String key, final String value)
{
AccessController.doPrivileged(new PrivilegedAction<Object>()
{
@@ -40,18 +40,6 @@
System.setProperty(key, value);
return null;
}
- });
- }
-
- static ClassLoader getContextClassLoader()
- {
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
- {
- public ClassLoader run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
});
}
-
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,21 +31,44 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Get a system property
* @param key the key for the property
@@ -58,8 +81,8 @@
{
public String run()
{
- return System.getProperty(key,defaultValue);
+ return System.getProperty(key, defaultValue);
}
- });
+ });
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -218,7 +218,9 @@
{
try
{
- Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(rgName);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), rgName);
+ if (clazz == null)
+ throw new RuntimeException("Unable to load class:" + rgName);
roleGenerator = (RoleGenerator) clazz.newInstance();
}
catch (Exception e)
@@ -989,8 +991,10 @@
String attributeManager = idpConfiguration.getAttributeManager();
if (attributeManager != null && !"".equals(attributeManager))
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- AttributeManager delegate = (AttributeManager) tcl.loadClass(attributeManager).newInstance();
+ Class<?> clazz = SecurityActions.loadClass(getClass(), attributeManager);
+ if (clazz == null)
+ throw new RuntimeException("Unable to load class:" + attributeManager);
+ AttributeManager delegate = (AttributeManager) clazz.newInstance();
this.attribManager.setDelegate(delegate);
}
}
@@ -1085,8 +1089,11 @@
{
try
{
- Class<?> stackClass = SecurityActions.getContextClassLoader().loadClass(this.identityParticipantStack);
- identityServer.setStack((IdentityParticipantStack) stackClass.newInstance());
+ Class<?> clazz = SecurityActions.loadClass(getClass(), this.identityParticipantStack);
+ if (clazz == null)
+ throw new ClassNotFoundException("Unable to load class:" + this.identityParticipantStack);
+
+ identityServer.setStack((IdentityParticipantStack) clazz.newInstance());
}
catch (ClassNotFoundException e)
{
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,18 +31,40 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-}
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -47,18 +47,19 @@
public class SPPostSignatureFormAuthenticator extends SPPostFormAuthenticator
{
private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class);
- private boolean trace = log.isTraceEnabled();
-
+
+ private final boolean trace = log.isTraceEnabled();
+
/**
* Flag to indicate whether we want to sign the assertions
*/
protected boolean signAssertions = false;
-
+
public SPPostSignatureFormAuthenticator()
{
this.validateSignature = true;
}
-
+
public boolean isSignAssertions()
{
return signAssertions;
@@ -67,39 +68,42 @@
public void setSignAssertions(boolean signAssertions)
{
this.signAssertions = signAssertions;
- }
+ }
@Override
public void start() throws LifecycleException
{
super.start();
this.supportSignatures = true;
-
+
KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
- if(keyProvider == null)
+ if (keyProvider == null)
throw new LifecycleException("KeyProvider is null");
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
+ if (keyManagerClassName == null)
throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
+
+ Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
+ if (clazz == null)
+ throw new RuntimeException("Unable to load class:" + keyManagerClassName);
+
this.keyManager = (TrustKeyManager) clazz.newInstance();
-
+
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
- keyManager.setAuthProperties( authProperties );
+ keyManager.setAuthProperties(authProperties);
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
}
- catch(Exception e)
+ catch (Exception e)
{
- log.error("Exception reading configuration:",e);
+ log.error("Exception reading configuration:", e);
throw new LifecycleException(e.getLocalizedMessage());
}
- if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
+ if (trace)
+ log.trace("Key Provider=" + keyProvider.getClassName());
}
-
+
/**
* Send the request to the IDP
* @param destination idp url
@@ -110,23 +114,21 @@
* @throws ProcessingException
* @throws ConfigurationException
* @throws IOException
- */
+ */
@Override
- protected void sendRequestToIDP(
- String destination, Document samlDocument,String relayState, Response response,
- boolean willSendRequest)
- throws ProcessingException, ConfigurationException, IOException
+ protected void sendRequestToIDP(String destination, Document samlDocument, String relayState, Response response,
+ boolean willSendRequest) throws ProcessingException, ConfigurationException, IOException
{
- if( keyManager == null )
- throw new IllegalStateException( "Key Manager is null" );
+ if (keyManager == null)
+ throw new IllegalStateException("Key Manager is null");
//Sign the document
SAML2Signature samlSignature = new SAML2Signature();
KeyPair keypair = keyManager.getSigningKeyPair();
- samlSignature.signSAMLDocument(samlDocument, keypair);
-
- if(trace)
- log.trace("Sending to IDP:" + DocumentUtil.asString(samlDocument));
+ samlSignature.signSAMLDocument(samlDocument, keypair);
+
+ if (trace)
+ log.trace("Sending to IDP:" + DocumentUtil.asString(samlDocument));
//Let the super class handle the sending
- super.sendRequestToIDP(destination, samlDocument, relayState, response, willSendRequest);
- }
+ super.sendRequestToIDP(destination, samlDocument, relayState, response, willSendRequest);
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -60,47 +60,50 @@
* @since Jan 12, 2009
*/
public class SPRedirectSignatureFormAuthenticator extends SPRedirectFormAuthenticator
-{
+{
private static Logger log = Logger.getLogger(SPRedirectSignatureFormAuthenticator.class);
- private boolean trace = log.isTraceEnabled();
-
- private TrustKeyManager keyManager;
+ private final boolean trace = log.isTraceEnabled();
+
+ private TrustKeyManager keyManager;
+
public SPRedirectSignatureFormAuthenticator()
{
- super();
+ super();
}
-
+
@Override
public void start() throws LifecycleException
{
super.start();
Context context = (Context) getContainer();
-
+
KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
- if(keyProvider == null)
- throw new LifecycleException("KeyProvider is null for context="+ context.getName());
+ if (keyProvider == null)
+ throw new LifecycleException("KeyProvider is null for context=" + context.getName());
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
+ if (keyManagerClassName == null)
throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
+
+ Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
+ if (clazz == null)
+ throw new ClassNotFoundException("Unable to load class:" + keyManagerClassName);
this.keyManager = (TrustKeyManager) clazz.newInstance();
-
+
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
- keyManager.setAuthProperties( authProperties );
+ keyManager.setAuthProperties(authProperties);
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
}
- catch(Exception e)
+ catch (Exception e)
{
- log.error("Exception reading configuration:",e);
+ log.error("Exception reading configuration:", e);
throw new LifecycleException(e.getLocalizedMessage());
}
- if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
-
+ if (trace)
+ log.trace("Key Provider=" + keyProvider.getClassName());
+
//Initialize the handler chain again, mainly for the signing pair
try
{
@@ -108,39 +111,38 @@
super.initializeHandlerChain();
}
catch (Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
+ {
+ log.error("Exception reading configuration:", e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
}
-
+
protected boolean validate(Request request) throws IOException, GeneralSecurityException
{
boolean result = super.validate(request);
- if( result == false)
+ if (result == false)
return result;
-
+
String queryString = request.getQueryString();
//Check if there is a signature
byte[] sigValue = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
- if(sigValue == null)
+ if (sigValue == null)
return false;
-
+
//Construct the url again
- String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SAMLResponse");
- String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
- GeneralConstants.RELAY_STATE);
- String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SigAlg");
+ String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SAMLResponse");
+ String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.RELAY_STATE);
+ String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SigAlg");
StringBuilder sb = new StringBuilder();
sb.append("SAMLResponse=").append(reqFromURL);
-
- if(isNotNull(relayStateFromURL))
+
+ if (isNotNull(relayStateFromURL))
{
sb.append("&RelayState=").append(relayStateFromURL);
}
sb.append("&SigAlg=").append(sigAlgFromURL);
-
+
PublicKey validatingKey;
try
{
@@ -155,7 +157,7 @@
throw new GeneralSecurityException(e.getCause());
}
boolean isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
- return isValid;
+ return isValid;
}
@Override
@@ -164,16 +166,17 @@
try
{
//Get the signing key
- PrivateKey signingKey = keyManager.getSigningKey();
- String url = RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest, urlEncodedRelayState, signingKey);
+ PrivateKey signingKey = keyManager.getSigningKey();
+ String url = RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest,
+ urlEncodedRelayState, signingKey);
return url;
}
- catch(Exception e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
- }
-
+ }
+
@Override
protected void initializeSAMLProcessor(ServiceProviderBaseProcessor processor)
{
@@ -182,36 +185,35 @@
}
@Override
- protected ResponseType decryptAssertion(ResponseType responseType)
- throws IOException, GeneralSecurityException, ConfigurationException, ParsingException
+ protected ResponseType decryptAssertion(ResponseType responseType) throws IOException, GeneralSecurityException,
+ ConfigurationException, ParsingException
{
try
{
SAML2Response saml2Response = new SAML2Response();
- PrivateKey privateKey = keyManager.getSigningKey();
-
- EncryptedElementType myEET = (EncryptedElementType) responseType.getAssertions().get(0).getEncryptedAssertion();
- Document eetDoc = saml2Response.convert(myEET);
-
- Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);
- return saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
- }
+ PrivateKey privateKey = keyManager.getSigningKey();
+
+ EncryptedElementType myEET = responseType.getAssertions().get(0).getEncryptedAssertion();
+ Document eetDoc = saml2Response.convert(myEET);
+
+ Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc, privateKey);
+ return saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
+ }
catch (Exception e)
{
throw new GeneralSecurityException(e);
- }
- }
-
+ }
+ }
+
@Override
- protected void populateChainConfig()
- throws ConfigurationException, ProcessingException
- {
+ protected void populateChainConfig() throws ConfigurationException, ProcessingException
+ {
super.populateChainConfig();
- if(this.keyManager != null)
+ if (this.keyManager != null)
{
- if(trace)
+ if (trace)
log.trace("Adding Keypair to the chain config");
chainConfigOptions.put(GeneralConstants.KEYPAIR, keyManager.getSigningKeyPair());
- }
+ }
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -32,21 +32,44 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Use reflection to get the {@link Method} on a {@link Class} with the
* given parameter types
@@ -72,4 +95,4 @@
}
});
}
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -32,21 +32,6 @@
class SecurityActions
{
/**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
- {
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
- {
- public ClassLoader run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- /**
* Get the system property
* @param key
* @param defaultValue
@@ -62,4 +47,4 @@
}
});
}
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,21 +31,43 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Get the system property
* @param key
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -28,6 +28,7 @@
import java.io.OutputStream;
import java.io.Writer;
import java.net.URI;
+import java.net.URL;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.ParserConfigurationException;
@@ -129,8 +130,19 @@
{
if (fileName == null)
throw new IllegalArgumentException("fileName is null");
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- InputStream is = tcl.getResourceAsStream(fileName);
+ URL resourceURL = SecurityActions.loadResource(getClass(), fileName);
+ if (resourceURL == null)
+ throw new ProcessingException(fileName + " could not be loaded");
+
+ InputStream is = null;
+ try
+ {
+ is = resourceURL.openStream();
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
return getAuthnRequestType(is);
}
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.api.saml.v2.request;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -31,21 +32,71 @@
*/
class SecurityActions
{
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
- * Get the Thread Context ClassLoader
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
* @return
*/
- static ClassLoader getContextClassLoader()
+ static URL loadResource(final Class<?> clazz, final String resourceName)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
{
- public ClassLoader run()
+ public URL run()
{
- return Thread.currentThread().getContextClassLoader();
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
}
});
}
-
+
/**
* Get the system property
* @param key
@@ -62,4 +113,4 @@
}
});
}
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -27,33 +27,60 @@
/**
* Privileged Blocks
*/
-class SecurityActions {
- /**
- * Get the Thread Context ClassLoader
- *
- * @return
- */
- static ClassLoader getContextClassLoader() {
- return AccessController
- .doPrivileged(new PrivilegedAction<ClassLoader>() {
- public ClassLoader run() {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
+class SecurityActions
+{
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
- /**
- * Get the system property
- *
- * @param key
- * @param defaultValue
- * @return
- */
- static String getSystemProperty(final String key, final String defaultValue) {
- return AccessController.doPrivileged(new PrivilegedAction<String>() {
- public String run() {
- return System.getProperty(key, defaultValue);
- }
- });
- }
-}
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Get the system property
+ *
+ * @param key
+ * @param defaultValue
+ * @return
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -57,7 +57,7 @@
* @since Jan 22, 2009
*/
public class KeyStoreKeyManager implements TrustKeyManager
-{
+{
/**
* An map of secret keys alive only for the duration of the program.
* The keys are generated on the fly. If you need sophisticated key
@@ -66,38 +66,45 @@
* a TPM module or a HSM module.
* Also see JBoss XMLKey.
