[jboss-identity-commits] JBoss Identity SVN: r191 - in identity-federation/trunk: identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp and 4 other directories.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Tue Jan 6 20:54:04 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-06 20:54:04 -0500 (Tue, 06 Jan 2009)
New Revision: 191
Modified:
identity-federation/trunk/assembly/bin.xml
identity-federation/trunk/assembly/sources.xml
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLBaseFactory.java
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/identity-fed-core/.classpath
Log:
addtl refactor
Modified: identity-federation/trunk/assembly/bin.xml
===================================================================
--- identity-federation/trunk/assembly/bin.xml 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/assembly/bin.xml 2009-01-07 01:54:04 UTC (rev 191)
@@ -13,6 +13,10 @@
<outputDirectory>/</outputDirectory>
</fileSet>
<fileSet>
+ <directory>${basedir}/../identity-fed-core/target/classes</directory>
+ <outputDirectory>/</outputDirectory>
+ </fileSet>
+ <fileSet>
<directory>${basedir}/../identity-fed-api/target/classes/</directory>
<outputDirectory>/</outputDirectory>
</fileSet>
Modified: identity-federation/trunk/assembly/sources.xml
===================================================================
--- identity-federation/trunk/assembly/sources.xml 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/assembly/sources.xml 2009-01-07 01:54:04 UTC (rev 191)
@@ -14,6 +14,10 @@
<outputDirectory>/</outputDirectory>
</fileSet>
<fileSet>
+ <directory>${basedir}/../identity-fed-core/src/main/java</directory>
+ <outputDirectory>/</outputDirectory>
+ </fileSet>
+ <fileSet>
<directory>${basedir}/../identity-fed-api/src/main/java</directory>
<outputDirectory>/</outputDirectory>
</fileSet>
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -42,8 +42,6 @@
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory;
-import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.api.util.Base64;
@@ -55,7 +53,6 @@
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
@@ -68,8 +65,15 @@
{
private static Logger log = Logger.getLogger(IDPRedirectValve.class);
+ private long assertionValidity = 5000; // 5minutes in seconds
+
private String identityURL = null;
+ public void setAssertionValidity(String validity)
+ {
+ assertionValidity = Long.parseLong(validity);
+ }
+
public void setIdentityURL(String url)
{
this.identityURL = url;
@@ -161,7 +165,8 @@
saml2Request.marshall(authnRequestType, sw);
log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
}
-
+ SAML2Response saml2Response = new SAML2Response();
+
//Create a response type
String id = IDGenerator.create("ID_");
@@ -174,25 +179,22 @@
SPInfoHolder sp = new SPInfoHolder();
sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
- responseType = JBossSAMLAuthnResponseFactory.createResponseType(id, sp, idp, issuerHolder);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
//Add information on the roles
List<String> roles = getRoles(userPrincipal);
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
- AttributeStatementType attrStatement = JBossSAMLBaseFactory.createAttributeStatement();
- for(String role: roles)
- {
- AttributeType attr = JBossSAMLBaseFactory.createAttributeForRole(role);
- attrStatement.getAttributeOrEncryptedAttribute().add(attr);
- }
+ AttributeStatementType attrStatement = saml2Response.createAttributeStatements(roles);
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+
+ //Add timed conditions
+ saml2Response.createTimedConditions(assertion, this.assertionValidity);
log.debug("ResponseType = ");
//Lets see how the response looks like
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- SAML2Response saml2Response = new SAML2Response();
saml2Response.marshall(responseType, sw);
log.trace("IDPRedirectValve::Response="+sw.toString());
}
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -42,7 +42,6 @@
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.api.util.Base64;
@@ -50,9 +49,11 @@
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
@@ -144,12 +145,12 @@
if(this.serviceURL == null)
throw new ServletException("serviceURL is not configured");
- AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ SAML2Request saml2Request = new SAML2Request();
+
+ AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(
IDGenerator.create("ID_"), serviceURL,
identityURL, serviceURL);
- SAML2Request saml2Request = new SAML2Request();
-
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saml2Request.marshall(authnRequest, baos);
@@ -190,6 +191,16 @@
throw new SecurityException("IDP forbid the user");
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
+ //Check for validity of assertion
+ ConditionsType conditionsType = assertion.getConditions();
+ if(conditionsType != null)
+ {
+ boolean isValidAssertion = XMLTimeUtil.isValid(XMLTimeUtil.getIssueInstant(),
+ conditionsType.getNotBefore(), conditionsType.getNotOnOrAfter());
+ if(isValidAssertion == false)
+ throw new AssertionExpiredException();
+ }
+
SubjectType subject = assertion.getSubject();
JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0);
NameIDType nameID = jnameID.getValue();
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -41,7 +41,6 @@
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.api.util.Base64;
@@ -137,12 +136,12 @@
if(this.serviceURL == null)
