[jboss-identity-commits] JBoss Identity SVN: r223 - in identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings: jboss and 4 other directories.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Fri Jan 16 16:04:56 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-16 16:04:55 -0500 (Fri, 16 Jan 2009)
New Revision: 223
Added:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/DefaultJBossSubjectRegistration.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/JBossSubjectRegistration.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/SecurityActions.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityGroup.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityPrincipal.java
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
Log:
correct jboss registration as well as signing SAMLResponse
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/DefaultJBossSubjectRegistration.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/DefaultJBossSubjectRegistration.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/DefaultJBossSubjectRegistration.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.jboss;
+
+import java.lang.reflect.Method;
+import java.security.acl.Group;
+
+import javax.security.auth.Subject;
+
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityGroup;
+import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 16, 2009
+ */
+public class DefaultJBossSubjectRegistration implements JBossSubjectRegistration
+{
+ protected Logger log = Logger.getLogger(DefaultJBossSubjectRegistration.class);
+
+ public void register(GenericPrincipal principal)
+ {
+ String sa = "org.jboss.security.SecurityAssociation";
+ try
+ {
+ Class<?> securityAssociationClass = SecurityActions.getContextClassLoader().loadClass(sa);
+ Method m = securityAssociationClass.getDeclaredMethod("setSubject", new Class[] {Subject.class});
+ Subject subject = this.getJBossSubjectFromTomcatPrincipal(principal);
+ m.invoke(null, subject);
+ }
+ catch(Exception e)
+ {
+ log.trace("Not a JBoss environment. So not registering in SecurityAssociation");
+ }
+ }
+
+ private Subject getJBossSubjectFromTomcatPrincipal(GenericPrincipal principal)
+ {
+ Subject subject = new Subject();
+ String[] roles = principal.getRoles();
+
+ subject.getPrincipals().add(new JBossIdentityPrincipal(principal.getName()));
+
+ Group roleGroup = new JBossIdentityGroup("Roles");
+ for(String role: roles)
+ {
+ roleGroup.addMember(new JBossIdentityPrincipal(role));
+ }
+
+ return subject;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/JBossSubjectRegistration.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/JBossSubjectRegistration.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/JBossSubjectRegistration.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.jboss;
+
+import org.apache.catalina.realm.GenericPrincipal;
+
+/**
+ * Register Tomcat Principal/Roles with the JBoss Setup.
+ * Mainly for propagation of identity to other containers.
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 16, 2009
+ */
+public interface JBossSubjectRegistration
+{
+ /**
+ * Register the Tomcat Principal
+ * @param principal
+ */
+ void register(GenericPrincipal principal);
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/SecurityActions.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/SecurityActions.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/SecurityActions.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.jboss;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityGroup.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityGroup.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityGroup.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.jboss.subject;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 16, 2009
+ */
+public class JBossIdentityGroup extends JBossIdentityPrincipal implements Group
+{
+ private static final long serialVersionUID = 1L;
+
+ private Set<Principal> roles = new HashSet<Principal>();
+
+ public JBossIdentityGroup(String name)
+ {
+ super(name);
+ }
+
+ public boolean addMember(Principal user)
+ {
+ return roles.add(user);
+ }
+
+ public boolean isMember(Principal member)
+ {
+ return roles.contains(member);
+ }
+
+ public Enumeration<? extends Principal> members()
+ {
+ Set<Principal> readOnly = Collections.unmodifiableSet(roles);
+ return Collections.enumeration(readOnly);
+ }
+
+ public boolean removeMember(Principal user)
+ {
+ return roles.remove(user);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityPrincipal.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityPrincipal.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/subject/JBossIdentityPrincipal.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.jboss.subject;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * Simple Principal
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 16, 2009
+ */
+public class JBossIdentityPrincipal implements Principal,Serializable
+{
+ private static final long serialVersionUID = 1L;
+
+ protected String name;
+
+ public JBossIdentityPrincipal(String name)
+ {
+ this.name = name;
+ }
+
+ public String getName()
+ {
+ return null;
+ }
+}
\ No newline at end of file