*/
- private final Map<String,SecretKey> keys = new HashMap<String,SecretKey>();
-
+ private final Map<String, SecretKey> keys = new HashMap<String, SecretKey>();
+
private static Logger log = Logger.getLogger(KeyStoreKeyManager.class);
- private boolean trace = log.isTraceEnabled();
-
- private final HashMap<String,String> domainAliasMap = new HashMap<String,String>();
- private final HashMap<String,String> authPropsMap = new HashMap<String,String>();
-
+
+ private final boolean trace = log.isTraceEnabled();
+
+ private final HashMap<String, String> domainAliasMap = new HashMap<String, String>();
+
+ private final HashMap<String, String> authPropsMap = new HashMap<String, String>();
+
private KeyStore ks = null;
-
+
private String keyStoreURL;
+
private char[] signingKeyPass;
+
private String signingAlias;
+
private String keyStorePass;
-
+
public static final String KEYSTORE_URL = "KeyStoreURL";
+
public static final String KEYSTORE_PASS = "KeyStorePass";
+
public static final String SIGNING_KEY_PASS = "SigningKeyPass";
+
public static final String SIGNING_KEY_ALIAS = "SigningKeyAlias";
-
+
/**
* @see TrustKeyManager#getSigningKey()
*/
- public PrivateKey getSigningKey()
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public PrivateKey getSigningKey() throws TrustKeyConfigurationException, TrustKeyProcessingException
{
try
{
- if(ks == null)
+ if (ks == null)
this.setUpKeyStore();
-
- if(ks == null)
+
+ if (ks == null)
throw new IllegalStateException("KeyStore is null");
return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass);
}
@@ -120,21 +127,20 @@
catch (IOException e)
{
throw new TrustKeyProcessingException(e);
- }
+ }
}
/*
* (non-Javadoc)
* @see org.picketlink.identity.federation.bindings.interfaces.TrustKeyManager#getSigningKeyPair()
*/
- public KeyPair getSigningKeyPair()
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public KeyPair getSigningKeyPair() throws TrustKeyConfigurationException, TrustKeyProcessingException
{
try
{
- if(this.ks == null)
+ if (this.ks == null)
this.setUpKeyStore();
-
+
PrivateKey privateKey = this.getSigningKey();
PublicKey publicKey = KeyStoreUtil.getPublicKey(this.ks, this.signingAlias, this.signingKeyPass);
return new KeyPair(publicKey, privateKey);
@@ -144,32 +150,31 @@
throw new TrustKeyConfigurationException(e);
}
catch (GeneralSecurityException e)
- {
+ {
throw new TrustKeyProcessingException(e);
}
catch (IOException e)
- {
+ {
throw new TrustKeyProcessingException(e);
}
}
-
+
/**
* @see TrustKeyManager#getCertificate(String)
*/
- public Certificate getCertificate(String alias)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public Certificate getCertificate(String alias) throws TrustKeyConfigurationException, TrustKeyProcessingException
{
try
{
- if(ks == null)
+ if (ks == null)
this.setUpKeyStore();
-
- if(ks == null)
+
+ if (ks == null)
throw new IllegalStateException("KeyStore is null");
-
- if(alias == null || alias.length() == 0)
+
+ if (alias == null || alias.length() == 0)
throw new IllegalArgumentException("Alias is null");
-
+
return ks.getCertificate(alias);
}
catch (KeyStoreException e)
@@ -177,11 +182,11 @@
throw new TrustKeyConfigurationException(e);
}
catch (GeneralSecurityException e)
- {
+ {
throw new TrustKeyProcessingException(e);
}
catch (IOException e)
- {
+ {
throw new TrustKeyProcessingException(e);
}
}
@@ -189,32 +194,31 @@
/**
* @see TrustKeyManager#getPublicKey(String)
*/
- public PublicKey getPublicKey(String alias)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public PublicKey getPublicKey(String alias) throws TrustKeyConfigurationException, TrustKeyProcessingException
{
PublicKey publicKey = null;
-
+
try
{
- if(ks == null)
+ if (ks == null)
{
- if(trace) log.trace("getPublicKey::Keystore is null. so setting it up");
- this.setUpKeyStore();
+ if (trace)
+ log.trace("getPublicKey::Keystore is null. so setting it up");
+ this.setUpKeyStore();
}
-
- if(ks == null)
+
+ if (ks == null)
throw new IllegalStateException("KeyStore is null");
Certificate cert = ks.getCertificate(alias);
- if(cert != null)
+ if (cert != null)
publicKey = cert.getPublicKey();
- else
- if(trace)
- log.trace("No public key found for alias=" + alias);
-
+ else if (trace)
+ log.trace("No public key found for alias=" + alias);
+
return publicKey;
}
catch (KeyStoreException e)
- {
+ {
throw new TrustKeyConfigurationException(e);
}
catch (GeneralSecurityException e)
@@ -225,7 +229,7 @@
{
throw new TrustKeyProcessingException(e);
}
- }
+ }
/**
* Get the validating public key
@@ -234,26 +238,25 @@
* @see TrustKeyManager#getValidatingKey(String)
* @see TrustKeyManager#getPublicKey(String)
*/
- public PublicKey getValidatingKey(String domain)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public PublicKey getValidatingKey(String domain) throws TrustKeyConfigurationException, TrustKeyProcessingException
{
PublicKey publicKey = null;
try
{
- if(ks == null)
+ if (ks == null)
this.setUpKeyStore();
-
- if(ks == null)
+
+ if (ks == null)
throw new IllegalStateException("KeyStore is null");
String domainAlias = this.domainAliasMap.get(domain);
- if(domainAlias == null)
- throw new IllegalStateException("Domain Alias missing for "+ domain);
+ if (domainAlias == null)
+ throw new IllegalStateException("Domain Alias missing for " + domain);
publicKey = null;
try
{
publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.keyStorePass.toCharArray());
}
- catch(UnrecoverableKeyException urke)
+ catch (UnrecoverableKeyException urke)
{
//Try with the signing key pass
publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.signingKeyPass);
@@ -281,77 +284,76 @@
/**
* @see TrustKeyManager#setAuthProperties(List)
*/
- public void setAuthProperties(List<AuthPropertyType> authList)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public void setAuthProperties(List<AuthPropertyType> authList) throws TrustKeyConfigurationException,
+ TrustKeyProcessingException
{
- for(AuthPropertyType auth: authList)
+ for (AuthPropertyType auth : authList)
{
this.authPropsMap.put(auth.getKey(), auth.getValue());
}
-
+
this.keyStoreURL = this.authPropsMap.get(KEYSTORE_URL);
this.keyStorePass = this.authPropsMap.get(KEYSTORE_PASS);
-
this.signingAlias = this.authPropsMap.get(SIGNING_KEY_ALIAS);
-
+
String keypass = this.authPropsMap.get(SIGNING_KEY_PASS);
- if(keypass == null || keypass.length() == 0)
+ if (keypass == null || keypass.length() == 0)
throw new RuntimeException("Signing Key Pass is null");
- this.signingKeyPass = keypass.toCharArray();
+ this.signingKeyPass = keypass.toCharArray();
}
/**
* @see TrustKeyManager#setValidatingAlias(List)
*/
- public void setValidatingAlias(List<KeyValueType> aliases)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public void setValidatingAlias(List<KeyValueType> aliases) throws TrustKeyConfigurationException,
+ TrustKeyProcessingException
{
- for(KeyValueType alias: aliases)
+ for (KeyValueType alias : aliases)
{
domainAliasMap.put(alias.getKey(), alias.getValue());
}
}
-
+
/**
* @throws GeneralSecurityException
* @see TrustKeyManager#getEncryptionKey(String)
*/
- public SecretKey getEncryptionKey(String domain,String encryptionAlgorithm, int keyLength)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
+ public SecretKey getEncryptionKey(String domain, String encryptionAlgorithm, int keyLength)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
SecretKey key = keys.get(domain);
- if(key == null)
+ if (key == null)
{
try
{
key = EncryptionKeyUtil.getSecretKey(encryptionAlgorithm, keyLength);
}
catch (GeneralSecurityException e)
- {
+ {
throw new TrustKeyProcessingException(e);
}
keys.put(domain, key);
- }
+ }
return key;
}
-
+
private void setUpKeyStore() throws GeneralSecurityException, IOException
{
//Keystore URL/Pass can be either by configuration or on the HTTPS connector
- if(this.keyStoreURL == null)
+ if (this.keyStoreURL == null)
{
this.keyStoreURL = SecurityActions.getProperty("javax.net.ssl.keyStore", null);
}
- if(this.keyStorePass == null)
+ if (this.keyStorePass == null)
{
this.keyStorePass = SecurityActions.getProperty("javax.net.ssl.keyStorePassword", null);
}
-
+
InputStream is = this.getKeyStoreInputStream(this.keyStoreURL);
- ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
+ ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
}
-
+
/**
* Seek the input stream to the KeyStore
* @param keyStore
@@ -360,32 +362,43 @@
private InputStream getKeyStoreInputStream(String keyStore)
{
InputStream is = null;
-
+
try
{
//Try the file method
- File file = new File(keyStore);
+ File file = new File(keyStore);
is = new FileInputStream(file);
}
- catch(Exception e)
+ catch (Exception e)
{
+ URL url = null;
try
{
- URL url = new URL(keyStore);
- is = url.openStream();
- }
- catch(Exception ex)
+ url = new URL(keyStore);
+ is = url.openStream();
+ }
+ catch (Exception ex)
{
- is = SecurityActions.getContextClassLoader().getResourceAsStream(keyStore);
+ url = SecurityActions.loadResource(getClass(), keyStore);
+ if (url != null)
+ {
+ try
+ {
+ is = url.openStream();
+ }
+ catch (IOException e1)
+ {
+ }
+ }
}
}
-
- if(is == null)
+
+ if (is == null)
{
//Try the user.home dir
String userHome = SecurityActions.getSystemProperty("user.home", "") + "/jbid-keystore";
File ksDir = new File(userHome);
- if(ksDir.exists())
+ if (ksDir.exists())
{
try
{
@@ -397,9 +410,8 @@
}
}
}
- if(is == null)
+ if (is == null)
throw new RuntimeException("Keystore not located:" + keyStore);
return is;
- }
-
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.impl;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -31,21 +32,72 @@
*/
class SecurityActions
{
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
- * Get the Thread Context ClassLoader
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
* @return
*/
- static ClassLoader getContextClassLoader()
+ static URL loadResource(final Class<?> clazz, final String resourceName)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
{
- public ClassLoader run()
+ public URL run()
{
- return Thread.currentThread().getContextClassLoader();
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
}
});
}
-
+
/**
* Get a system property
* @param key the key for the property
@@ -58,11 +110,11 @@
{
public String run()
{
- return System.getProperty(key,defaultValue);
+ return System.getProperty(key, defaultValue);
}
- });
+ });
}
-
+
/**
* Get the system property
* @param key
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -109,8 +109,7 @@
{
SystemPropertiesUtil.ensure();
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- URL url = tcl.getResource(policyConfigFileName);
+ URL url = SecurityActions.loadResource(getClass(), policyConfigFileName);
if (url == null)
throw new IllegalStateException(policyConfigFileName + " could not be located");
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.core.pdp;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -31,7 +32,7 @@
*/
class SecurityActions
{
- static void setSystemProperty( final String key, final String value)
+ static void setSystemProperty(final String key, final String value)
{
AccessController.doPrivileged(new PrivilegedAction<Object>()
{
@@ -40,18 +41,71 @@
System.setProperty(key, value);
return null;
}
- });
+ });
}
-
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
+ * @return
+ */
+ static URL loadResource(final Class<?> clazz, final String resourceName)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
+ }
+ });
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,7 +31,7 @@
*/
class SecurityActions
{
- static void setSystemProperty( final String key, final String value)
+ static void setSystemProperty(final String key, final String value)
{
AccessController.doPrivileged(new PrivilegedAction<Object>()
{
@@ -40,18 +40,43 @@
System.setProperty(key, value);
return null;
}
- });
+ });
}
-
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -34,22 +34,25 @@
{
public static SAML2HandlerChain createChain()
{
- return new DefaultSAML2HandlerChain();
- }
-
+ return new DefaultSAML2HandlerChain();
+ }
+
public static SAML2HandlerChain createChain(String fqn) throws ProcessingException
{
- if(fqn == null)
+ if (fqn == null)
throw new IllegalArgumentException("fqn is null");
- ClassLoader tcl = SecurityActions.getContextClassLoader();
-
+
+ Class<?> clazz = SecurityActions.loadClass(SAML2HandlerChainFactory.class, fqn);
+ if (clazz == null)
+ throw new ProcessingException("Handler Chain could not be created");
+
try
{
- return (SAML2HandlerChain) tcl.loadClass(fqn).newInstance();
+ return (SAML2HandlerChain) clazz.newInstance();
}
catch (Exception e)
{
- throw new ProcessingException("Cannot create chain:",e);
- }
+ throw new ProcessingException("Cannot create chain:", e);
+ }
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,21 +31,43 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Get the system property
* @param key
@@ -62,4 +84,4 @@
}
});
}
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -37,12 +37,12 @@
{
public String run()
{
- return System.getProperty(key);
+ return System.getProperty(key);
}
- });
+ });
}
-
- static void setSystemProperty( final String key, final String value)
+
+ static void setSystemProperty(final String key, final String value)
{
AccessController.doPrivileged(new PrivilegedAction<Object>()
{
@@ -51,18 +51,43 @@
System.setProperty(key, value);
return null;
}
- });
+ });
}
-
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -44,42 +44,38 @@
{
public static Set<SAML2Handler> getHandlers(Handlers handlers) throws ConfigurationException
{
- if(handlers == null)
+ if (handlers == null)
throw new IllegalArgumentException("handlers is null");
List<Handler> handlerList = handlers.getHandler();
Set<SAML2Handler> handlerSet = new LinkedHashSet<SAML2Handler>();
- for(Handler handler : handlerList)
+ for (Handler handler : handlerList)
{
String clazzName = handler.getClazz();
- ClassLoader tcl = SecurityActions.getContextClassLoader();
Class<?> clazz;
try
{
- clazz = tcl.loadClass(clazzName);
-
+ clazz = SecurityActions.loadClass(HandlerUtil.class, clazzName);
+ if (clazz == null)
+ throw new RuntimeException(clazzName + " could not be loaded");
SAML2Handler samlhandler = (SAML2Handler) clazz.newInstance();
List<KeyValueType> options = handler.getOption();
Map<String, Object> mapOptions = new HashMap<String, Object>();
- for(KeyValueType kvtype : options)
+ for (KeyValueType kvtype : options)
{
mapOptions.put(kvtype.getKey(), kvtype.getValue());
}
SAML2HandlerConfig handlerConfig = new DefaultSAML2HandlerConfig();
handlerConfig.set(mapOptions);
-
+
samlhandler.initHandlerConfig(handlerConfig);
handlerSet.add(samlhandler);
}
- catch (ClassNotFoundException e)
- {
- throw new ConfigurationException(e);
- }
catch (InstantiationException e)
{
throw new ConfigurationException(e);
@@ -88,8 +84,7 @@
{
throw new ConfigurationException(e);
}
- }
-
+ }
return handlerSet;
- }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,21 +31,43 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Set the system property
* @param key
@@ -63,7 +85,7 @@
}
});
}
-
+
/**
* Get the system property
* @param key
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,7 +21,6 @@
*/
package org.picketlink.identity.federation.core.sts;
-import java.security.PrivilegedActionException;
import java.util.Map;
import org.apache.log4j.Logger;
@@ -41,8 +40,8 @@
* @since Jan 4, 2011
*/
public abstract class AbstractSecurityTokenProvider implements SecurityTokenProvider
-{
- protected static Logger logger = Logger.getLogger( AbstractSecurityTokenProvider.class);
+{
+ protected static Logger logger = Logger.getLogger(AbstractSecurityTokenProvider.class);
protected static final String TOKEN_REGISTRY = "TokenRegistry";
@@ -63,57 +62,61 @@
protected Map<String, String> properties;
public void initialize(Map<String, String> properties)
- {
+ {
this.properties = properties;
//Check for token registry
- String tokenRegistryOption = this.properties.get( TOKEN_REGISTRY );
+ String tokenRegistryOption = this.properties.get(TOKEN_REGISTRY);
if (tokenRegistryOption == null)
{
if (logger.isDebugEnabled())
- logger.debug("Security Token registry option not specified: Issued Tokens will not be persisted!");
+ logger.debug("Security Token registry option not specified: Issued Tokens will not be persisted!");
}
else
{
// if a file is to be used as registry, check if the user has specified the file name.
