[jboss-cvs] Picketlink SVN: r1238 - in product/trunk/picketlink-core/src: main/java/org/picketlink/identity/federation and 25 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Sep 19 16:46:28 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-09-19 16:46:27 -0400 (Mon, 19 Sep 2011)
New Revision: 1238
Added:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java
Modified:
product/trunk/picketlink-core/src/main/java/org/picketlink/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/
product/trunk/picketlink-core/src/main/java/org/picketlink/trust/
product/trunk/picketlink-core/src/main/java/org/picketlink/trust/jbossws/
product/trunk/picketlink-core/src/test/java/org/picketlink/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/
Log:
merged 1192 to 1228
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink
___________________________________________________________________
Added: svn:mergeinfo
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink:1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink:1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink:1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink:1192-1228
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2011-09-19 17:46:00 UTC (rev 1237)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2011-09-19 20:46:27 UTC (rev 1238)
@@ -25,7 +25,7 @@
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
-
+
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
@@ -40,7 +40,7 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
@@ -55,9 +55,9 @@
public class SAML2Signature
{
private String signatureMethod = SignatureMethod.RSA_SHA1;
- private String digestMethod = DigestMethod.SHA1;
-
+ private String digestMethod = DigestMethod.SHA1;
+
public String getSignatureMethod()
{
return signatureMethod;
@@ -77,8 +77,22 @@
{
this.digestMethod = digestMethod;
}
-
+
/**
+ * Set to false, if you do not want to include keyinfo
+ * in the signature
+ * @param val
+ * @since v2.0.1
+ */
+ public void setSignatureIncludeKeyInfo(boolean val)
+ {
+ if (!val)
+ {
+ XMLSignatureUtil.setIncludeKeyInfoInSignature(false);
+ }
+ }
+
+ /**
* Sign an RequestType at the root
* @param request
* @param keypair Key Pair
@@ -92,20 +106,18 @@
* @throws MarshalException
* @throws GeneralSecurityException
*/
- public Document sign(RequestAbstractType request, KeyPair keypair) throws SAXException, IOException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException
+ public Document sign(RequestAbstractType request, KeyPair keypair) throws SAXException, IOException,
+ ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException
{
SAML2Request saml2Request = new SAML2Request();
Document doc = saml2Request.convert(request);
doc.normalize();
-
+
String referenceURI = "#" + request.getID();
-
- return XMLSignatureUtil.sign(doc,
- keypair,
- digestMethod, signatureMethod,
- referenceURI);
+
+ return XMLSignatureUtil.sign(doc, keypair, digestMethod, signatureMethod, referenceURI);
}
-
+
/**
* Sign an ResponseType at the root
* @param response
@@ -118,15 +130,16 @@
* @throws MarshalException
* @throws GeneralSecurityException
*/
- public Document sign(ResponseType response,KeyPair keypair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException
+ public Document sign(ResponseType response, KeyPair keypair) throws ParserConfigurationException,
+ GeneralSecurityException, MarshalException, XMLSignatureException
{
SAML2Response saml2Request = new SAML2Response();
Document doc = saml2Request.convert(response);
doc.normalize();
-
- return sign(doc, response.getID(), keypair);
+
+ return sign(doc, response.getID(), keypair);
}
-
+
/**
* Sign an Document at the root
* @param response
@@ -139,19 +152,14 @@
* @throws MarshalException
* @throws GeneralSecurityException
*/
- public Document sign(Document doc,
- String referenceID,
- KeyPair keypair) throws
- ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException
- {
+ public Document sign(Document doc, String referenceID, KeyPair keypair) throws ParserConfigurationException,
+ GeneralSecurityException, MarshalException, XMLSignatureException
+ {
String referenceURI = "#" + referenceID;
-
- return XMLSignatureUtil.sign(doc,
- keypair,
- digestMethod, signatureMethod,
- referenceURI);
+
+ return XMLSignatureUtil.sign(doc, keypair, digestMethod, signatureMethod, referenceURI);
}
-
+
/**
* Sign an assertion whose id value is provided in the response type
* @param response
@@ -167,17 +175,16 @@
* @throws MarshalException
* @throws GeneralSecurityException
*/
- public Document sign(ResponseType response,
- String idValueOfAssertion,
- KeyPair keypair,
- String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException
+ public Document sign(ResponseType response, String idValueOfAssertion, KeyPair keypair, String referenceURI)
+ throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError,
+ TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException
{
SAML2Response saml2Response = new SAML2Response();
Document doc = saml2Response.convert(response);
-
- return sign(doc,idValueOfAssertion, keypair, referenceURI);
+
+ return sign(doc, idValueOfAssertion, keypair, referenceURI);
}
-
+
/**
* Sign a document
* @param doc
@@ -193,24 +200,17 @@
* @throws MarshalException
* @throws XMLSignatureException
*/
- public Document sign(Document doc,
- String idValueOfAssertion,
- KeyPair keypair,
- String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException
+ public Document sign(Document doc, String idValueOfAssertion, KeyPair keypair, String referenceURI)
+ throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError,
+ TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException
{
- Node assertionNode = DocumentUtil.getNodeWithAttribute(doc,
- JBossSAMLURIConstants.ASSERTION_NSURI.get(),
- "Assertion",
- "ID",
- idValueOfAssertion);
-
- return XMLSignatureUtil.sign(doc, assertionNode,
- keypair,
- digestMethod, signatureMethod,
- referenceURI);
+ Node assertionNode = DocumentUtil.getNodeWithAttribute(doc, JBossSAMLURIConstants.ASSERTION_NSURI.get(),
+ "Assertion", "ID", idValueOfAssertion);
+
+ return XMLSignatureUtil.sign(doc, assertionNode, keypair, digestMethod, signatureMethod, referenceURI);
}
-
+
/**
* Sign a SAML Document
* @param samlDocument
@@ -228,9 +228,9 @@
catch (Exception e)
{
throw new ProcessingException(e);
- }
+ }
}
-
+
/**
* Validate the SAML2 Document
* @param signedDocument
@@ -242,13 +242,13 @@
{
try
{
- return XMLSignatureUtil.validate(signedDocument, publicKey);
+ return XMLSignatureUtil.validate(signedDocument, publicKey);
}
- catch(MarshalException me)
+ catch (MarshalException me)
{
throw new ProcessingException(me.getLocalizedMessage());
}
- catch(XMLSignatureException xse)
+ catch (XMLSignatureException xse)
{
throw new ProcessingException(xse.getLocalizedMessage());
}
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1173,1192-1228
/federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154,1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173
Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java (from rev 1228, federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java)
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java (rev 0)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/subject/PicketLinkJBossSubjectInteraction.java 2011-09-19 20:46:27 UTC (rev 1238)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.bindings.jboss.subject;
+
+import java.security.Principal;
+import java.util.Calendar;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.SubjectSecurityManager;
+import org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction;
+import org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory;
+import org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory.TimeCacheExpiry;
+
+/**
+ * An implementation of {@link SubjectSecurityInteraction} for JBoss AS
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 13, 2011
+ */
+public class PicketLinkJBossSubjectInteraction implements SubjectSecurityInteraction
+{
+ protected static Logger log = Logger.getLogger(PicketLinkJBossSubjectInteraction.class);
+
+ protected boolean trace = log.isTraceEnabled();
+
+ /**
+ * @see org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction#cleanup(java.security.Principal)
+ */
+ public boolean cleanup(Principal principal)
+ {
+ try
+ {
+ String securityDomain = getSecurityDomain();
+ if (trace)
+ {
+ log.trace("Determined Security Domain=" + securityDomain);
+ }
+ TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry();
+ Calendar calendar = Calendar.getInstance();
+ calendar.add(Calendar.SECOND, 10);//Add 25 seconds
+ if (trace)
+ {
+ log.trace("Will expire from cache in 10 seconds, principal=" + principal);
+ }
+ cacheExpiry.register(securityDomain, calendar.getTime(), principal);
+ //Additional expiry of simple principal
+ cacheExpiry.register(securityDomain, calendar.getTime(), new SimplePrincipal(principal.getName()));
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ return false;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction#get()
+ */
+ public Subject get()
+ {
+ try
+ {
+ return (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
+ }
+ catch (PolicyContextException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private String getSecurityDomain() throws NamingException
+ {
+ //Get the SecurityManagerService from JNDI
+ InitialContext ctx = new InitialContext();
+ SubjectSecurityManager ssm = (SubjectSecurityManager) ctx.lookup("java:comp/env/security/securityMgr");
+ if (ssm == null)
+ throw new RuntimeException("Unable to get the subject security manager");
+ return ssm.getSecurityDomain();
+ }
+}
\ No newline at end of file
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java 2011-09-19 17:46:00 UTC (rev 1237)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/PicketLinkAuthenticator.java 2011-09-19 20:46:27 UTC (rev 1238)
@@ -22,10 +22,20 @@
package org.picketlink.identity.federation.bindings.tomcat;
import java.io.IOException;
+import java.security.AccessController;
import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.util.Set;
+import java.util.UUID;
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.catalina.Realm;
-import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
@@ -40,27 +50,29 @@
* @author Anil.Saldhana at redhat.com
* @since Apr 11, 2011
*/
-public class PicketLinkAuthenticator extends AuthenticatorBase
+public class PicketLinkAuthenticator extends FormAuthenticator
{
protected static Logger log = Logger.getLogger(PicketLinkAuthenticator.class);
protected boolean trace = log.isTraceEnabled();
/**
- * The {@link Realm} requires an user name
+ * This is the auth method used in the register method
*/
- protected String userName = "custom-authenticator-user";
+ protected String authMethod = "SECURITY_DOMAIN";
/**
- * The {@link Realm} requires a password
+ * The authenticator may not be aware of the user name until after
+ * the underlying security exercise is complete. The Subject
+ * will have the proper user name. Hence we may need to perform
+ * an additional authentication now with the user name we have obtained.