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-16 14:09:52 UTC (rev 222)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -108,18 +108,24 @@
{
try
{
+ this.validate(request);
SAML2Response saml2Response = new SAML2Response();
ResponseType responseType = this.getResponse(request, userPrincipal);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saml2Response.marshall(responseType, baos);
- String encodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
+ String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
String destination = responseType.getDestination();
log.trace("IDP:Destination=" + destination);
- HTTPRedirectUtil.sendRedirectForResponder(destination + "?SAMLResponse=" + encodedResponse,response);
+ String relayState = request.getParameter("RelayState");
+ if(relayState != null && relayState.length() > 0)
+ relayState = RedirectBindingUtil.urlEncode(relayState);
+
+ String finalDest = destination + this.getDestination(urlEncodedResponse, relayState);
+ HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
}
catch (Exception e)
{
@@ -136,6 +142,15 @@
}
}
}
+
+ protected String getDestination(String urlEncodedResponse, String urlEncodedRelayState)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?SAMLResponse=").append(urlEncodedResponse);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+ }
protected boolean validate(Request request) throws Exception
{
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-01-16 14:09:52 UTC (rev 222)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -29,7 +29,7 @@
import java.security.PrivateKey;
import java.security.PublicKey;
-import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Request;
import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
@@ -43,19 +43,21 @@
*/
public class IDPRedirectWithSignatureValve extends IDPRedirectValve
{
- private String keyStorePass;
private String keyStore;
private char[] keypass;
private String alias;
+ private String keyStorePass;
+
+ private KeyStore ks = null;
public void setKeyStore(String keyStore)
{
this.keyStore = keyStore;
}
- public void setKeyStorePass(String ksPass)
+ public void setKeyStorePass(String keyStorePass)
{
- this.keyStorePass = ksPass;
+ this.keyStorePass = keyStorePass;
}
public void setKeyPass(String keypass)
@@ -99,6 +101,24 @@
return isValid;
}
+ @Override
+ protected String getDestination(String urlEncodedResponse, String urlEncodedRelayState)
+ {
+ try
+ {
+ //Get the signing key
+ PrivateKey signingKey = getSigningKey();
+ StringBuffer sb = new StringBuffer();
+ String url = RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
+ sb.append("?").append(url);
+ return sb.toString();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
private InputStream getKeyStoreInputStream()
{
InputStream is = null;
@@ -128,15 +148,21 @@
protected PrivateKey getSigningKey() throws Exception
{
- InputStream is = this.getKeyStoreInputStream();
- KeyStore ks = KeyStoreUtil.getKeyStore(is, keypass);
+ if(ks == null)
+ {
+ InputStream is = this.getKeyStoreInputStream();
+ ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
+ }
return (PrivateKey) ks.getKey(alias, keypass);
}
protected PublicKey getValidatingKey() throws Exception
{
- InputStream is = this.getKeyStoreInputStream();
- KeyStore ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
- return KeyStoreUtil.getPublicKey(ks, alias, keypass);
+ if(ks == null)
+ {
+ InputStream is = this.getKeyStoreInputStream();
+ ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
+ }
+ return KeyStoreUtil.getPublicKey(ks, alias, keypass);
}
}
\ No newline at end of file
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-16 14:09:52 UTC (rev 222)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -24,15 +24,8 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.lang.reflect.Method;
import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-import javax.security.auth.Subject;
import javax.servlet.ServletException;
import org.apache.catalina.Session;
@@ -47,6 +40,8 @@
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.api.util.Base64;
import org.jboss.identity.federation.api.util.DeflateUtil;
+import org.jboss.identity.federation.bindings.jboss.DefaultJBossSubjectRegistration;
+import org.jboss.identity.federation.bindings.jboss.JBossSubjectRegistration;
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
@@ -67,6 +62,9 @@
private String serviceURL = null;
private String identityURL = null;
+
+ //Only important if you are deploying in JBoss environment
+ private JBossSubjectRegistration jbossRegistration = new DefaultJBossSubjectRegistration();
public void setIdentityURL(String url)
{
@@ -77,6 +75,19 @@
{
this.serviceURL = url;
}
+
+ /**
+ * For JBoss Deployment, you can change the value of
+ * the {@code}JBossSubjectRegistration class
+ * @param fqn
+ * @throws Exception
+ */
+ public void setJBossSubjectRegistration(String fqn) throws Exception
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz = tcl.loadClass(fqn);
+ this.jbossRegistration = (JBossSubjectRegistration) clazz.newInstance();
+ }
@Override
public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException
@@ -110,7 +121,7 @@
register(request, response, p, Constants.FORM_METHOD, username, password);
//Also register in JBoss SecurityAssociation
- this.registerInJBoss(p);