- if ("FILE".equalsIgnoreCase( tokenRegistryOption ))
+ if ("FILE".equalsIgnoreCase(tokenRegistryOption))
{
- String tokenRegistryFile = this.properties.get( TOKEN_REGISTRY_FILE );
- if ( tokenRegistryFile != null)
- this.tokenRegistry = new FileBasedTokenRegistry( tokenRegistryFile );
+ String tokenRegistryFile = this.properties.get(TOKEN_REGISTRY_FILE);
+ if (tokenRegistryFile != null)
+ this.tokenRegistry = new FileBasedTokenRegistry(tokenRegistryFile);
else
this.tokenRegistry = new FileBasedTokenRegistry();
- }
+ }
// the user has specified its own registry implementation class.
else
{
try
{
- Object object = SecurityActions.instantiateClass( tokenRegistryOption );
- if (object instanceof RevocationRegistry)
- this.tokenRegistry = ( SecurityTokenRegistry ) object;
- else
+ Class<?> clazz = SecurityActions.loadClass(getClass(), tokenRegistryOption);
+ if (clazz != null)
{
- logger.warn( tokenRegistryOption + " is not an instance of SecurityTokenRegistry - using default registry");
+ Object object = clazz.newInstance();
+ if (object instanceof RevocationRegistry)
+ this.tokenRegistry = (SecurityTokenRegistry) object;
+ else
+ {
+ logger.warn(tokenRegistryOption
+ + " is not an instance of SecurityTokenRegistry - using default registry");
+ }
}
}
- catch (PrivilegedActionException pae )
+ catch (Exception pae)
{
logger.warn("Error instantiating revocation registry class - using default registry");
- pae.printStackTrace();
+ pae.printStackTrace();
}
}
- if( this.tokenRegistry == null )
+ if (this.tokenRegistry == null)
tokenRegistry = new DefaultTokenRegistry();
-
// check if a revocation registry option has been set.
String registryOption = this.properties.get(REVOCATION_REGISTRY);
if (registryOption == null)
{
if (logger.isDebugEnabled())
- logger.debug("Revocation registry option not specified: cancelled ids will not be persisted!");
+ logger.debug("Revocation registry option not specified: cancelled ids will not be persisted!");
}
else
{
@@ -140,23 +143,28 @@
{
try
{
- Object object = SecurityActions.instantiateClass(registryOption);
- if (object instanceof RevocationRegistry)
- this.revocationRegistry = (RevocationRegistry) object;
- else
+ Class<?> clazz = SecurityActions.loadClass(getClass(), registryOption);
+ if (clazz != null)
{
- logger.warn(registryOption + " is not an instance of RevocationRegistry - using default registry");
+ Object object = clazz.newInstance();
+ if (object instanceof RevocationRegistry)
+ this.revocationRegistry = (RevocationRegistry) object;
+ else
+ {
+ logger.warn(registryOption
+ + " is not an instance of RevocationRegistry - using default registry");
+ }
}
}
- catch (PrivilegedActionException pae )
+ catch (Exception pae)
{
logger.warn("Error instantiating revocation registry class - using default registry");
- pae.printStackTrace();
+ pae.printStackTrace();
}
}
}
-
- if( this.revocationRegistry == null )
+
+ if (this.revocationRegistry == null)
this.revocationRegistry = new DefaultRevocationRegistry();
}
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -309,9 +309,8 @@
configurationFileURL = configurationFile.toURI().toURL();
else
{
- // if not configuration file was found in the user home, check the context classloader.
- ClassLoader tccl = SecurityActions.getContextClassLoader();
- configurationFileURL = tccl.getResource(fileName);
+ // if not configuration file was found in the user home, check the context classloader.
+ configurationFileURL = SecurityActions.loadResource(getClass(), fileName);
}
// if no configuration file was found, log a warn message and use default configuration values.
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,10 +21,9 @@
*/
package org.picketlink.identity.federation.core.sts;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* <p>
@@ -35,21 +34,39 @@
*/
class SecurityActions
{
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
- /**
- * <p>
- * Gets the thread context class loader using a privileged block.
- * </p>
- *
- * @return a reference to the thread context {@code ClassLoader}.
- */
- static ClassLoader getContextClassLoader()
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
}
});
}
@@ -66,54 +83,31 @@
}
/**
- * <p>
- * Loads a class using the thread context class loader in a privileged block.
- * </p>
- *
- * @param name the fully-qualified name of the class to be loaded.
- * @return a reference to the loaded {@code Class}.
- * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause
- * of the error, so classes using this method must perform a {@code getCause()} in order to get a
- * reference to the root of the error.
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
+ * @return
*/
- static Class<?> loadClass(final String name) throws PrivilegedActionException
+ static URL loadResource(final Class<?> clazz, final String resourceName)
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
{
- public Class<?> run() throws PrivilegedActionException
+ public URL run()
{
- try
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
{
- return getContextClassLoader().loadClass(name);
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
}
- catch (Exception e)
- {
- throw new PrivilegedActionException(e);
- }
- }
- });
- }
- /**
- * <p>
- * Creates an instance of the specified class in a privileged block. The class must define a default constructor.
- * </p>
- *
- * @param className the fully-qualified name of the class to be instantiated.
- * @return a reference to the instantiated {@code Object}.
- * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real
- * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a
- * reference to the root of the error.
- */
- static Object instantiateClass(final String className) throws PrivilegedActionException
- {
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- Class<?> objectClass = loadClass(className);
- return objectClass.newInstance();
+ return url;
}
});
}
+
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -46,9 +46,9 @@
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTChoiceType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
+import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
/**
* Utility for configuration
@@ -82,12 +82,13 @@
TrustKeyManager trustKeyManager = null;
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
String keyManagerClassName = keyProvider.getClassName();
if (keyManagerClassName == null)
throw new RuntimeException("KeyManager class name is null");
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ Class<?> clazz = SecurityActions.loadClass(CoreConfigUtil.class, keyManagerClassName);
+ if (clazz == null)
+ throw new RuntimeException(keyManagerClassName + " could not be loaded");
trustKeyManager = (TrustKeyManager) clazz.newInstance();
}
catch (Exception e)
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,8 +21,10 @@
*/
package org.picketlink.identity.federation.core.util;
+import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
+import java.net.URL;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -118,7 +120,6 @@
LSInput lsi = lsmap.get(systemId);
if (lsi == null)
{
- final ClassLoader tcl = SecurityActions.getContextClassLoader();
final String loc = schemaLocationMap.get(systemId);
if (loc == null)
return null;
@@ -132,7 +133,16 @@
public InputStream getByteStream()
{
- final InputStream is = tcl.getResourceAsStream(loc);
+ URL url = SecurityActions.loadResource(getClass(), loc);
+ InputStream is;
+ try
+ {
+ is = url.openStream();
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(loc + " could not be loaded");
+ }
if (is == null)
throw new RuntimeException("inputstream is null for " + loc);
return is;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -47,18 +47,19 @@
public class JAXBUtil
{
private static Logger log = Logger.getLogger(JAXBUtil.class);
+
private static boolean trace = log.isTraceEnabled();
-
+
public static final String W3C_XML_SCHEMA_NS_URI = "http://www.w3.org/2001/XMLSchema";
-
- private static HashMap<String,JAXBContext> jaxbContextHash = new HashMap<String, JAXBContext>();
-
+
+ private static HashMap<String, JAXBContext> jaxbContextHash = new HashMap<String, JAXBContext>();
+
static
{
//Useful on Sun VMs. Harmless on other VMs.
SecurityActions.setSystemProperty("com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot", "true");
}
-
+
/**
* Get the JAXB Marshaller
* @param pkgName The package name for the jaxb context
@@ -67,15 +68,15 @@
* @throws JAXBException
* @throws SAXException
*/
- public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation)
- throws JAXBException, SAXException
+ public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation) throws JAXBException,
+ SAXException
{
- Marshaller marshaller = getMarshaller(pkgName);
-
+ Marshaller marshaller = getMarshaller(pkgName);
+
//Validate against schema
Schema schema = getJAXPSchemaInstance(schemaLocation);
- marshaller.setSchema(schema);
-
+ marshaller.setSchema(schema);
+
return marshaller;
}
@@ -85,11 +86,11 @@
* @return Marshaller
* @throws JAXBException
*/
- public static Marshaller getMarshaller(String pkgName) throws JAXBException
+ public static Marshaller getMarshaller(String pkgName) throws JAXBException
{
- if(pkgName == null)
+ if (pkgName == null)
throw new IllegalArgumentException("pkgName is null");
-
+
JAXBContext jc = getJAXBContext(pkgName);
Marshaller marshaller = jc.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
@@ -103,14 +104,14 @@
* @return unmarshaller
* @throws JAXBException
*/
- public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException
+ public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException
{
- if(pkgName == null)
+ if (pkgName == null)
throw new IllegalArgumentException("pkgName is null");
JAXBContext jc = getJAXBContext(pkgName);
return jc.createUnmarshaller();
}
-
+
/**
* Get the JAXB Unmarshaller for a selected set
* of package names
@@ -118,14 +119,14 @@
* @return
* @throws JAXBException
*/
- public static Unmarshaller getUnmarshaller(String... pkgNames) throws JAXBException
+ public static Unmarshaller getUnmarshaller(String... pkgNames) throws JAXBException
{
- if(pkgNames == null)
+ if (pkgNames == null)
throw new IllegalArgumentException("pkgName is null");
int len = pkgNames.length;
- if(len == 0)
+ if (len == 0)
return getUnmarshaller(pkgNames[0]);
-
+
JAXBContext jc = getJAXBContext(pkgNames);
return jc.createUnmarshaller();
}
@@ -138,60 +139,57 @@
* @throws JAXBException
* @throws SAXException
*/
- public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation)
- throws JAXBException, SAXException
- {
- Unmarshaller unmarshaller = getUnmarshaller(pkgName);
+ public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation) throws JAXBException,
+ SAXException
+ {
+ Unmarshaller unmarshaller = getUnmarshaller(pkgName);
Schema schema = getJAXPSchemaInstance(schemaLocation);
- unmarshaller.setSchema(schema);
-
+ unmarshaller.setSchema(schema);
+
return unmarshaller;
}
-
- public static Unmarshaller getValidatingUnmarshaller(String[] pkgNames,
- String[] schemaLocations) throws JAXBException,SAXException, IOException
+
+ public static Unmarshaller getValidatingUnmarshaller(String[] pkgNames, String[] schemaLocations)
+ throws JAXBException, SAXException, IOException
{
StringBuilder builder = new StringBuilder();
int len = pkgNames.length;
- if(len == 0)
+ if (len == 0)
throw new IllegalArgumentException("Packages are empty");
-
- for(String pkg:pkgNames)
+
+ for (String pkg : pkgNames)
{
- builder.append(pkg);
- builder.append(":");
+ builder.append(pkg);
+ builder.append(":");
}
-
- Unmarshaller unmarshaller = getUnmarshaller(builder.toString());
-
+
+ Unmarshaller unmarshaller = getUnmarshaller(builder.toString());
+
SchemaFactory schemaFactory = getSchemaFactory();
-
+
//Get the sources
Source[] schemaSources = new Source[schemaLocations.length];
-
- ClassLoader tcl = SecurityActions.getContextClassLoader();
-
- int i=0;
- for(String schemaLocation : schemaLocations)
+
+ int i = 0;
+ for (String schemaLocation : schemaLocations)
{
- URL schemaURL = tcl.getResource(schemaLocation);
- if(schemaURL == null)
+ URL schemaURL = SecurityActions.loadResource(JAXBUtil.class, schemaLocation);
+ if (schemaURL == null)
throw new IllegalStateException("Schema URL is null:" + schemaLocation);
- schemaSources[i++] = new StreamSource(schemaURL.openStream());
+ schemaSources[i++] = new StreamSource(schemaURL.openStream());
}
-
+
Schema schema = schemaFactory.newSchema(schemaSources);
- unmarshaller.setSchema(schema);
-
+ unmarshaller.setSchema(schema);
+
return unmarshaller;
}
private static Schema getJAXPSchemaInstance(String schemaLocation) throws SAXException
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- URL schemaURL = tcl.getResource(schemaLocation);
- if(schemaURL == null)
+ {
+ URL schemaURL = SecurityActions.loadResource(JAXBUtil.class, schemaLocation);
+ if (schemaURL == null)
throw new IllegalStateException("Schema URL is null:" + schemaLocation);
SchemaFactory scFact = getSchemaFactory();
Schema schema = scFact.newSchema(schemaURL);
@@ -201,11 +199,11 @@
private static SchemaFactory getSchemaFactory()
{
SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
-
+
//Always install the resolver unless the system property is set
- if(SecurityActions.getSystemProperty("org.picketlink.identity.federation.jaxb.ls", null) == null)
- scFact.setResourceResolver( new IDFedLSInputResolver());
-
+ if (SecurityActions.getSystemProperty("org.picketlink.identity.federation.jaxb.ls", null) == null)
+ scFact.setResourceResolver(new IDFedLSInputResolver());
+
scFact.setErrorHandler(new ErrorHandler()
{
public void error(SAXParseException exception) throws SAXException
@@ -216,8 +214,9 @@
builder.append(" Public ID=").append(exception.getPublicId());
builder.append(" System ID=").append(exception.getSystemId());
builder.append(" exc=").append(exception.getLocalizedMessage());
-
- if(trace) log.trace("SAX Error:" + builder.toString());
+
+ if (trace)
+ log.trace("SAX Error:" + builder.toString());
}
public void fatalError(SAXParseException exception) throws SAXException
@@ -228,7 +227,7 @@
builder.append(" Public ID=").append(exception.getPublicId());
builder.append(" System ID=").append(exception.getSystemId());
builder.append(" exc=").append(exception.getLocalizedMessage());
-
+
log.error("SAX Fatal Error:" + builder.toString());
}
@@ -240,53 +239,54 @@
builder.append(" Public ID=").append(exception.getPublicId());
builder.append(" System ID=").append(exception.getSystemId());
builder.append(" exc=").append(exception.getLocalizedMessage());
-
- if(trace) log.trace("SAX Warn:" + builder.toString());
+
+ if (trace)
+ log.trace("SAX Warn:" + builder.toString());
}
});
return scFact;
}
-
+
public static JAXBContext getJAXBContext(String path) throws JAXBException
{
JAXBContext jx = jaxbContextHash.get(path);
- if(jx == null)
+ if (jx == null)
{
jx = JAXBContext.newInstance(path);
jaxbContextHash.put(path, jx);
}
return jx;
}
-
+
public static JAXBContext getJAXBContext(String... paths) throws JAXBException
{
int len = paths.length;
if (len == 0)
return getJAXBContext(paths[0]);
-
+
StringBuilder builder = new StringBuilder();
- for(String path: paths)
+ for (String path : paths)
{
- builder.append(path).append(":");
+ builder.append(path).append(":");
}
-
+
String finalPath = builder.toString();
-
+
JAXBContext jx = jaxbContextHash.get(finalPath);
- if(jx == null)
+ if (jx == null)
{
jx = JAXBContext.newInstance(finalPath);
jaxbContextHash.put(finalPath, jx);
}
return jx;
}
-
+
public static JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException
{
String clazzName = clazz.getName();
-
+
JAXBContext jx = jaxbContextHash.get(clazzName);
- if(jx == null)
+ if (jx == null)
{
jx = JAXBContext.newInstance(clazz);
jaxbContextHash.put(clazzName, jx);
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -32,21 +32,43 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Set the system property
* @param key
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -355,7 +355,7 @@
configurationFileURL = configurationFile.toURI().toURL();
else
// if not configuration file was found in the user home, check the context classloader.
