[jboss-identity-commits] JBoss Identity SVN: r246 - in identity-federation/trunk: identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util and 4 other directories.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Thu Jan 22 23:45:11 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-22 23:45:10 -0500 (Thu, 22 Jan 2009)
New Revision: 246
Added:
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/identity-fed-core/.classpath
identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
Log:
use RequestAbstractType
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-22 21:23:24 UTC (rev 245)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-23 04:45:10 UTC (rev 246)
@@ -56,6 +56,7 @@
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
/**
@@ -83,8 +84,8 @@
@Override
public void invoke(Request request, Response response) throws IOException, ServletException
{
- boolean containsSAMLRequestMessage = this.hasSAMLRequestMessage(request);
-
+ boolean containsSAMLRequestMessage = this.hasSAMLRequestMessage(request);
+
//Lets check if the user has been authenticated
Principal userPrincipal = request.getUserPrincipal();
if(userPrincipal == null)
@@ -96,10 +97,15 @@
getNext().invoke(request, response);
}
finally
- {
- //TODO: send saml error
+ {
+ String referer = request.getHeader("Referer");
+
if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
- throw new RuntimeException("Unauthorized User");
+ {
+ ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get());
+ send(errorResponseType, request.getParameter("RelayState"), response);
+ return;
+ }
//User is authenticated as we are on the return path
userPrincipal = request.getUserPrincipal();
@@ -108,43 +114,61 @@
//Send valid saml response after processing the request
if(containsSAMLRequestMessage)
{
+ RequestAbstractType requestAbstractType = null;
try
{
+ requestAbstractType = getSAMLRequest(request);
this.validate(request);
- SAML2Response saml2Response = new SAML2Response();
ResponseType responseType = this.getResponse(request, userPrincipal);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Response.marshall(responseType, baos);
-
- String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
-
- String destination = responseType.getDestination();
- log.trace("IDP:Destination=" + destination);
-
- String relayState = request.getParameter("RelayState");
- if(relayState != null && relayState.length() > 0)
- relayState = RedirectBindingUtil.urlEncode(relayState);
-
- String finalDest = destination + this.getDestination(urlEncodedResponse, relayState);
- HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
+ send(responseType, request.getParameter("RelayState"), response);
}
catch (Exception e)
{
- log.error("Exception:" ,e);
- e.printStackTrace();
- throw new ServletException(e.getLocalizedMessage());
+ log.error("Exception:" ,e);
+ if(requestAbstractType != null)
+ referer = requestAbstractType.getIssuer().getValue();
+ ResponseType errorResponseType = this.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_RESPONDER.get());
+ send(errorResponseType, request.getParameter("RelayState"), response);
}
}
else
{
- throw new ServletException("No SAML Request Message");
+ log.error("No SAML Request Message");
+ log.trace("Referer="+referer);
+ throw new ServletException("No SAML Request Message");
}
}
}
}
}
+ protected void send(ResponseType responseType, String relayState, Response response) throws ServletException
+ {
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Response.marshall(responseType, baos);
+
+ String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
+
+ String destination = responseType.getDestination();
+ log.trace("IDP:Destination=" + destination);
+
+ if(relayState != null && relayState.length() > 0)
+ relayState = RedirectBindingUtil.urlEncode(relayState);
+
+ String finalDest = destination + this.getDestination(urlEncodedResponse, relayState);
+ HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in send::",e);
+ throw new ServletException(e.getLocalizedMessage());
+ }
+ }
+
protected String getDestination(String urlEncodedResponse, String urlEncodedRelayState)
{
StringBuilder sb = new StringBuilder();
@@ -163,7 +187,17 @@
{
return request.getParameter("SAMLRequest") != null;
}
+
+ private RequestAbstractType getSAMLRequest(Request request) throws Exception
+ {
+ String samlMessage = getSAMLMessage(request);
+ InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ SAML2Request saml2Request = new SAML2Request();
+ return saml2Request.getRequestType(is);
+ }
+
+
private ResponseType getResponse(Request request, Principal userPrincipal) throws Exception
{
ResponseType responseType = null;
@@ -219,6 +253,46 @@
return responseType;
}
+ private ResponseType getErrorResponse(String responseURL, String status) throws ServletException
+ {
+ try
+ {
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
+ issuerHolder.setStatusCode(status);
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+ log.debug("ResponseType = ");
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+ log.trace("IDPRedirectValve::Response="+sw.toString());
+ }
+
+ return responseType;
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in getErrorResponse::",e);
+ throw new ServletException(e.getLocalizedMessage());
+ }
+ }
+
private String getSAMLMessage(Request request)
{
return request.getParameter("SAMLRequest");
Modified: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-01-22 21:23:24 UTC (rev 245)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-01-23 04:45:10 UTC (rev 246)
@@ -30,6 +30,7 @@
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import junit.framework.TestCase;
@@ -57,8 +58,9 @@
InputStream is = RedirectBindingUtil.urlBase64DeflateDecode(request);
- AuthnRequestType parsed = saml2Request.getAuthnRequestType(is);
+ RequestAbstractType parsed = saml2Request.getRequestType(is);
assertNotNull("Parsed request is not null", parsed);