+ this.jbossRegistration.register((GenericPrincipal) principal);
return true;
}
@@ -179,7 +190,7 @@
String samlResponse = request.getParameter("SAMLResponse");
if(samlResponse != null && samlResponse.length() > 0 )
{
- //deal with saml response from IDP
+ //deal with SAML response from IDP
byte[] base64DecodedResponse = Base64.decode(samlResponse);
InputStream is = DeflateUtil.decode(base64DecodedResponse);
@@ -192,92 +203,4 @@
}
return userPrincipal;
}
-
- /**
- * JBoss specific code that uses reflection
- */
- private void registerInJBoss(Principal gp)
- {
- if(gp instanceof GenericPrincipal == false)
- {
- log.error("Principal is not of type GenericPrincipal. So cannot get to roles");
- return;
- }
-
- String sa = "org.jboss.security.SecurityAssociation";
- try
- {
- Class<?> securityAssociationClass = SecurityActions.getContextClassLoader().loadClass(sa);
- Method m = securityAssociationClass.getDeclaredMethod("setSubject", new Class[] {Subject.class});
- Subject subject = this.getJBossSubjectFromTomcatPrincipal(gp);
- m.invoke(null, subject);
- }
- catch(Exception e)
- {
- log.trace("Not a JBoss environment. So not registering in SecurityAssociation");
- }
- }
-
- private Subject getJBossSubjectFromTomcatPrincipal(final Principal principal)
- {
- GenericPrincipal gp = (GenericPrincipal) principal;
- final String[] roles = gp.getRoles();
- final Set<Principal> rolePrincipals = new HashSet<Principal>();
-
- for(final String role : roles)
- {
- rolePrincipals.add(new Principal()
- {
- public String getName()
- {
- return role;
- }
- });
- }
-
- Subject subject = new Subject();
-
- Principal userPrincipal = new Principal()
- {
- public String getName()
- {
- return principal.getName();
- }
- };
- subject.getPrincipals().add(userPrincipal);
-
- //Add the role group
- Group roleGroup = new Group()
- {
- public boolean addMember(Principal user)
- {
- return rolePrincipals.add(user);
- }
-
- public boolean isMember(Principal member)
- {
- return rolePrincipals.contains(member);
- }
-
- public Enumeration<? extends Principal> members()
- {
- return Collections.enumeration(rolePrincipals);
- }
-
- public boolean removeMember(Principal user)
- {
- return rolePrincipals.remove(user);
- }
-
- public String getName()
- {
- return "Roles";
- }
- };
-
- subject.getPrincipals().add(roleGroup);
-
- return subject;
- }
-
}
\ No newline at end of file
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-01-16 14:09:52 UTC (rev 222)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-01-16 21:04:55 UTC (rev 223)
@@ -26,8 +26,10 @@
import java.security.PrivateKey;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
/**
@@ -68,6 +70,35 @@
}
/**
+ * Get the URL for the SAML request that contains the signature and signature algorithm
+ * @param responseType
+ * @param relayState
+ * @param signingKey
+ * @return
+ * @throws Exception
+ */
+ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState,
+ PrivateKey signingKey) throws Exception
+ {
+ SAML2Response saml2Response = new SAML2Response();
+
+ // Deal with the original request
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+
+ //URL Encode the Request
+ String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(sw.toString());
+
+ String urlEncodedRelayState = null;
+ if(relayState != null && relayState.length() > 0 )
+ urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
+
+ byte[] sigValue = computeSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
+
+ //Now construct the URL
+ return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
+ }
+ /**
* Given an url-encoded saml request and relay state and a private key, compute the url
* @param urlEncodedRequest
* @param urlEncodedRelayState
@@ -83,6 +114,21 @@
}
/**
+ * Given an url-encoded saml response and relay state and a private key, compute the url
+ * @param urlEncodedResponse
+ * @param urlEncodedRelayState
+ * @param signingKey
+ * @return
+ * @throws Exception
+ */
+ public static String getSAMLResponseURLWithSignature(String urlEncodedResponse, String urlEncodedRelayState,
+ PrivateKey signingKey) throws Exception
+ {
+ byte[] sigValue = computeSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
+ return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
+ }
+
+ /**
* From the SAML Request URL, get the Request object
* @param signedURL
* @return
@@ -171,6 +217,30 @@
return sb.toString();
}
+ private static String getResponseRedirectURLWithSignature(
+ String urlEncodedResponse, String urlEncodedRelayState, byte[] signature, String sigAlgo) throws Exception
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("SAMLResponse=").append(urlEncodedResponse);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ {
+ sb.append("&").append("RelayState=").append(urlEncodedRelayState);
+ }
+ //SigAlg
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ sb.append("&").append("SigAlg=").append(sigAlg);
+
+ //Encode the signature value
+ String encodedSig = RedirectBindingUtil.base64URLEncode(signature);
+
+ sb.append("&").append("Signature=").append(encodedSig);
+
+ return sb.toString();
+ }
+
private static String getToken(String queryString, String token)
{
if(queryString == null)
More information about the jboss-identity-commits
mailing list