- configurationFileURL = SecurityActions.getContextClassLoader().getResource(STS_CONFIG_FILE);
+ configurationFileURL = SecurityActions.loadResource(getClass(), STS_CONFIG_FILE);
// if no configuration file was found, log a warn message and use default configuration values.
if (configurationFileURL == null)
@@ -376,5 +376,4 @@
throw new ConfigurationException("Error parsing the configuration file:[" + configurationFileURL + "]", e);
}
}
-
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -81,7 +81,7 @@
public PicketLinkSTSConfiguration()
{
this.delegate = new STSType();
- this.delegate.setRequestHandler( StandardRequestHandler.class.getCanonicalName() );
+ this.delegate.setRequestHandler(StandardRequestHandler.class.getCanonicalName());
// TODO: add default token provider classes.
}
@@ -91,13 +91,13 @@
* </p>
*
* @param config a reference to the object that holds the configuration of the STS.
- */
+ */
public PicketLinkSTSConfiguration(STSType config)
{
this.delegate = config;
// set the default request handler if one hasn't been specified.
if (this.delegate.getRequestHandler() == null)
- this.delegate.setRequestHandler( StandardRequestHandler.class.getCanonicalName() );
+ this.delegate.setRequestHandler(StandardRequestHandler.class.getCanonicalName());
// build the token-provider maps.
TokenProvidersType providers = this.delegate.getTokenProviders();
@@ -111,23 +111,23 @@
List<KeyValueType> providerPropertiesList;
try
{
- providerPropertiesList = CoreConfigUtil.getProperties( provider );
+ providerPropertiesList = CoreConfigUtil.getProperties(provider);
}
catch (GeneralSecurityException e)
{
- throw new RuntimeException( e );
+ throw new RuntimeException(e);
}
-
- for (KeyValueType propertyType : providerPropertiesList )
- properties.put(propertyType.getKey(), propertyType.getValue());
-
+
+ for (KeyValueType propertyType : providerPropertiesList)
+ properties.put(propertyType.getKey(), propertyType.getValue());
+
// create and initialize the token provider.
SecurityTokenProvider tokenProvider = WSTrustServiceFactory.getInstance().createTokenProvider(
provider.getProviderClass(), properties);
// token providers can be keyed by the token type and by token element + namespace.
this.tokenProviders.put(provider.getTokenType(), tokenProvider);
- String tokenElementAndNS =
- tokenProvider.family() + "$" + provider.getTokenElement() + "$" + provider.getTokenElementNS();
+ String tokenElementAndNS = tokenProvider.family() + "$" + provider.getTokenElement() + "$"
+ + provider.getTokenElementNS();
this.tokenProviders.put(tokenElementAndNS, tokenProvider);
}
}
@@ -143,14 +143,14 @@
List<KeyValueType> processorPropertiesList;
try
{
- processorPropertiesList = CoreConfigUtil.getProperties( processor );
+ processorPropertiesList = CoreConfigUtil.getProperties(processor);
}
catch (GeneralSecurityException e)
{
- throw new RuntimeException( e );
- }
+ throw new RuntimeException(e);
+ }
- for (KeyValueType propertyType : processorPropertiesList )
+ for (KeyValueType propertyType : processorPropertiesList)
properties.put(propertyType.getKey(), propertyType.getValue());
// create and initialize the claims processor.
@@ -177,10 +177,13 @@
try
{
//Decrypt/de-mask the passwords if any
- List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProviderType);
-
- this.trustManager = (TrustKeyManager) SecurityActions.instantiateClass(keyManagerClassName);
- this.trustManager.setAuthProperties( authProperties );
+ List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProviderType);
+
+ Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
+ if (clazz == null)
+ throw new RuntimeException(keyManagerClassName + " could not be loaded");
+ this.trustManager = (TrustKeyManager) clazz.newInstance();
+ this.trustManager.setAuthProperties(authProperties);
this.trustManager.setValidatingAlias(keyProviderType.getValidatingAlias());
}
catch (Exception e)
@@ -188,7 +191,7 @@
throw new RuntimeException("Unable to construct the key manager:", e);
}
}
- }
+ }
/*
* (non-Javadoc)
@@ -251,9 +254,9 @@
*/
public SecurityTokenProvider getProviderForService(String serviceName)
{
- if( serviceName == null )
- throw new IllegalArgumentException( "serviceName is null ");
-
+ if (serviceName == null)
+ throw new IllegalArgumentException("serviceName is null ");
+
ServiceProviderType provider = this.spMetadata.get(serviceName);
if (provider != null)
{
@@ -269,8 +272,8 @@
*/
public SecurityTokenProvider getProviderForTokenType(String tokenType)
{
- if( tokenType == null )
- throw new IllegalArgumentException( "tokenType is null ");
+ if (tokenType == null)
+ throw new IllegalArgumentException("tokenType is null ");
return this.tokenProviders.get(tokenType);
}
@@ -279,8 +282,7 @@
*/
public SecurityTokenProvider getProviderForTokenElementNS(String family, QName tokenQName)
{
- return this.tokenProviders.get( family + "$" +
- tokenQName.getLocalPart() + "$" + tokenQName.getNamespaceURI() );
+ return this.tokenProviders.get(family + "$" + tokenQName.getLocalPart() + "$" + tokenQName.getNamespaceURI());
}
/*
@@ -383,7 +385,7 @@
* @see STSConfiguration#getXMLDSigCanonicalizationMethod()
*/
public String getXMLDSigCanonicalizationMethod()
- {
+ {
return delegate.getCanonicalizationMethod();
}
@@ -391,20 +393,20 @@
* @see {@code STSCoreConfig#addTokenProvider(String, SecurityTokenProvider)}
*/
public void addTokenProvider(String key, SecurityTokenProvider provider)
- {
+ {
SecurityManager sm = System.getSecurityManager();
- if( sm != null )
- sm.checkPermission( PicketLinkCoreSTS.rte );
-
- tokenProviders.put(key, provider);
+ if (sm != null)
+ sm.checkPermission(PicketLinkCoreSTS.rte);
+ tokenProviders.put(key, provider);
+
QName tokenQName = provider.getSupportedQName();
- if( tokenQName != null )
+ if (tokenQName != null)
{
- String tokenElementAndNS =
- provider.family() + "$" + tokenQName.getLocalPart() + "$" + tokenQName.getNamespaceURI() ;
-
- this.tokenProviders.put(tokenElementAndNS, provider );
+ String tokenElementAndNS = provider.family() + "$" + tokenQName.getLocalPart() + "$"
+ + tokenQName.getNamespaceURI();
+
+ this.tokenProviders.put(tokenElementAndNS, provider);
}
}
@@ -412,33 +414,33 @@
* @see {@code STSCoreConfig#removeTokenProvider(String)}
*/
public void removeTokenProvider(String key)
- {
+ {
SecurityManager sm = System.getSecurityManager();
- if( sm != null )
- sm.checkPermission( PicketLinkCoreSTS.rte );
-
- tokenProviders.remove(key);
+ if (sm != null)
+ sm.checkPermission(PicketLinkCoreSTS.rte);
+
+ tokenProviders.remove(key);
}
/**
* @see org.picketlink.identity.federation.core.sts.STSCoreConfig#getTokenProviders()
*/
public List<SecurityTokenProvider> getTokenProviders()
- {
+ {
List<SecurityTokenProvider> list = new ArrayList<SecurityTokenProvider>();
- list.addAll( tokenProviders .values());
+ list.addAll(tokenProviders.values());
return Collections.unmodifiableList(list);
}
/**
* @see org.picketlink.identity.federation.core.sts.STSCoreConfig#getProvidersByFamily(java.lang.String)
*/
- public List<SecurityTokenProvider> getProvidersByFamily( String familyName )
- {
+ public List<SecurityTokenProvider> getProvidersByFamily(String familyName)
+ {
List<SecurityTokenProvider> result = new ArrayList<SecurityTokenProvider>();
- for( SecurityTokenProvider provider: tokenProviders.values() )
+ for (SecurityTokenProvider provider : tokenProviders.values())
{
- if( provider.family().equals( familyName ))
+ if (provider.family().equals(familyName))
result.add(provider);
}
return result;
@@ -449,14 +451,14 @@
*/
public void copy(STSCoreConfig thatConfig)
{
- if( thatConfig instanceof PicketLinkSTSConfiguration )
+ if (thatConfig instanceof PicketLinkSTSConfiguration)
{
PicketLinkSTSConfiguration pc = (PicketLinkSTSConfiguration) thatConfig;
- this.tokenProviders.putAll( pc.tokenProviders );
- this.claimsProcessors.putAll( pc.claimsProcessors );
+ this.tokenProviders.putAll(pc.tokenProviders);
+ this.claimsProcessors.putAll(pc.claimsProcessors);
}
- else
- throw new RuntimeException( "Unknown config :" + thatConfig ); //TODO: Handle other configuration
+ else
+ throw new RuntimeException("Unknown config :" + thatConfig); //TODO: Handle other configuration
}
@Override
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -24,6 +24,7 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.net.URL;
import java.util.Properties;
import org.apache.log4j.Logger;
@@ -379,10 +380,10 @@
return new FileInputStream(file);
}
// Try it as a classpath resource ...
- final ClassLoader threadClassLoader = SecurityActions.getContextClassLoader();
- if (threadClassLoader != null)
+ URL url = SecurityActions.loadResource(STSClientConfig.class, resource);
+ if (url != null)
{
- final InputStream is = threadClassLoader.getResourceAsStream(resource);
+ final InputStream is = url.openStream();
if (is != null)
{
return is;
@@ -391,5 +392,4 @@
return null;
}
-
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,10 +21,9 @@
*/
package org.picketlink.identity.federation.core.wstrust;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* <p>
@@ -35,73 +34,67 @@
*/
class SecurityActions
{
-
- /**
- * <p>
- * Gets the thread context class loader using a privileged block.
- * </p>
- *
- * @return a reference to the thread context {@code ClassLoader}.
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
- /**
- * <p>
- * Loads a class using the thread context class loader in a privileged block.
- * </p>
- *
- * @param name the fully-qualified name of the class to be loaded.
- * @return a reference to the loaded {@code Class}.
- * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause
- * of the error, so classes using this method must perform a {@code getCause()} in order to get a
- * reference to the root of the error.
- */
- static Class<?> loadClass(final String name) throws PrivilegedActionException
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public Class<?> run() throws PrivilegedActionException
+ public Class<?> run()
{
try
{
- return getContextClassLoader().loadClass(name);
+ return cl.loadClass(fqn);
}
- catch (Exception e)
+ catch (ClassNotFoundException e)
{
- throw new PrivilegedActionException(e);
}
+ return null;
}
});
}
/**
- * <p>
- * Creates an instance of the specified class in a privileged block. The class must define a default constructor.
- * </p>
- *
- * @param className the fully-qualified name of the class to be instantiated.
- * @return a reference to the instantiated {@code Object}.
- * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real
- * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a
- * reference to the root of the error.
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
+ * @return
*/
- static Object instantiateClass(final String className) throws PrivilegedActionException
+ static URL loadResource(final Class<?> clazz, final String resourceName)
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
{
- public Object run() throws Exception
+ public URL run()
{
- Class<?> objectClass = loadClass(className);
- return objectClass.newInstance();
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
}
});
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,7 +21,6 @@
*/
package org.picketlink.identity.federation.core.wstrust;
-import java.security.PrivilegedActionException;
import java.util.Map;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
@@ -72,7 +71,10 @@
{
try
{
- WSTrustRequestHandler handler = (WSTrustRequestHandler) SecurityActions.instantiateClass(handlerClassName);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), handlerClassName);
+ if (clazz == null)
+ throw new RuntimeException(handlerClassName + " could not be loaded");
+ WSTrustRequestHandler handler = (WSTrustRequestHandler) clazz.newInstance();
handler.initialize(configuration);
return handler;
}
@@ -96,16 +98,19 @@
{
try
{
- SecurityTokenProvider tokenProvider = (SecurityTokenProvider) SecurityActions.instantiateClass(providerClass);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), providerClass);
+ if (clazz == null)
+ throw new RuntimeException(providerClass + " could not be loaded");
+ SecurityTokenProvider tokenProvider = (SecurityTokenProvider) clazz.newInstance();
tokenProvider.initialize(properties);
return tokenProvider;
}
- catch (PrivilegedActionException pae)
+ catch (Exception pae)
{
throw new RuntimeException("Unable to instantiate token provider " + providerClass, pae);
}
}
-
+
/**
* <p>
* Constructs and returns a {@code ClaimsProcessor} from the specified class name. The processor is initialized
@@ -121,13 +126,16 @@
{
try
{
- ClaimsProcessor claimsProcessor = (ClaimsProcessor) SecurityActions.instantiateClass(processorClass);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), processorClass);
+ if (clazz == null)
+ throw new RuntimeException(processorClass + " could not be loaded");
+ ClaimsProcessor claimsProcessor = (ClaimsProcessor) clazz.newInstance();
claimsProcessor.initialize(properties);
return claimsProcessor;
}
- catch (PrivilegedActionException pae)
+ catch (Exception pae)
{
throw new RuntimeException("Unable to instantiate claims processor " + processorClass, pae);
}
}
-}
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -18,7 +18,6 @@
package org.picketlink.identity.federation.core.wstrust.plugins.saml;
import java.security.Principal;
-import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -66,7 +65,7 @@
*/
public class SAML20TokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider
{
- protected static Logger logger = Logger.getLogger(SAML20TokenProvider.class);
+ protected static Logger logger = Logger.getLogger(SAML20TokenProvider.class);
private SAML20TokenAttributeProvider attributeProvider;
@@ -77,8 +76,8 @@
*/
public void initialize(Map<String, String> properties)
{
- super.initialize(properties);
-
+ super.initialize(properties);
+
// Check if an attribute provider has been set.