*/
- protected String password = "custom-authenticator-password";
+ protected boolean needSubjectPrincipalSubstitution = true;
- /**
- * This is the auth method used in the register method
- */
- protected String authMethod = "SECURITY_DOMAIN";
+ protected SubjectSecurityInteraction subjectInteraction = null;
+ protected String subjectInteractionClassName = "org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkJBossSubjectInteraction";
+
public PicketLinkAuthenticator()
{
if (trace)
@@ -70,44 +82,139 @@
}
/**
- * Set the user name via WEB-INF/context.xml (JBoss AS)
- * @param defaultUserName
+ * Set the auth method via WEB-INF/context.xml (JBoss AS)
+ * @param authMethod
*/
- public void setUserName(String defaultUserName)
+ public void setAuthMethod(String authMethod)
{
- this.userName = defaultUserName;
+ this.authMethod = authMethod;
}
- /**
- * Set the password via WEB-INF/context.xml (JBoss AS)
- * @param defaultPassword
- */
- public void setPassword(String defaultPassword)
+ public void setNeedSubjectPrincipalSubstitution(String needSubjectPrincipalSubstitutionVal)
{
- this.password = defaultPassword;
+ this.needSubjectPrincipalSubstitution = Boolean.valueOf(needSubjectPrincipalSubstitutionVal);
}
/**
- * Set the auth method via WEB-INF/context.xml (JBoss AS)
- * @param authMethod
+ * Set this if you want to override the default {@link SubjectSecurityInteraction}
+ * @param subjectRetrieverClassName
*/
- public void setAuthMethod(String authMethod)
+ public void setSubjectInteractionClassName(String subjectRetrieverClassName)
{
- this.authMethod = authMethod;
+ this.subjectInteractionClassName = subjectRetrieverClassName;
}
@Override
- protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException
+ public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException
{
+ log.trace("Authenticating user");
+
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ if (trace)
+ log.trace("Already authenticated '" + principal.getName() + "'");
+ return true;
+ }
+
+ Session session = request.getSessionInternal(true);
+ String userName = UUID.randomUUID().toString();
+ String password = userName;
Realm realm = context.getRealm();
- Principal principal = realm.authenticate(this.userName, this.password);
+ principal = realm.authenticate(userName, password);
+ Principal originalPrincipal = principal;
if (principal != null)
{
- register(request, response, principal, this.authMethod, null, null);
+ if (needSubjectPrincipalSubstitution)
+ {
+ principal = getSubjectPrincipal();
+ if (principal == null)
+ throw new RuntimeException("Principal from subject is null");
+ principal = realm.authenticate(principal.getName(), password);
+ }
+ session.setNote(Constants.SESS_USERNAME_NOTE, principal.getName());
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, this.authMethod, principal.getName(), password);
+ if (originalPrincipal != null && needSubjectPrincipalSubstitution)
+ {
+ subjectInteraction.cleanup(originalPrincipal);
+ }
+ return true;
}
- return true;
+ return false;
}
+
+ public boolean authenticate(HttpServletRequest request, HttpServletResponse response, LoginConfig loginConfig)
+ throws IOException
+ {
+ return authenticate((Request) request, (Response) response, loginConfig);
+ }
+
+ protected Principal getSubjectPrincipal()
+ {
+ if (subjectInteraction == null)
+ {
+ Class<?> clazz = loadClass(getClass(), subjectInteractionClassName);
+ try
+ {
+ subjectInteraction = (SubjectSecurityInteraction) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ Subject subject = subjectInteraction.get();
+ if (subject != null)
+ {
+ Set<Principal> principals = subject.getPrincipals();
+ if (!principals.isEmpty())
+ {
+ return subject.getPrincipals().iterator().next();
+ }
+ }
+ return null;
+ }
+
+ Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
}
\ No newline at end of file
Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java (from rev 1228, federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java)
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java (rev 0)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SubjectSecurityInteraction.java 2011-09-19 20:46:27 UTC (rev 1238)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.bindings.tomcat;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+/**
+ * Interface to retrieve a subject
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 13, 2011
+ */
+public interface SubjectSecurityInteraction
+{
+ /**
+ * Obtain a subject based on implementation
+ * @return
+ */
+ Subject get();
+
+ /**
+ * Clean up the {@link Principal} from
+ * the security cache
+ * @param principal
+ * @return
+ */
+ boolean cleanup(Principal principal);
+}
\ No newline at end of file
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1173
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-09-19 17:46:00 UTC (rev 1237)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java 2011-09-19 20:46:27 UTC (rev 1238)
@@ -84,6 +84,11 @@
private static XMLSignatureFactory fac = getXMLSignatureFactory();
+ /**
+ * By default, we include the keyinfo in the signature
+ */
+ private static boolean includeKeyInfoInSignature = true;
+
private static XMLSignatureFactory getXMLSignatureFactory()
{
XMLSignatureFactory xsf = null;
@@ -104,6 +109,11 @@
static
{