+ assertTrue("AuthnRequestType", parsed instanceof AuthnRequestType);
}
/**
Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-01-22 21:23:24 UTC (rev 245)
+++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-01-23 04:45:10 UTC (rev 246)
@@ -29,8 +29,9 @@
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-
+
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
+import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -75,6 +76,17 @@
ClassLoader tcl = SecurityActions.getContextClassLoader();
InputStream is = tcl.getResourceAsStream(fileName);
return getAuthnRequestType(is);
+ }
+
+
+ @SuppressWarnings("unchecked")
+ public RequestAbstractType getRequestType(InputStream is) throws Exception
+ {
+ if(is == null)
+ throw new IllegalStateException("InputStream is null");
+ Unmarshaller un = JBossSAMLAuthnRequestFactory.getValidatingUnmarshaller();
+ JAXBElement<RequestAbstractType> jaxbAuthnRequestType = (JAXBElement<RequestAbstractType>) un.unmarshal(is);
+ return jaxbAuthnRequestType.getValue();
}
/**
@@ -142,11 +154,11 @@
* @param os
* @throws Exception
*/
- public void marshall(AuthnRequestType requestType, OutputStream os) throws Exception
+ public void marshall(RequestAbstractType requestType, OutputStream os) throws Exception
{
Marshaller marshaller = JBossSAMLAuthnRequestFactory.getValidatingMarshaller();
- JAXBElement<AuthnRequestType> jaxb = JBossSAMLAuthnRequestFactory.getObjectFactory().createAuthnRequest(requestType);
- marshaller.marshal(jaxb, os);
+ JAXBElement<?> j = JAXBElementMappingUtil.get(requestType);
+ marshaller.marshal(j, os);
}
/**
@@ -155,10 +167,10 @@
* @param writer
* @throws Exception
*/
- public void marshall(AuthnRequestType requestType, Writer writer) throws Exception
+ public void marshall(RequestAbstractType requestType, Writer writer) throws Exception
{
Marshaller marshaller = JBossSAMLAuthnRequestFactory.getValidatingMarshaller();
- JAXBElement<AuthnRequestType> jaxb = JBossSAMLAuthnRequestFactory.getObjectFactory().createAuthnRequest(requestType);
- marshaller.marshal(jaxb, writer);
+ JAXBElement<?> j = JAXBElementMappingUtil.get(requestType);
+ marshaller.marshal(j, writer);
}
}
\ No newline at end of file
Modified: identity-federation/trunk/identity-fed-core/.classpath
===================================================================
--- identity-federation/trunk/identity-fed-core/.classpath 2009-01-22 21:23:24 UTC (rev 245)
+++ identity-federation/trunk/identity-fed-core/.classpath 2009-01-23 04:45:10 UTC (rev 246)
@@ -9,5 +9,6 @@
<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/3"/>
<classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.9/jaxb-api-2.1.9.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-xacml/2.0.3-SNAPSHOT/jboss-xacml-2.0.3-SNAPSHOT.jar"/>
+ <classpathentry kind="var" path="M2_REPO/stax/stax-api/1.0/stax-api-1.0.jar"/>
<classpathentry kind="output" path="target-eclipse"/>
</classpath>
Modified: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2009-01-22 21:23:24 UTC (rev 245)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2009-01-23 04:45:10 UTC (rev 246)
@@ -36,7 +36,11 @@
SIGNATURE_DSA_SHA1("http://www.w3.org/2000/09/xmldsig#dsa-sha1"),
SIGNATURE_RSA_SHA1("http://www.w3.org/2000/09/xmldsig#rsa-sha1"),
SUBJECT_CONFIRMATION_BEARER("urn:oasis:names:tc:SAML:2.0:cm:bearer"),
+ STATUS_AUTHNFAILED("urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"),
+ STATUS_REQUESTOR("urn:oasis:names:tc:SAML:2.0:status:Requestor"),
+ STATUS_RESPONDER("urn:oasis:names:tc:SAML:2.0:status:Responder"),
STATUS_SUCCESS("urn:oasis:names:tc:SAML:2.0:status:Success"),
+ STATUS_VERSION_MISMATCH("urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"),
TRANSFORM_ENVELOPED_SIGNATURE("http://www.w3.org/2000/09/xmldsig#enveloped-signature"),
TRANSFORM_C14N_EXCL_OMIT_COMMENTS("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java
===================================================================
--- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java (rev 0)
+++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java 2009-01-23 04:45:10 UTC (rev 246)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.util;
+
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.jboss.identity.federation.saml.v2.protocol.AssertionIDRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ManageNameIDRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.NameIDMappingRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 22, 2009
+ */
+public class JAXBElementMappingUtil
+{
+ public static JAXBElement<?> get(RequestAbstractType requestAbstractType)
+ {
+ ObjectFactory factory = new ObjectFactory();
+ if(requestAbstractType instanceof AuthnRequestType)
+ {
+ AuthnRequestType art = (AuthnRequestType) requestAbstractType;
+ return factory.createAuthnRequest(art);
+ }
+
+ if(requestAbstractType instanceof LogoutRequestType)
+ {
+ LogoutRequestType lrt = (LogoutRequestType) requestAbstractType;
+ return factory.createLogoutRequest(lrt);
+ }
+ if(requestAbstractType instanceof AssertionIDRequestType)
+ {
+ AssertionIDRequestType airt = (AssertionIDRequestType) requestAbstractType;
+ return factory.createAssertionIDRequest(airt);
+ }
+ if(requestAbstractType instanceof NameIDMappingRequestType)
+ {
+ NameIDMappingRequestType airt = (NameIDMappingRequestType) requestAbstractType;
+ return factory.createNameIDMappingRequest(airt);
+ }
+ if(requestAbstractType instanceof ArtifactResolveType)
+ {
+ ArtifactResolveType airt = (ArtifactResolveType) requestAbstractType;
+ return factory.createArtifactResolve(airt);
+ }
+ if(requestAbstractType instanceof ManageNameIDRequestType)
+ {
+ ManageNameIDRequestType airt = (ManageNameIDRequestType) requestAbstractType;
+ return factory.createManageNameIDRequest(airt);
+ }
+ throw new IllegalArgumentException("Unknown Type:"+requestAbstractType);
+ }
+}
\ No newline at end of file
More information about the jboss-identity-commits
mailing list