String attributeProviderClassName = this.properties.get(ATTRIBUTE_PROVIDER);
if (attributeProviderClassName == null)
@@ -90,7 +89,8 @@
{
try
{
- Object object = SecurityActions.instantiateClass(attributeProviderClassName);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), attributeProviderClassName);
+ Object object = clazz.newInstance();
if (object instanceof SAML20TokenAttributeProvider)
{
this.attributeProvider = (SAML20TokenAttributeProvider) object;
@@ -100,7 +100,7 @@
logger.warn("Attribute provider not installed: " + attributeProviderClassName
+ "is not an instance of SAML20TokenAttributeProvider");
}
- catch (PrivilegedActionException pae)
+ catch (Exception pae)
{
logger.warn("Error instantiating attribute provider: " + pae.getMessage());
pae.printStackTrace();
@@ -114,15 +114,15 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void cancelToken( ProtocolContext protoContext) throws ProcessingException
+ public void cancelToken(ProtocolContext protoContext) throws ProcessingException
{
- if(! (protoContext instanceof WSTrustRequestContext) )
+ if (!(protoContext instanceof WSTrustRequestContext))
return;
-
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
-
+
// get the assertion that must be canceled.
- Element token = (Element) context.getRequestSecurityToken().getCancelTargetElement();
+ Element token = context.getRequestSecurityToken().getCancelTargetElement();
if (token == null)
throw new ProcessingException("Invalid cancel request: missing required CancelTarget");
Element assertionElement = (Element) token.getFirstChild();
@@ -140,12 +140,12 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void issueToken( ProtocolContext protoContext) throws ProcessingException
+ public void issueToken(ProtocolContext protoContext) throws ProcessingException
{
- if(! (protoContext instanceof WSTrustRequestContext) )
+ if (!(protoContext instanceof WSTrustRequestContext))
return;
-
- WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
+
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
@@ -205,7 +205,7 @@
AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement();
if (attributeStatement != null)
{
- assertion.addStatement( attributeStatement );
+ assertion.addStatement(attributeStatement);
}
}
@@ -239,14 +239,14 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void renewToken( ProtocolContext protoContext ) throws ProcessingException
+ public void renewToken(ProtocolContext protoContext) throws ProcessingException
{
- if(! (protoContext instanceof WSTrustRequestContext) )
+ if (!(protoContext instanceof WSTrustRequestContext))
return;
-
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
// get the specified assertion that must be renewed.
- Element token = (Element) context.getRequestSecurityToken().getRenewTargetElement();
+ Element token = context.getRequestSecurityToken().getRenewTargetElement();
if (token == null)
throw new ProcessingException("Invalid renew request: missing required RenewTarget");
Element oldAssertionElement = (Element) token.getFirstChild();
@@ -259,7 +259,7 @@
{
oldAssertion = SAMLUtil.fromElement(oldAssertionElement);
}
- catch ( Exception je )
+ catch (Exception je)
{
throw new ProcessingException("Error unmarshalling assertion", je);
}
@@ -276,14 +276,13 @@
// create a new unique ID for the renewed assertion.
String assertionID = IDGenerator.create("ID_");
-
+
List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
- statements.addAll( oldAssertion.getStatements() );
+ statements.addAll(oldAssertion.getStatements());
// create the new assertion.
AssertionType newAssertion = SAMLAssertionFactory.createAssertion(assertionID, oldAssertion.getIssuer(), context
- .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(),
- statements );
+ .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), statements);
// create a security token with the new assertion.
Element assertionElement = null;
@@ -313,11 +312,11 @@
* @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#
* validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
*/
- public void validateToken( ProtocolContext protoContext ) throws ProcessingException
+ public void validateToken(ProtocolContext protoContext) throws ProcessingException
{
- if(! (protoContext instanceof WSTrustRequestContext) )
+ if (!(protoContext instanceof WSTrustRequestContext))
return;
-
+
WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
if (logger.isTraceEnabled())
logger.trace("SAML V2.0 token validation started");
@@ -343,7 +342,7 @@
{
assertion = SAMLUtil.fromElement(assertionElement);
}
- catch ( Exception e )
+ catch (Exception e)
{
throw new ProcessingException("Unmarshalling error:", e);
}
@@ -413,15 +412,15 @@
* @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName()
*/
public QName getSupportedQName()
- {
- return new QName( tokenType(), JBossSAMLConstants.ASSERTION.get() );
+ {
+ return new QName(tokenType(), JBossSAMLConstants.ASSERTION.get());
}
/**
* @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family()
*/
public String family()
- {
+ {
return SecurityTokenProvider.FAMILY_TYPE.WS_TRUST.toString();
- }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -23,8 +23,6 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* <p>
@@ -36,73 +34,40 @@
class SecurityActions
{
- /**
- * <p>
- * Gets the thread context class loader using a privileged block.
- * </p>
- *
- * @return a reference to the thread context {@code ClassLoader}.
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
- /**
- * <p>
- * Loads a class using the thread context class loader in a privileged block.
- * </p>
- *
- * @param name the fully-qualified name of the class to be loaded.
- * @return a reference to the loaded {@code Class}.
- * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause
- * of the error, so classes using this method must perform a {@code getCause()} in order to get a
- * reference to the root of the error.
- */
- static Class<?> loadClass(final String name) throws PrivilegedActionException
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public Class<?> run() throws PrivilegedActionException
+ public Class<?> run()
{
try
{
- return getContextClassLoader().loadClass(name);
+ return cl.loadClass(fqn);
}
- catch (Exception e)
+ catch (ClassNotFoundException e)
{
- throw new PrivilegedActionException(e);
}
+ return null;
}
});
}
-
- /**
- * <p>
- * Creates an instance of the specified class in a privileged block. The class must define a default constructor.
- * </p>
- *
- * @param className the fully-qualified name of the class to be instantiated.
- * @return a reference to the instantiated {@code Object}.
- * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real
- * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a
- * reference to the root of the error.
- */
- static Object instantiateClass(final String className) throws PrivilegedActionException
- {
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- Class<?> objectClass = loadClass(className);
- return objectClass.newInstance();
- }
- });
- }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,8 +21,6 @@
*/
package org.picketlink.test.identity.federation.core.wstrust;
-import java.security.PrivilegedActionException;
-
import java.util.HashMap;
import junit.framework.TestCase;
@@ -71,7 +69,7 @@
}
catch (RuntimeException re)
{
- assertTrue(re.getCause() instanceof PrivilegedActionException);
+ assertTrue(re.getCause().getMessage().contains("could not be loaded"));
}
}
@@ -103,8 +101,7 @@
}
catch (RuntimeException re)
{
- assertTrue(re.getCause() instanceof PrivilegedActionException);
+ assertTrue(re.getCause().getMessage().contains("could not be loaded"));
}
-
}
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -96,10 +96,10 @@
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
@@ -121,68 +121,71 @@
* @since Aug 21, 2009
*/
public class SPFilter implements Filter
-{
+{
private static Logger log = Logger.getLogger(SPFilter.class);
- private boolean trace = log.isTraceEnabled();
+ private final boolean trace = log.isTraceEnabled();
+
protected SPType spConfiguration = null;
+
protected String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
protected String serviceURL = null;
+
protected String identityURL = null;
private TrustKeyManager keyManager;
-
+
private ServletContext context = null;
+
private transient SAML2HandlerChain chain = null;
-
+
protected boolean ignoreSignatures = false;
-
+
private IRoleValidator roleValidator = new DefaultRoleValidator();
-
- private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
-
+
+ private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
+
protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
public void destroy()
{
}
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
- FilterChain filterChain)
- throws IOException, ServletException
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+ throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
-
+
boolean postMethod = "POST".equalsIgnoreCase(request.getMethod());
HttpSession session = request.getSession();
-
+
Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);;
-
+
String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
- String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
-
+ String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
+
//Eagerly look for Global LogOut
String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT);
boolean logOutRequest = isNotNull(gloStr) && "true".equalsIgnoreCase(gloStr);
-
- if(!postMethod && !logOutRequest)
+
+ if (!postMethod && !logOutRequest)
{
//Check if we are already authenticated
- if(userPrincipal != null)
+ if (userPrincipal != null)
{
filterChain.doFilter(servletRequest, servletResponse);
return;
}
-
+
//We need to send request to IDP
- if(userPrincipal == null)
+ if (userPrincipal == null)
{
String relayState = null;
try
- {
+ {
//TODO: use the handlers to generate the request
AuthnRequestType authnRequest = createSAMLRequest(serviceURL, identityURL);
sendRequestToIDP(authnRequest, relayState, response);
@@ -190,81 +193,77 @@
catch (Exception e)
{
throw new ServletException(e);
- }
+ }
return;
- }
+ }
}
else
{
- if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
+ if (!isNotNull(samlRequest) && !isNotNull(samlResponse))
{
//Neither saml request nor response from IDP
//So this is a user request
-
+
//Ask the handler chain to generate the saml request
Set<SAML2Handler> handlers = chain.handlers();
-
+
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context);
+ ProtocolContext protocolContext = new HTTPContext(request, response, context);
//Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), null,
- HANDLER_TYPE.SP);
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
+ SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), null, HANDLER_TYPE.SP);
+
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
saml2HandlerResponse.setDestination(identityURL);
-
+
//Reset the state
try
{
- for(SAML2Handler handler: handlers)
+ for (SAML2Handler handler : handlers)
{
handler.reset();
- if(saml2HandlerResponse.isInError())
+ if (saml2HandlerResponse.isInError())
{
response.sendError(saml2HandlerResponse.getErrorCode());
break;
- }
-
- if(logOutRequest)
+ }
+
+ if (logOutRequest)
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
- else
+ else
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
- }
+ }
}
- catch(ProcessingException pe)
+ catch (ProcessingException pe)
{
throw new RuntimeException(pe);
- }
+ }
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
-
+
String destination = saml2HandlerResponse.getDestination();
-
-
- if(destination != null &&
- samlResponseDocument != null)
+
+ if (destination != null && samlResponseDocument != null)
{
try
{
- this.sendToDestination(samlResponseDocument, relayState, destination, response,
+ this.sendToDestination(samlResponseDocument, relayState, destination, response,
saml2HandlerResponse.getSendRequest());
}
catch (Exception e)
{
- if(trace)
- log.trace("Exception:",e);
+ if (trace)
+ log.trace("Exception:", e);
throw new ServletException("Server Error");
- }
+ }
return;
}
}
-
+
//See if we got a response from IDP
- if(isNotNull(samlResponse))
+ if (isNotNull(samlResponse))
{
boolean isValid = false;
try
@@ -275,51 +274,49 @@
{
throw new ServletException(e);
}
- if(!isValid)
+ if (!isValid)
throw new ServletException("Validity check failed");
-
+
//deal with SAML response from IDP
byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
InputStream is = new ByteArrayInputStream(base64DecodedResponse);
//Are we going to send Request to IDP?
boolean willSendRequest = true;
-
+
try
{
SAML2Response saml2Response = new SAML2Response();
-
+
SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is);
SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();
- if(!ignoreSignatures)
- {
- if(!verifySignature(documentHolder))
- throw new ServletException("Cannot verify sender");
+ if (!ignoreSignatures)
+ {
+ if (!verifySignature(documentHolder))
+ throw new ServletException("Cannot verify sender");
}
-
+
Set<SAML2Handler> handlers = chain.handlers();
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context);
+ ProtocolContext protocolContext = new HTTPContext(request, response, context);
//Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
- if( keyManager != null )
- saml2HandlerRequest.addOption( GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey() );
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
+ SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), documentHolder, HANDLER_TYPE.SP);
+ if (keyManager != null)
+ saml2HandlerRequest.addOption(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
+
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
//Deal with handler chains
- for(SAML2Handler handler : handlers)
+ for (SAML2Handler handler : handlers)
{
- if(saml2HandlerResponse.isInError())
+ if (saml2HandlerResponse.isInError())
{
response.sendError(saml2HandlerResponse.getErrorCode());
break;
}
- if(samlObject instanceof RequestAbstractType)
+ if (samlObject instanceof RequestAbstractType)
{
handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
willSendRequest = false;
@@ -332,27 +329,25 @@
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
-
+
String destination = saml2HandlerResponse.getDestination();
-
-
- if(destination != null &&
- samlResponseDocument != null)
+
+ if (destination != null && samlResponseDocument != null)
{
this.sendToDestination(samlResponseDocument, relayState, destination, response, willSendRequest);
return;
}
-
+
//See if the session has been invalidated
try
{
- session.isNew();
+ session.isNew();
}
- catch(IllegalStateException ise)
+ catch (IllegalStateException ise)
{
//we are invalidated.