SystemPropertiesUtil.ensure();
+ String keyInfoProp = SecurityActions.getSystemProperty("picketlink.xmlsig.includeKeyInfo", null);
+ if (StringUtil.isNotNull(keyInfoProp))
+ {
+ includeKeyInfoInSignature = Boolean.parseBoolean(keyInfoProp);
+ }
};
/**
@@ -118,6 +128,16 @@
}
/**
+ * Use this method to not include the KeyInfo in the signature
+ * @param includeKeyInfoInSignature
+ * @since v2.0.1
+ */
+ public static void setIncludeKeyInfoInSignature(boolean includeKeyInfoInSignature)
+ {
+ XMLSignatureUtil.includeKeyInfoInSignature = includeKeyInfoInSignature;
+ }
+
+ /**
* Precheck whether the document that will be validated has the right signedinfo
*
* @param doc
@@ -267,6 +287,10 @@
KeyValue kv = kif.newKeyValue(publicKey);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+ if (!includeKeyInfoInSignature)
+ {
+ ki = null;
+ }
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
@@ -378,5 +402,4 @@
}
return cert;
}
-
}
\ No newline at end of file
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1173
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1173
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173,1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173,1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173,1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1173,1192-1228
/federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173
/federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1173
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/trust
___________________________________________________________________
Modified: svn:mergeinfo
- /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/trust:1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/trust:1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/trust:1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/trust:1192-1228
/trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/trust/jbossws
___________________________________________________________________
Modified: svn:mergeinfo
- /trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154
/trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jbossws:1152-1154
+ /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/trust/jbossws:1192-1228
/federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/trust/jbossws:1192-1228
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/trust/jbossws:1192-1228
/federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/trust/jbossws:1192-1228
/trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws:1152-1154
/trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jbossws:1152-1154
Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-bindings/src/test/java/org/picketlink:1140-1173
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154,1159-1173
+ /federation/trunk/picketlink-bindings/src/test/java/org/picketlink:1140-1173
/federation/trunk/picketlink-fed-api/src/test/java/org/picketlink:1192-1228
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154,1159-1173,1192-1228
Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154,1159-1173
+ /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137,1192-1228
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154,1159-1173,1192-1228
Modified: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2011-09-19 17:46:00 UTC (rev 1237)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2011-09-19 20:46:27 UTC (rev 1238)
@@ -80,12 +80,48 @@
ss.setSignatureMethod(SignatureMethod.DSA_SHA1);
Document signedDoc = ss.sign(authnRequest, kp);
+ System.out.println("Signed Doc:" + DocumentUtil.asString(signedDoc));
+
// Validate the signature
boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
assertTrue(isValid);
}
/**
+ * Test the creation of AuthnRequestType with signature creation with a private key and then validate the signature
+ * with a public key. We test that the signature does not contain the keyinfo
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testNoKeyInfo() throws Exception
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ String id = IDGenerator.create("ID_");
+ String assertionConsumerURL = "http://sp";
+ String destination = "http://idp";
+ String issuerValue = "http://sp";
+ AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination,
+ issuerValue);
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ KeyPair kp = kpg.genKeyPair();
+
+ SAML2Signature ss = new SAML2Signature();
+ ss.setSignatureIncludeKeyInfo(false);
+
+ ss.setSignatureMethod(SignatureMethod.DSA_SHA1);
+ Document signedDoc = ss.sign(authnRequest, kp);
+
+ System.out.println("Signed Doc:" + DocumentUtil.asString(signedDoc));
+
+ // Validate the signature
+ boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
+ assertTrue(isValid);
+ XMLSignatureUtil.setIncludeKeyInfoInSignature(true);
+ }
+
+ /**
* Test the signature for ResponseType
*
* @throws Exception
Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml
___________________________________________________________________
Modified: svn:mergeinfo
- /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154,1159-1173
+ /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1192-1228
/federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154,1159-1173,1192-1228
More information about the jboss-cvs-commits
mailing list