throw new ServletException("serviceURL is not configured");
- AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ SAML2Request saml2Request = new SAML2Request();
+
+ AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(
IDGenerator.create("ID_"), serviceURL,
identityURL, serviceURL);
- SAML2Request saml2Request = new SAML2Request();
-
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saml2Request.marshall(authnRequest, baos);
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -27,6 +27,7 @@
import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
@@ -64,7 +65,7 @@
public static AuthnRequestType createAuthnRequestType(String id,
String assertionConsumerURL, String destination, String issuerValue) throws Exception
{
- XMLGregorianCalendar issueInstant = JBossSAMLBaseFactory.getIssueInstant();
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
AuthnRequestType authnRequest = protocolObjectFactory.createAuthnRequestType();
authnRequest.setID(id);
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -29,6 +29,7 @@
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
@@ -99,7 +100,7 @@
responseType.setStatus(createStatusType(statusCode) );
- XMLGregorianCalendar issueInstant = JBossSAMLBaseFactory.getIssueInstant();
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
//IssueInstant
responseType.setIssueInstant(issueInstant);
@@ -137,7 +138,6 @@
assertionType.setSubject(subjectType);
-
responseType.getAssertionOrEncryptedAssertion().add(assertionType);
return responseType;
}
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLBaseFactory.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLBaseFactory.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLBaseFactory.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -22,15 +22,12 @@
package org.jboss.identity.federation.api.saml.v2.factories;
import java.net.URL;
-import java.util.GregorianCalendar;
-import java.util.TimeZone;
import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
@@ -146,6 +143,11 @@
return java.util.UUID.randomUUID().toString();
}
+ public static ObjectFactory getObjectFactory()
+ {
+ return assertionObjectFactory;
+ }
+
/**
* Return the NameIDType for the issuer
* @param issuerID
@@ -158,35 +160,8 @@
return nid;
}
+
/**
- * Returns a XMLGregorianCalendar in the timezone specified.
- * If the timezone is not valid, then the timezone falls back
- * to "GMT"
- * @param timezone
- * @return
- * @throws Exception
- */
- public static XMLGregorianCalendar getIssueInstant(String timezone) throws Exception
- {
- TimeZone tz = TimeZone.getTimeZone(timezone);
- DatatypeFactory dtf = DatatypeFactory.newInstance();
-
- GregorianCalendar gc = new GregorianCalendar(tz);
- XMLGregorianCalendar xgc = dtf.newXMLGregorianCalendar(gc);
-
- return xgc;
- }
-
- /**
- * Get the current instant of time
- * @return
- */
- public static XMLGregorianCalendar getIssueInstant() throws Exception
- {
- return getIssueInstant(TimeZone.getDefault().getID());
- }
-
- /**
* Get the JAXB Marshaller
* @param pkgName The package name for the jaxb context
* @param schemaLocation location of the schema to validate against
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-07 01:54:04 UTC (rev 191)
@@ -24,15 +24,23 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
+import java.util.List;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory;
+import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
/**
@@ -43,6 +51,22 @@
public class SAML2Response
{
/**
+ * Given a set of roles, create an attribute statement
+ * @param roles
+ * @return
+ */
+ public AttributeStatementType createAttributeStatements(List<String> roles)
+ {
+ AttributeStatementType attrStatement = JBossSAMLBaseFactory.createAttributeStatement();
+ for(String role: roles)
+ {
+ AttributeType attr = JBossSAMLBaseFactory.createAttributeForRole(role);
+ attrStatement.getAttributeOrEncryptedAttribute().add(attr);
+ }
+ return attrStatement;
+ }
+
+ /**
* Create a ResponseType
* @param ID id of the response
* @param sp holder with the information about the Service Provider
@@ -57,6 +81,23 @@
}
/**
+ * Add validity conditions to the SAML2 Assertion
+ * @param assertion
+ * @param durationInMilis
+ * @throws Exception
+ */
+ public void createTimedConditions(AssertionType assertion, long durationInMilis) throws Exception
+ {
+ XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
+ XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
+ ConditionsType conditionsType = JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
+ conditionsType.setNotBefore(issueInstant);
+ conditionsType.setNotOnOrAfter(assertionValidityLength);
+
+ assertion.setConditions(conditionsType);
+ }
+
+ /**
* Read a ResponseType from an input stream
* @param is
* @return
Modified: identity-federation/trunk/identity-fed-core/.classpath
===================================================================
--- identity-federation/trunk/identity-fed-core/.classpath 2009-01-07 01:51:41 UTC (rev 190)
+++ identity-federation/trunk/identity-fed-core/.classpath 2009-01-07 01:54:04 UTC (rev 191)
@@ -6,5 +6,6 @@
<classpathentry kind="src" path="src/test/resources"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry combineaccessrules="false" kind="src" path="/identity-fed-model"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/3"/>
<classpathentry kind="output" path="target-eclipse"/>
</classpath>
More information about the jboss-identity-commits
mailing list