- RequestDispatcher dispatch = context.getRequestDispatcher(this.logOutPage);
- if(dispatch == null)
+ RequestDispatcher dispatch = context.getRequestDispatcher(this.logOutPage);
+ if (dispatch == null)
log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage);
else
dispatch.forward(request, response);
@@ -362,58 +357,56 @@
}
catch (Exception e)
{
- if(trace)
+ if (trace)
log.trace("Server Exception:", e);
throw new ServletException("Server Exception");
- }
-
+ }
+
}
-
- if(isNotNull(samlRequest))
+
+ if (isNotNull(samlRequest))
{
//we got a logout request
-
+
//deal with SAML response from IDP
byte[] base64DecodedRequest = PostBindingUtil.base64Decode(samlRequest);
InputStream is = new ByteArrayInputStream(base64DecodedRequest);
//Are we going to send Request to IDP?
boolean willSendRequest = false;
-
+
try
{
- SAML2Request saml2Request = new SAML2Request();
+ SAML2Request saml2Request = new SAML2Request();
SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder();
-
- if(!ignoreSignatures)
- {
- if(!verifySignature(documentHolder))
- throw new ServletException("Cannot verify sender");
+
+ if (!ignoreSignatures)
+ {
+ if (!verifySignature(documentHolder))
+ throw new ServletException("Cannot verify sender");
}
-
+
Set<SAML2Handler> handlers = chain.handlers();
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context);
+ ProtocolContext protocolContext = new HTTPContext(request, response, context);
//Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
- if( keyManager != null )
- saml2HandlerRequest.addOption( GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey() );
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
+ SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), documentHolder, HANDLER_TYPE.SP);
+ if (keyManager != null)
+ saml2HandlerRequest.addOption(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
+
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
//Deal with handler chains
- for(SAML2Handler handler : handlers)
+ for (SAML2Handler handler : handlers)
{
- if(saml2HandlerResponse.isInError())
+ if (saml2HandlerResponse.isInError())
{
response.sendError(saml2HandlerResponse.getErrorCode());
break;
}
- if(samlObject instanceof RequestAbstractType)
+ if (samlObject instanceof RequestAbstractType)
{
handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
willSendRequest = false;
@@ -426,32 +419,30 @@
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
-
+
String destination = saml2HandlerResponse.getDestination();
-
-
- if(destination != null &&
- samlResponseDocument != null)
+
+ if (destination != null && samlResponseDocument != null)
{
this.sendToDestination(samlResponseDocument, relayState, destination, response, willSendRequest);
return;
- }
+ }
}
catch (Exception e)
{
- if(trace)
+ if (trace)
log.trace("Server Exception:", e);
throw new ServletException("Server Exception");
- }
- }
- }
+ }
+ }
+ }
}
public void init(FilterConfig filterConfig) throws ServletException
{
this.context = filterConfig.getServletContext();
InputStream is = context.getResourceAsStream(configFile);
- if(is == null)
+ if (is == null)
throw new RuntimeException(configFile + " missing");
try
{
@@ -460,118 +451,117 @@
this.serviceURL = spConfiguration.getServiceURL();
this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod();
- log.info( "SPFilter:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
+ log.info("SPFilter:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod);
XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
-
- log.trace("Identity Provider URL=" + this.identityURL);
+
+ log.trace("Identity Provider URL=" + this.identityURL);
}
catch (Exception e)
{
throw new RuntimeException(e);
}
-
+
//Get the Role Validator if configured
String roleValidatorName = filterConfig.getInitParameter(GeneralConstants.ROLE_VALIDATOR);
- if(roleValidatorName != null && !"".equals(roleValidatorName))
+ if (roleValidatorName != null && !"".equals(roleValidatorName))
{
try
{
- Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(roleValidatorName);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), roleValidatorName);
this.roleValidator = (IRoleValidator) clazz.newInstance();
}
catch (Exception e)
{
throw new RuntimeException(e);
- }
+ }
}
-
- Map<String,String> options = new HashMap<String, String>();
+
+ Map<String, String> options = new HashMap<String, String>();
String roles = filterConfig.getInitParameter(GeneralConstants.ROLES);
- if(trace)
- log.trace("Found Roles in SPFilter config="+roles);
- if(roles != null)
+ if (trace)
+ log.trace("Found Roles in SPFilter config=" + roles);
+ if (roles != null)
{
options.put("ROLES", roles);
}
- this.roleValidator.intialize(options);
-
+ this.roleValidator.intialize(options);
+
String samlHandlerChainClass = filterConfig.getInitParameter("SAML_HANDLER_CHAIN_CLASS");
//Get the chain from config
- if(StringUtil.isNullOrEmpty(samlHandlerChainClass))
+ if (StringUtil.isNullOrEmpty(samlHandlerChainClass))
chain = SAML2HandlerChainFactory.createChain();
- else
- try
- {
- chain = SAML2HandlerChainFactory.createChain(samlHandlerChainClass);
- }
- catch (ProcessingException e1)
- {
- throw new ServletException(e1);
- }
+ else
+ try
+ {
+ chain = SAML2HandlerChainFactory.createChain(samlHandlerChainClass);
+ }
+ catch (ProcessingException e1)
+ {
+ throw new ServletException(e1);
+ }
try
{
//Get the handlers
String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
Handlers handlers = ConfigurationUtil.getHandlers(context.getResourceAsStream(handlerConfigFileName));
chain.addAll(HandlerUtil.getHandlers(handlers));
-
+
Map<String, Object> chainConfigOptions = new HashMap<String, Object>();
- chainConfigOptions.put(GeneralConstants.CONFIGURATION, spConfiguration);
+ chainConfigOptions.put(GeneralConstants.CONFIGURATION, spConfiguration);
chainConfigOptions.put(GeneralConstants.ROLE_VALIDATOR, roleValidator);
- chainConfigOptions.put( GeneralConstants.CANONICALIZATION_METHOD, canonicalizationMethod );
-
+ chainConfigOptions.put(GeneralConstants.CANONICALIZATION_METHOD, canonicalizationMethod);
+
SAML2HandlerChainConfig handlerChainConfig = new DefaultSAML2HandlerChainConfig(chainConfigOptions);
Set<SAML2Handler> samlHandlers = chain.handlers();
-
- for(SAML2Handler handler: samlHandlers)
+
+ for (SAML2Handler handler : samlHandlers)
{
handler.initChainConfig(handlerChainConfig);
}
}
- catch(Exception e)
+ catch (Exception e)
{
- throw new RuntimeException(e);
+ throw new RuntimeException(e);
}
-
+
String ignoreSigString = filterConfig.getInitParameter(GeneralConstants.IGNORE_SIGNATURES);
- if(ignoreSigString != null && !"".equals(ignoreSigString))
+ if (ignoreSigString != null && !"".equals(ignoreSigString))
{
this.ignoreSignatures = Boolean.parseBoolean(ignoreSigString);
}
-
- if(ignoreSignatures == false)
- {
+
+ if (ignoreSignatures == false)
+ {
KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
- if(keyProvider == null)
+ if (keyProvider == null)
throw new RuntimeException("KeyProvider is null");
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
+ if (keyManagerClassName == null)
throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
+
+ Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
this.keyManager = (TrustKeyManager) clazz.newInstance();
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
- keyManager.setAuthProperties( authProperties );
-
+ keyManager.setAuthProperties(authProperties);
+
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
}
- catch(Exception e)
+ catch (Exception e)
{
- log.error("Exception reading configuration:",e);
+ log.error("Exception reading configuration:", e);
throw new RuntimeException(e.getLocalizedMessage());
}
- log.trace("Key Provider=" + keyProvider.getClassName());
+ log.trace("Key Provider=" + keyProvider.getClassName());
}
-
+
//see if a global logout page has been configured
String gloPage = filterConfig.getInitParameter(GeneralConstants.LOGOUT_PAGE);
- if(gloPage != null && !"".equals(gloPage))
- this.logOutPage = gloPage;
+ if (gloPage != null && !"".equals(gloPage))
+ this.logOutPage = gloPage;
}
/**
@@ -583,71 +573,65 @@
*/
private AuthnRequestType createSAMLRequest(String serviceURL, String identityURL) throws ConfigurationException
{
- if(serviceURL == null)
+ if (serviceURL == null)
throw new IllegalArgumentException("serviceURL is null");
- if(identityURL == null)
+ if (identityURL == null)
throw new IllegalArgumentException("identityURL is null");
-
+
SAML2Request saml2Request = new SAML2Request();
String id = IDGenerator.create("ID_");
- return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL);
+ return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL);
}
-
- protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
- HttpServletResponse response)
- throws IOException, SAXException, GeneralSecurityException
+
+ protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, HttpServletResponse response)
+ throws IOException, SAXException, GeneralSecurityException
{
SAML2Request saml2Request = new SAML2Request();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saml2Request.marshall(authnRequest, baos);
-
- String samlMessage = PostBindingUtil.base64Encode(baos.toString());
+
+ String samlMessage = PostBindingUtil.base64Encode(baos.toString());
String destination = authnRequest.getDestination().toASCIIString();
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
- response, true);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState), response, true);
}
-
- protected void sendToDestination(Document samlDocument, String relayState,
- String destination,
- HttpServletResponse response,
- boolean request)
- throws IOException, SAXException, GeneralSecurityException
+
+ protected void sendToDestination(Document samlDocument, String relayState, String destination,
+ HttpServletResponse response, boolean request) throws IOException, SAXException, GeneralSecurityException
{
- if(!ignoreSignatures)
+ if (!ignoreSignatures)
{
- SAML2Signature samlSignature = new SAML2Signature();
-
+ SAML2Signature samlSignature = new SAML2Signature();
+
KeyPair keypair = keyManager.getSigningKeyPair();
samlSignature.signSAMLDocument(samlDocument, keypair);
}
- String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
- response, request);
+ String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState), response, request);
}
-
+
protected boolean validate(HttpServletRequest request) throws IOException, GeneralSecurityException
{
- return request.getParameter("SAMLResponse") != null;
+ return request.getParameter("SAMLResponse") != null;
}
-
+
protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException
- {
+ {
Document samlResponse = samlDocumentHolder.getSamlDocument();
- SAML2Object samlObject = samlDocumentHolder.getSamlObject();
-
+ SAML2Object samlObject = samlDocumentHolder.getSamlObject();
+
String issuerID = null;
- if(samlObject instanceof StatusResponseType)
+ if (samlObject instanceof StatusResponseType)
{
- issuerID = ((StatusResponseType)samlObject).getIssuer().getValue();
+ issuerID = ((StatusResponseType) samlObject).getIssuer().getValue();
}
else
{
- issuerID = ((RequestAbstractType)samlObject).getIssuer().getValue();
+ issuerID = ((RequestAbstractType) samlObject).getIssuer().getValue();
}
-
- if(issuerID == null)
+
+ if (issuerID == null)
throw new IssuerNotTrustedException("Issue missing");
-
+
URL issuerURL;
try
{
@@ -657,59 +641,59 @@
{
throw new IssuerNotTrustedException(e1);
}
-
+
try
{
PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
- log.trace("Going to verify signature in the saml response from IDP");
- boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
- log.trace("Signature verification="+sigResult);
+ log.trace("Going to verify signature in the saml response from IDP");
+ boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
+ log.trace("Signature verification=" + sigResult);
return sigResult;
}
catch (TrustKeyConfigurationException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
catch (TrustKeyProcessingException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
catch (MarshalException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
catch (XMLSignatureException e)
{
- log.error("Unable to verify signature",e);
+ log.error("Unable to verify signature", e);
}
return false;
- }
-
+ }
+
protected void isTrusted(String issuer) throws IssuerNotTrustedException
{
try
{
URL url = new URL(issuer);
- String issuerDomain = url.getHost();
- TrustType idpTrust = spConfiguration.getTrust();
- if(idpTrust != null)
+ String issuerDomain = url.getHost();
+ TrustType idpTrust = spConfiguration.getTrust();
+ if (idpTrust != null)
{
String domainsTrusted = idpTrust.getDomains();
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- throw new IssuerNotTrustedException(issuer);
+ if (domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
}
}
catch (Exception e)
{
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(), e);
}
}
-
+
protected ResponseType decryptAssertion(ResponseType responseType)
{
throw new RuntimeException("This authenticator does not handle encryption");
}
-
+
/**
* Handle the SAMLResponse from the IDP
* @param request entire request from IDP
@@ -717,67 +701,68 @@
* @param serverEnvironment tomcat,jboss etc
* @return
* @throws AssertionExpiredException
- */
- public Principal handleSAMLResponse(HttpServletRequest request, ResponseType responseType)
- throws ConfigurationException, AssertionExpiredException
+ */
+ public Principal handleSAMLResponse(HttpServletRequest request, ResponseType responseType)
+ throws ConfigurationException, AssertionExpiredException
{
- if(request == null)
+ if (request == null)
throw new IllegalArgumentException("request is null");
- if(responseType == null)
+ if (responseType == null)
throw new IllegalArgumentException("response type is null");
-
+
StatusType statusType = responseType.getStatus();
- if(statusType == null)
+ if (statusType == null)
throw new IllegalArgumentException("Status Type from the IDP is null");
String statusValue = statusType.getStatusCode().getValue().toASCIIString();
- if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
+ if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
throw new SecurityException("IDP forbid the user");
- List<org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType> assertions = responseType.getAssertions();
- if(assertions.size() == 0)
- throw new IllegalStateException("No assertions in reply from IDP");
-
+ List<org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType> assertions = responseType
+ .getAssertions();
+ if (assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
AssertionType assertion = assertions.get(0).getAssertion();
//Check for validity of assertion
boolean expiredAssertion = AssertionUtil.hasExpired(assertion);
- if(expiredAssertion)
+ if (expiredAssertion)
throw new AssertionExpiredException();
-
- SubjectType subject = assertion.getSubject();
+
+ SubjectType subject = assertion.getSubject();
/*JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0);
NameIDType nameID = jnameID.getValue();*/
NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
-
+
final String userName = nameID.getValue();
List<String> roles = new ArrayList<String>();
//Let us get the roles
AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next();
List<ASTChoiceType> attList = attributeStatement.getAttributes();
- for(ASTChoiceType obj:attList)
+ for (ASTChoiceType obj : attList)
{
AttributeType attr = obj.getAttribute();
String roleName = (String) attr.getAttributeValue().get(0);
roles.add(roleName);
}
-
+
Principal principal = new Principal()
{
public String getName()
{
return userName;
}
- };
-
+ };
+
//Validate the roles
boolean validRole = roleValidator.userInRole(principal, roles);
- if(!validRole)
+ if (!validRole)
{
- if(trace)
+ if (trace)
log.trace("Invalid role:" + roles);
principal = null;
}
return principal;
- }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,18 +31,40 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-}
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -22,7 +22,7 @@
package org.picketlink.identity.federation.web.handlers;
import java.io.IOException;
-import java.io.InputStream;
+import java.net.URL;
import java.util.Properties;
import javax.security.auth.login.LoginException;
@@ -40,16 +40,15 @@
public class DefaultLoginHandler implements ILoginHandler
{
private static Properties props = new Properties();
-
+
static
{
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- InputStream is = tcl.getResourceAsStream("users.properties");
- if(is == null)
+ URL url = SecurityActions.loadResource(DefaultLoginHandler.class, "users.properties");
+ if (url == null)
throw new RuntimeException("users.properties not found");
- props.load(is);
+ props.load(url.openStream());
}
catch (IOException e)
{
@@ -59,18 +58,18 @@
public boolean authenticate(String username, Object credential) throws LoginException
{
- String pass= null;
- if(credential instanceof byte[])
+ String pass = null;
+ if (credential instanceof byte[])
{
- pass = new String((byte[])credential);
+ pass = new String((byte[]) credential);
}
- else if(credential instanceof String)
+ else if (credential instanceof String)
{
pass = (String) credential;
}
else
throw new RuntimeException("Unknown credential type:" + credential.getClass());
-
+
String storedPass = (String) props.get(username);
return storedPass != null ? storedPass.equals(pass) : false;
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.web.handlers;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -31,18 +32,69 @@
*/
class SecurityActions
{
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
- * Get the Thread Context ClassLoader
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
* @return
*/
- static ClassLoader getContextClassLoader()
+ static URL loadResource(final Class<?> clazz, final String resourceName)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
{
- public ClassLoader run()
+ public URL run()
{
- return Thread.currentThread().getContextClassLoader();
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
}
});
- }
-}
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -35,7 +35,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
-import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
@@ -48,78 +48,76 @@
public class RolesGenerationHandler extends BaseSAML2Handler
{
private static Logger log = Logger.getLogger(RolesGenerationHandler.class);
- private boolean trace = log.isTraceEnabled();
-
- private transient RoleGenerator roleGenerator = new EmptyRoleGenerator();
+ private final boolean trace = log.isTraceEnabled();
+
+ private transient RoleGenerator roleGenerator = new EmptyRoleGenerator();
+
@Override
public void initChainConfig(SAML2HandlerChainConfig handlerChainConfig) throws ConfigurationException
- {
+ {
super.initChainConfig(handlerChainConfig);
Object config = this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION);
- if(config instanceof IDPType)
+ if (config instanceof IDPType)
{
IDPType idpType = (IDPType) config;
String roleGeneratorString = idpType.getRoleGenerator();
- this.insantiateRoleValidator(roleGeneratorString);
- }
- }
-
+ this.insantiateRoleValidator(roleGeneratorString);
+ }
+ }
+
@Override
public void initHandlerConfig(SAML2HandlerConfig handlerConfig) throws ConfigurationException
{
super.initHandlerConfig(handlerConfig);
String roleGeneratorString = (String) this.handlerConfig.getParameter(GeneralConstants.ATTIBUTE_MANAGER);
- this.insantiateRoleValidator(roleGeneratorString);
+ this.insantiateRoleValidator(roleGeneratorString);
}
-
/**
* @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest, SAML2HandlerResponse)}
*/
@SuppressWarnings("unchecked")
- public void handleRequestType(SAML2HandlerRequest request,
- SAML2HandlerResponse response) throws ProcessingException
- {
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
+ {
//Do not handle log out request interaction
- if(request.getSAML2Object() instanceof LogoutRequestType)
- return ;
-
+ if (request.getSAML2Object() instanceof LogoutRequestType)
+ return;
+
//only handle IDP side
- if(getType() == HANDLER_TYPE.SP)
+ if (getType() == HANDLER_TYPE.SP)
return;
-
+
HTTPContext httpContext = (HTTPContext) request.getContext();
HttpSession session = httpContext.getRequest().getSession(false);
-
+
Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID);
-
- if(roles == null)
+
+ if (roles == null)
{
roles = roleGenerator.generateRoles(userPrincipal);
session.setAttribute(GeneralConstants.ROLES_ID, roles);
}
response.setRoles(roles);
}
-
- private void insantiateRoleValidator(String attribStr)
- throws ConfigurationException
+
+ private void insantiateRoleValidator(String attribStr) throws ConfigurationException
{
- if(attribStr != null && !"".equals(attribStr))
+ if (attribStr != null && !"".equals(attribStr))
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
try
{
- roleGenerator = (RoleGenerator) tcl.loadClass(attribStr).newInstance();
- if(trace)
+ Class<?> clazz = SecurityActions.loadClass(getClass(), attribStr);
+ roleGenerator = (RoleGenerator) clazz.newInstance();
+ if (trace)
log.trace("RoleGenerator set to " + this.roleGenerator);
}
catch (Exception e)
{
- log.error("Exception initializing role generator:",e);
- throw new ConfigurationException();
- }
- }
+ log.error("Exception initializing role generator:", e);
+ throw new ConfigurationException();
+ }
+ }
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -43,9 +43,9 @@
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
@@ -147,10 +147,9 @@
{
if (attribStr != null && !"".equals(attribStr))
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
try
{
- attribManager = (AttributeManager) tcl.loadClass(attribStr).newInstance();
+ attribManager = (AttributeManager) SecurityActions.loadClass(getClass(), attribStr).newInstance();
if (trace)
log.trace("AttributeManager set to " + this.attribManager);
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,18 +31,40 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-}
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -22,7 +22,7 @@
package org.picketlink.identity.federation.web.roles;
import java.io.IOException;
-import java.io.InputStream;
+import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
@@ -47,11 +47,10 @@
{
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- InputStream is = tcl.getResourceAsStream("roles.properties");
- if (is == null)
+ URL url = SecurityActions.loadResource(DefaultRoleGenerator.class, "roles.properties");
+ if (url == null)
throw new RuntimeException("roles.properties not found");
- props.load(is);
+ props.load(url.openStream());
}
catch (IOException e)
{
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.web.roles;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -31,18 +32,68 @@
*/
class SecurityActions
{
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
- * Get the Thread Context ClassLoader
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
* @return
*/
- static ClassLoader getContextClassLoader()
+ static URL loadResource(final Class<?> clazz, final String resourceName)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
{
- public ClassLoader run()
+ public URL run()
{
- return Thread.currentThread().getContextClassLoader();
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
}
});
- }
-}
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -46,41 +46,42 @@
public class IDPLoginServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
+
private transient ServletContext context;
+
private transient ILoginHandler loginHandler = null;
-
+
@Override
- protected void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
HttpSession session = request.getSession();
-
+
//Check if we are already authenticated
Principal principal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
- if(principal != null)
+ if (principal != null)
{
this.saveRequest(request, session);
- redirectToIDP(request,response);
+ redirectToIDP(request, response);
return;
}
-
+
final String username = request.getParameter(GeneralConstants.USERNAME_FIELD);
String passwd = request.getParameter(GeneralConstants.PASS_FIELD);
-
- if(username == null || passwd == null)
+
+ if (username == null || passwd == null)
{
String samlMessage = request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
-
- if(samlMessage == null || "".equals(samlMessage))
+
+ if (samlMessage == null || "".equals(samlMessage))
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-
+
log("No username or password found. Redirecting to login page");
this.saveRequest(request, session);
-
- if(response.isCommitted())
+
+ if (response.isCommitted())
throw new RuntimeException("Response is committed. Cannot forward to login page.");
-
- this.redirectToLoginPage(request, response);
+
+ this.redirectToLoginPage(request, response);
}
else
{
@@ -88,12 +89,12 @@
try
{
boolean isValid = loginHandler.authenticate(username, passwd);
- if(!isValid)
+ if (!isValid)
{
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
-
+
session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal()
{
public String getName()
@@ -101,8 +102,7 @@
return username;
}
});
-
-
+
this.redirectToIDP(request, response);
return;
}
@@ -112,7 +112,7 @@
//TODO: Send back invalid user SAML
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}
- }
+ }
}
@Override
@@ -120,58 +120,56 @@
{
super.init(config);
this.context = config.getServletContext();
-
+
String loginClass = config.getInitParameter("loginClass");
- if(loginClass == null || loginClass.length() == 0)
+ if (loginClass == null || loginClass.length() == 0)
loginClass = DefaultLoginHandler.class.getName();
//Lets set up the login class
try
{
- Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(loginClass);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), loginClass);
loginHandler = (ILoginHandler) clazz.newInstance();
}
catch (Exception e)
{
throw new ServletException(e);
- }
+ }
}
-
- public void testPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException
- {
+
+ public void testPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
this.doPost(request, response);
}
-
+
private void saveRequest(HttpServletRequest request, HttpSession session)
{
//Save the SAMLRequest and relayState
- session.setAttribute(GeneralConstants.SAML_REQUEST_KEY,
- request.getParameter(GeneralConstants.SAML_REQUEST_KEY));
- session.setAttribute(GeneralConstants.SAML_RESPONSE_KEY,
- request.getParameter(GeneralConstants.SAML_RESPONSE_KEY));
-
+ session.setAttribute(GeneralConstants.SAML_REQUEST_KEY, request.getParameter(GeneralConstants.SAML_REQUEST_KEY));
+ session
+ .setAttribute(GeneralConstants.SAML_RESPONSE_KEY, request.getParameter(GeneralConstants.SAML_RESPONSE_KEY));
+
String relayState = request.getParameter(GeneralConstants.RELAY_STATE);
- if(relayState != null && !"".equals(relayState))
- session.setAttribute(GeneralConstants.RELAY_STATE, relayState );
+ if (relayState != null && !"".equals(relayState))
+ session.setAttribute(GeneralConstants.RELAY_STATE, relayState);
session.setAttribute("Referer", request.getHeader("Referer"));
}
-
- private void redirectToIDP(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException
+
+ private void redirectToIDP(HttpServletRequest request, HttpServletResponse response) throws ServletException,
+ IOException
{
- RequestDispatcher dispatch = context.getRequestDispatcher("/IDPServlet");
- if(dispatch == null)
+ RequestDispatcher dispatch = context.getRequestDispatcher("/IDPServlet");
+ if (dispatch == null)
log("Cannot dispatch to the IDP Servlet");
else
dispatch.forward(request, response);
return;
}
-
- private void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException
+
+ private void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response) throws ServletException,
+ IOException
{
- RequestDispatcher dispatch = context.getRequestDispatcher("/jsp/login.jsp");
- if(dispatch == null)
+ RequestDispatcher dispatch = context.getRequestDispatcher("/jsp/login.jsp");
+ if (dispatch == null)
log("Cannot find the login page");
else
dispatch.forward(request, response);
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -171,8 +171,8 @@
String attributeManager = idpConfiguration.getAttributeManager();
if (attributeManager != null && !"".equals(attributeManager))
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- AttributeManager delegate = (AttributeManager) tcl.loadClass(attributeManager).newInstance();
+ AttributeManager delegate = (AttributeManager) SecurityActions.loadClass(getClass(), attributeManager)
+ .newInstance();
this.attribManager.setDelegate(delegate);
}
@@ -212,12 +212,11 @@
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
String keyManagerClassName = keyProvider.getClassName();
if (keyManagerClassName == null)
throw new RuntimeException("KeyManager class name is null");
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
this.keyManager = (TrustKeyManager) clazz.newInstance();
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
@@ -259,21 +258,13 @@
{
try
{
- Class<?> stackClass = SecurityActions.getContextClassLoader().loadClass(theStackParam);
+ Class<?> stackClass = SecurityActions.loadClass(getClass(), theStackParam);
identityServer.setStack((IdentityParticipantStack) stackClass.newInstance());
}
- catch (ClassNotFoundException e)
+ catch (Exception e)
{
log("Unable to set the Identity Participant Stack Class. Will just use the default", e);
}
- catch (InstantiationException e)
- {
- log("Unable to set the Identity Participant Stack Class. Will just use the default", e);
- }
- catch (IllegalAccessException e)
- {
- log("Unable to set the Identity Participant Stack Class. Will just use the default", e);
- }
}
}
@@ -683,7 +674,7 @@
{
try
{
- Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(rgName);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), rgName);
roleGenerator = (RoleGenerator) clazz.newInstance();
}
catch (Exception e)
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,18 +31,41 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -48,126 +48,122 @@
public class CircleOfTrustServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
-
+
private transient IMetadataConfigurationStore configProvider = new FileBasedMetadataConfigurationStore();
-
+
@Override
public void init(ServletConfig config) throws ServletException
{
- super.init(config);
-
+ super.init(config);
+
String cstr = config.getInitParameter("configProvider");
- if(isNotNull(cstr))
+ if (isNotNull(cstr))
{
- ClassLoader tcl;
try
{
- tcl = SecurityActions.getContextClassLoader();
- configProvider = (IMetadataConfigurationStore) tcl.loadClass(cstr).newInstance();
+ configProvider = (IMetadataConfigurationStore) SecurityActions.loadClass(getClass(), cstr).newInstance();
}
catch (Exception e)
{
throw new ServletException(e);
}
- }
+ }
}
-
-
+
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
- {
+ {
//Handle listing of providers for either idp or sp
//Handle adding an IDP
//Handle adding a SP
String action = req.getParameter("action");
String type = req.getParameter("type");
- if(action == null)
+ if (action == null)
throw new ServletException("action is null");
- if(type == null)
+ if (type == null)
throw new ServletException("type is null");
//SP
- if("sp".equalsIgnoreCase(type))
+ if ("sp".equalsIgnoreCase(type))
{
- if("add".equalsIgnoreCase(action))
+ if ("add".equalsIgnoreCase(action))
{
try
{
- addIDP(req,resp);
+ addIDP(req, resp);
req.getRequestDispatcher("/addedIDP.jsp").forward(req, resp);
}
catch (Exception e)
{
throw new ServletException(e);
- }
- }
- if("display_trusted_providers".equalsIgnoreCase(action))
+ }
+ }
+ if ("display_trusted_providers".equalsIgnoreCase(action))
{
try
{
- displayTrustedProvidersForSP(req,resp);
+ displayTrustedProvidersForSP(req, resp);
req.getRequestDispatcher("/spTrustedProviders.jsp").forward(req, resp);
}
catch (Exception e)
{
throw new ServletException(e);
- }
+ }
}
}
else
- //IDP
- if("idp".equalsIgnoreCase(type))
+ //IDP
+ if ("idp".equalsIgnoreCase(type))
+ {
+ if ("add".equalsIgnoreCase(action))
{
- if("add".equalsIgnoreCase(action))
+ try
{
- try
- {
- addSP(req,resp);
- req.getRequestDispatcher("/addedSP.jsp").forward(req, resp);
- }
- catch (Exception e)
- {
- throw new ServletException(e);
- }
- }
- if("display_trusted_providers".equalsIgnoreCase(action))
+ addSP(req, resp);
+ req.getRequestDispatcher("/addedSP.jsp").forward(req, resp);
+ }
+ catch (Exception e)
{
- try
- {
- displayTrustedProvidersForIDP(req,resp);
- req.getRequestDispatcher("/idpTrustedProviders.jsp").forward(req, resp);
- }
- catch (Exception e)
- {
- throw new ServletException(e);
- }
+ throw new ServletException(e);
}
}
+ if ("display_trusted_providers".equalsIgnoreCase(action))
+ {
+ try
+ {
+ displayTrustedProvidersForIDP(req, resp);
+ req.getRequestDispatcher("/idpTrustedProviders.jsp").forward(req, resp);
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
+ }
}
-
- private void addIDP(HttpServletRequest request, HttpServletResponse response)
- throws IOException
+
+ private void addIDP(HttpServletRequest request, HttpServletResponse response) throws IOException
{
String spName = request.getParameter("spname");
String idpName = request.getParameter("idpname");
String metadataURL = request.getParameter("metadataURL");
-
+
EntityDescriptorType edt = getMetaData(metadataURL);
-
+
configProvider.persist(edt, idpName);
-
+
HttpSession httpSession = request.getSession();
httpSession.setAttribute("idp", edt);
-
+
//Let us add the trusted providers
- Map<String,String> trustedProviders = new HashMap<String, String>();
+ Map<String, String> trustedProviders = new HashMap<String, String>();
try
{
- trustedProviders = configProvider.loadTrustedProviders(spName);
- }
+ trustedProviders = configProvider.loadTrustedProviders(spName);
+ }
catch (ClassNotFoundException e)
{
- log("Error obtaining the trusted providers for "+spName);
+ log("Error obtaining the trusted providers for " + spName);
throw new RuntimeException(e);
}
finally
@@ -176,29 +172,28 @@
configProvider.persistTrustedProviders(spName, trustedProviders);
}
}
-
- private void addSP(HttpServletRequest request, HttpServletResponse response)
- throws IOException
+
+ private void addSP(HttpServletRequest request, HttpServletResponse response) throws IOException
{
String idpName = request.getParameter("idpname");
String spName = request.getParameter("spname");
- String metadataURL = request.getParameter("metadataURL");
+ String metadataURL = request.getParameter("metadataURL");
EntityDescriptorType edt = getMetaData(metadataURL);
configProvider.persist(edt, spName);
-
+
HttpSession httpSession = request.getSession();
httpSession.setAttribute("sp", edt);
-
+
//Let us add the trusted providers
- Map<String,String> trustedProviders = new HashMap<String, String>();
+ Map<String, String> trustedProviders = new HashMap<String, String>();
try
{
- trustedProviders = configProvider.loadTrustedProviders(spName);
+ trustedProviders = configProvider.loadTrustedProviders(spName);
}
- catch(Exception e)
+ catch (Exception e)
{
- log("Error obtaining the trusted providers for "+spName);
+ log("Error obtaining the trusted providers for " + spName);
}
finally
{
@@ -207,11 +202,10 @@
}
}
-
private EntityDescriptorType getMetaData(String metadataURL) throws IOException
{
throw new RuntimeException();
-
+
/*InputStream is;
URL md = new URL(metadataURL);
HttpURLConnection http = (HttpURLConnection) md.openConnection();
@@ -226,28 +220,28 @@
EntityDescriptorType edt = (EntityDescriptorType) obj;
return edt;*/
}
-
- private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response)
- throws IOException, ClassNotFoundException
+
+ private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ClassNotFoundException
{
- String idpName = request.getParameter("name");
-
- Map<String, String> trustedProviders = configProvider.loadTrustedProviders(idpName);
-
+ String idpName = request.getParameter("name");
+
+ Map<String, String> trustedProviders = configProvider.loadTrustedProviders(idpName);
+
HttpSession httpSession = request.getSession();
httpSession.setAttribute("idpName", idpName);
- httpSession.setAttribute("providers", trustedProviders);
+ httpSession.setAttribute("providers", trustedProviders);
}
-
- private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response)
- throws IOException, ClassNotFoundException
+
+ private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ClassNotFoundException
{
- String spName = request.getParameter("name");
-
- Map<String, String> trustedProviders = configProvider.loadTrustedProviders(spName);
-
+ String spName = request.getParameter("name");
+
+ Map<String, String> trustedProviders = configProvider.loadTrustedProviders(spName);
+
HttpSession httpSession = request.getSession();
httpSession.setAttribute("spName", spName);
- httpSession.setAttribute("providers", trustedProviders);
+ httpSession.setAttribute("providers", trustedProviders);
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -56,9 +56,9 @@
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType;
-import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.w3c.dom.Element;
@@ -71,20 +71,25 @@
public class MetadataServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
+
private static Logger log = Logger.getLogger(MetadataServlet.class);
- private boolean trace = log.isTraceEnabled();
-
+
+ private final boolean trace = log.isTraceEnabled();
+
private String configFileLocation = GeneralConstants.CONFIG_FILE_LOCATION;
+
private transient MetadataProviderType metadataProviderType = null;
-
+
private transient IMetadataProvider<?> metadataProvider = null;
-
+
private transient EntityDescriptorType metadata;
-
+
private String signingAlias = null;
+
private String encryptingAlias = null;
- private TrustKeyManager keyManager;
-
+
+ private TrustKeyManager keyManager;
+
@SuppressWarnings("rawtypes")
@Override
public void init(ServletConfig config) throws ServletException
@@ -94,33 +99,32 @@
{
ServletContext context = config.getServletContext();
String configL = config.getInitParameter("configFile");
- if(isNotNull(configL))
+ if (isNotNull(configL))
configFileLocation = configL;
- if(trace)
- log.trace("Config File Location="+ configFileLocation);
+ if (trace)
+ log.trace("Config File Location=" + configFileLocation);
InputStream is = context.getResourceAsStream(configFileLocation);
- if(is == null)
+ if (is == null)
throw new RuntimeException(configFileLocation + " missing");
-
+
//Look for signing alias
signingAlias = config.getInitParameter("signingAlias");
encryptingAlias = config.getInitParameter("encryptingAlias");
- ProviderType providerType = ConfigurationUtil.getIDPConfiguration(is);
- metadataProviderType = providerType.getMetaDataProvider();
+ ProviderType providerType = ConfigurationUtil.getIDPConfiguration(is);
+ metadataProviderType = providerType.getMetaDataProvider();
String fqn = metadataProviderType.getClassName();
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- Class<?> clazz = tcl.loadClass(fqn);
+ Class<?> clazz = SecurityActions.loadClass(getClass(), fqn);
metadataProvider = (IMetadataProvider) clazz.newInstance();
List<KeyValueType> keyValues = metadataProviderType.getOption();
- Map<String,String> options = new HashMap<String,String>();
- if(keyValues != null)
+ Map<String, String> options = new HashMap<String, String>();
+ if (keyValues != null)
{
- for(KeyValueType kvt: keyValues)
+ for (KeyValueType kvt : keyValues)
options.put(kvt.getKey(), kvt.getValue());
}
metadataProvider.init(options);
- if(metadataProvider.isMultiple())
+ if (metadataProvider.isMultiple())
throw new RuntimeException("Multiple Entities not currently supported");
/**
@@ -128,10 +132,10 @@
* It may be difficult to get to the resource from the TCL.
*/
String fileInjectionStr = metadataProvider.requireFileInjection();
- if(isNotNull(fileInjectionStr))
+ if (isNotNull(fileInjectionStr))
{
metadataProvider.injectFileStream(context.getResourceAsStream(fileInjectionStr));
- }
+ }
metadata = (EntityDescriptorType) metadataProvider.getMetaData();
@@ -139,61 +143,60 @@
KeyProviderType keyProvider = providerType.getKeyProvider();
signingAlias = keyProvider.getSigningAlias();
String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
+ if (keyManagerClassName == null)
throw new RuntimeException("KeyManager class name is null");
- clazz = tcl.loadClass(keyManagerClassName);
+ clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
this.keyManager = (TrustKeyManager) clazz.newInstance();
-
+
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
- keyManager.setAuthProperties( authProperties );
+ keyManager.setAuthProperties(authProperties);
Certificate cert = keyManager.getCertificate(signingAlias);
Element keyInfo = KeyUtil.getKeyInfo(cert);
//TODO: Assume just signing key for now
- KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
- null, 0, true, false);
+ KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, null, 0, true,
+ false);
updateKeyDescriptor(metadata, keyDescriptor);
//encryption
- if(this.encryptingAlias != null)
+ if (this.encryptingAlias != null)
{
cert = keyManager.getCertificate(encryptingAlias);
keyInfo = KeyUtil.getKeyInfo(cert);
String certAlgo = cert.getPublicKey().getAlgorithm();
- keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
- XMLEncryptionUtil.getEncryptionURL(certAlgo),
- XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true);
+ keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
+ XMLEncryptionUtil.getEncryptionURL(certAlgo), XMLEncryptionUtil.getEncryptionKeySize(certAlgo),
+ false, true);
updateKeyDescriptor(metadata, keyDescriptor);
}
- } catch(Exception e)
+ }
+ catch (Exception e)
{
- log.error("Exception in starting servlet:",e);
+ log.error("Exception in starting servlet:", e);
throw new ServletException("Unable to start servlet");
}
-
+
}
-
-
+
@Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
resp.setContentType(JBossSAMLConstants.METADATA_MIME.get());
OutputStream os = resp.getOutputStream();
-
+
try
{
- XMLStreamWriter streamWriter = StaxUtil.getXMLStreamWriter( os );
- SAMLMetadataWriter writer = new SAMLMetadataWriter( streamWriter );
+ XMLStreamWriter streamWriter = StaxUtil.getXMLStreamWriter(os);
+ SAMLMetadataWriter writer = new SAMLMetadataWriter(streamWriter);
writer.writeEntityDescriptor(metadata);
}
catch (ProcessingException e)
{
- throw new ServletException( e );
- }
+ throw new ServletException(e);
+ }
/*
JAXBElement<?> jaxbEl = MetaDataBuilder.getObjectFactory().createEntityDescriptor(metadata);
try
@@ -203,19 +206,19 @@
catch (Exception e)
{
throw new RuntimeException(e);
- }*/
+ }*/
}
-
+
private void updateKeyDescriptor(EntityDescriptorType entityD, KeyDescriptorType keyD)
{
- List<EDTDescriptorChoiceType> objs = entityD.getChoiceType().get(0).getDescriptors();
- if(objs != null)
- {
- for(EDTDescriptorChoiceType roleD: objs)
- {
- RoleDescriptorType roleDescriptor = roleD.getRoleDescriptor();
- roleDescriptor.addKeyDescriptor( keyD );
- }
- }
+ List<EDTDescriptorChoiceType> objs = entityD.getChoiceType().get(0).getDescriptors();
+ if (objs != null)
+ {
+ for (EDTDescriptorChoiceType roleD : objs)
+ {
+ RoleDescriptorType roleDescriptor = roleD.getRoleDescriptor();
+ roleDescriptor.addKeyDescriptor(keyD);
+ }
+ }
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -26,7 +26,6 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.security.PrivilegedActionException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -121,7 +120,7 @@
{
pdp = this.getPDP();
}
- catch (PrivilegedActionException e)
+ catch (IOException e)
{
log("Exception loading PDP::", e);
throw new ServletException("Unable to load PDP");
@@ -275,11 +274,6 @@
returnSOAPMessage = SOAPUtil.create();
SOAPBody returnSOAPBody = returnSOAPMessage.getSOAPBody();
returnSOAPBody.addDocument(responseDocument);
-
- /*JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get();
-
- //Create a SOAP Envelope to hold the SAML response
- envelope = this.createEnvelope(jaxbResponse); */
}
catch (Exception e)
{
@@ -293,7 +287,6 @@
catch (SOAPException e1)
{
}
- //envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id));
}
finally
{
@@ -304,11 +297,6 @@
if (returnSOAPMessage == null)
throw new RuntimeException("SOAPMessage for return is null");
returnSOAPMessage.writeTo(os);
- /*if(envelope == null)
- throw new IllegalStateException("SOAPEnvelope is null");
- JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
- Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage());
- marshaller.marshal(jaxbEnvelope, os); */
}
catch (Exception e)
{
@@ -317,10 +305,9 @@
}
}
- private PolicyDecisionPoint getPDP() throws PrivilegedActionException
+ private PolicyDecisionPoint getPDP() throws IOException
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
+ InputStream is = SecurityActions.loadResource(getClass(), this.policyConfigFileName).openStream();
if (is == null)
throw new IllegalStateException(policyConfigFileName + " could not be located");
return new JBossPDP(is);
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.web.servlets.saml;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -31,7 +32,7 @@
*/
class SecurityActions
{
- static void setSystemProperty( final String key, final String value)
+ static void setSystemProperty(final String key, final String value)
{
AccessController.doPrivileged(new PrivilegedAction<Object>()
{
@@ -40,18 +41,71 @@
System.setProperty(key, value);
return null;
}
- });
+ });
}
-
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
+ * @return
+ */
+ static URL loadResource(final Class<?> clazz, final String resourceName)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
+ }
+ });
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,21 +31,44 @@
*/
class SecurityActions
{
- /**
- * Get the Thread Context ClassLoader
- * @return
- */
- static ClassLoader getContextClassLoader()
+
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
{
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
{
- public ClassLoader run()
+ public Class<?> run()
{
- return Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
}
});
}
-
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
/**
* Get the system property
* @param key
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -30,11 +30,12 @@
public class ServerDetector
{
private boolean jboss = false;
+
private boolean tomcat = false;
-
+
public ServerDetector()
{
- this.detectServer();
+ this.detectServer();
}
public boolean isJboss()
@@ -46,39 +47,38 @@
{
return tomcat;
}
-
+
private void detectServer()
{
- //Detect JBoss
- ClassLoader tcl = SecurityActions.getContextClassLoader();
-
+ //Detect JBoss
+
try
{
- Class<?> clazz = tcl.loadClass("org.jboss.system.Service");
- if(clazz != null)
+ Class<?> clazz = SecurityActions.loadClass(getClass(), "org.jboss.system.Service");
+ if (clazz != null)
{
jboss = true;
return;
}
}
- catch(Exception e)
+ catch (Exception e)
{
- //ignore
+ //ignore
}
-
+
//Tomcat
try
{
- Class<?> clazz = tcl.loadClass("org.apache.cataline.Server");
- if(clazz != null)
+ Class<?> clazz = SecurityActions.loadClass(getClass(), "org.apache.cataline.Server");
+ if (clazz != null)
{
tomcat = true;
return;
}
}
- catch(Exception e)
+ catch (Exception e)
{
- //ignore
+ //ignore
}
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -31,21 +31,21 @@
* @since Oct 7, 2009
*/
public class MockContextClassLoader extends URLClassLoader
-{
+{
private String profile;
-
+
private ClassLoader delegate;
public MockContextClassLoader(URL[] urls)
{
- super(urls);
+ super(urls);
}
public void setDelegate(ClassLoader tcl)
{
this.delegate = tcl;
}
-
+
public void setProfile(String profile)
{
this.profile = profile;
@@ -54,11 +54,29 @@
@Override
public InputStream getResourceAsStream(String name)
{
- if(profile == null)
- throw new RuntimeException("null profile");
+ if (profile == null)
+ throw new RuntimeException("null profile");
InputStream is = super.getResourceAsStream(name);
- if( is == null )
+ if (is == null)
is = delegate.getResourceAsStream(profile + "/" + name);
return is;
}
+
+ @Override
+ public URL getResource(String name)
+ {
+ if (profile == null)
+ throw new RuntimeException("null profile");
+ URL url = null;
+ try
+ {
+ url = super.getResource(profile + "/" + name);
+ }
+ catch (Exception e)
+ {
+ }
+ if (url == null)
+ url = delegate.getResource(profile + "/" + name);
+ return url;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2011-07-08 14:28:32 UTC (rev 1079)
+++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2011-07-08 17:56:06 UTC (rev 1080)
@@ -156,6 +156,9 @@
MockContextClassLoader mclIDP = setupTCL(profile + "/idp");
Thread.currentThread().setContextClassLoader(mclIDP);
+ URL url = Thread.currentThread().getContextClassLoader().getResource("roles.properties");
+ assertNotNull("roles.properties visible?", url);
+
ServletContext servletContext = new MockServletContext();
session.setServletContext(servletContext);
More information about the jboss-cvs-commits
mailing list