[jboss-identity-commits] JBoss Identity SVN: r261 - in identity-federation/trunk/identity-bindings/src: test/java/org/jboss/test/identity/federation/bindings/servlets and 1 other directories.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Thu Jan 29 14:05:01 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-29 14:05:00 -0500 (Thu, 29 Jan 2009)
New Revision: 261
Added:
identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-format2-01-01.xml
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
Log:
validate the servlet further with fault return
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-01-29 18:51:55 UTC (rev 260)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-01-29 19:05:00 UTC (rev 261)
@@ -48,6 +48,7 @@
import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
@@ -108,28 +109,32 @@
JAXBElement<RequestAbstractType> jaxbRequestType = null;
Envelope envelope = null;
+ XACMLAuthzDecisionQueryType xacmlRequest = null;
try
{
Unmarshaller un = SOAPSAMLXACMLUtil.getUnmarshaller();
Object unmarshalledObject = un.unmarshal(req.getInputStream());
- if(unmarshalledObject instanceof Envelope)
+
+ if(unmarshalledObject instanceof JAXBElement)
{
- envelope = (Envelope)unmarshalledObject;
- Body soapBody = envelope.getBody();
- jaxbRequestType = (JAXBElement<RequestAbstractType>)soapBody.getAny().get(0);
- }
- else
- if(unmarshalledObject instanceof JAXBElement)
+ JAXBElement<?> jaxbElement = (JAXBElement<?>) unmarshalledObject;
+ Object element = jaxbElement.getValue();
+ if(element instanceof Envelope)
{
- jaxbRequestType = (JAXBElement<RequestAbstractType>) unmarshalledObject;
+ envelope = (Envelope)unmarshalledObject;
+ Body soapBody = envelope.getBody();
+ jaxbRequestType = (JAXBElement<RequestAbstractType>)soapBody.getAny().get(0);
+ xacmlRequest = (XACMLAuthzDecisionQueryType) jaxbRequestType.getValue();
}
- else
- throw new IOException("Unknown unmarshalledObject:"+ unmarshalledObject);
- if(jaxbRequestType == null)
+ else if(element instanceof XACMLAuthzDecisionQueryType)
+ {
+ xacmlRequest = (XACMLAuthzDecisionQueryType) element;
+ }
+ }
+ if(xacmlRequest == null)
throw new IOException("XACML Request not parsed");
- XACMLAuthzDecisionQueryType xacmlRequest = (XACMLAuthzDecisionQueryType) jaxbRequestType.getValue();
RequestType requestType = xacmlRequest.getRequest();
RequestContext requestContext = new JBossRequestContext();
@@ -157,23 +162,22 @@
JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(saml2Response.createResponseType(IDGenerator.create("ID_"), issuerInfo, assertion));
//Create a SOAP Envelope to hold the SAML response
- envelope = SOAPFactory.getObjectFactory().createEnvelope();
- Body body = SOAPFactory.getObjectFactory().createBody();
- body.getAny().add(jaxbResponse);
- envelope.setBody(body);
+ envelope = this.createEnvelope(jaxbResponse);
}
catch (JAXBException e)
{
log.error("Exception parsing SOAP:", e);
+ envelope = this.createEnvelope(this.createFault("Parsing Error:"+e.getMessage()));
}
catch (PrivilegedActionException e)
{
log.error("Exception getting PDP:", e);
+ envelope = this.createEnvelope(this.createFault("PDP Setup Error:"+e.getMessage()));
}
catch (Exception e)
- {
- e.printStackTrace();
+ {
log.error("Exception:", e);
+ envelope = this.createEnvelope(this.createFault("Server Error:"+e.getMessage()));
}
finally
{
@@ -208,4 +212,20 @@
throw new IllegalStateException(policyConfigFileName + " could not be located");
return new JBossPDP(is);
}
+
+ private Envelope createEnvelope(Object obj)
+ {
+ Envelope envelope = SOAPFactory.getObjectFactory().createEnvelope();
+ Body body = SOAPFactory.getObjectFactory().createBody();
+ body.getAny().add(obj);
+ envelope.setBody(body);
+ return envelope;
+ }
+
+ private JAXBElement<Fault> createFault(String msg)
+ {
+ Fault fault = SOAPFactory.getObjectFactory().createFault();
+ fault.setFaultstring(msg);
+ return SOAPFactory.getObjectFactory().createFault(fault);
+ }
}
\ No newline at end of file
Modified: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2009-01-29 18:51:55 UTC (rev 260)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2009-01-29 19:05:00 UTC (rev 261)
@@ -37,6 +37,7 @@
import org.jboss.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet;
import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
@@ -53,6 +54,8 @@
public void testPermit() throws Exception
{
validate("xacml/requests/XacmlRequest-01-01.xml", DecisionType.PERMIT.value());
+
+ validate("xacml/requests/XacmlRequest-format2-01-01.xml", DecisionType.PERMIT.value());
}
public void testDeny() throws Exception
@@ -61,6 +64,31 @@
}
@SuppressWarnings("unchecked")
+ public void testIncorrectInput() throws Exception
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ String garbage = "fdfdsfdfk";
+ ByteArrayInputStream bis = new ByteArrayInputStream(garbage.getBytes());
+
+ SOAPSAMLXACMLServlet servlet = new SOAPSAMLXACMLServlet();
+ servlet.init(new TestServletConfig(getServletContext()));
+ ServletRequest sreq = new TestServletRequest(bis);
+ ServletResponse sresp = new TestServletResponse(baos);
+ servlet.service(sreq, sresp);
+
+ sresp.flushBuffer(); //Flush the servlet response ServletOutputStream to our baos
+
+ bis = new ByteArrayInputStream(baos.toByteArray());
+ Unmarshaller un = SOAPSAMLXACMLUtil.getUnmarshaller();
+ JAXBElement<Envelope> jax = (JAXBElement<Envelope>) un.unmarshal(bis);
+ Envelope envelope = jax.getValue();
+ assertNotNull("Envelope is not null", envelope);
+ JAXBElement<?> fault = (JAXBElement<?>) envelope.getBody().getAny().get(0);
+ assertTrue(fault.getValue() instanceof Fault);
+ }
+
+ @SuppressWarnings("unchecked")
private void validate(String requestFile, String value) throws Exception
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-format2-01-01.xml
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-format2-01-01.xml (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/XacmlRequest-format2-01-01.xml 2009-01-29 19:05:00 UTC (rev 261)
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xacml-samlp:XACMLAuthzDecisionQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+xacml-samlp:InputContextOnly="true"
+xacml-samlp:ReturnContext="true"
+ID="s2846efb514a944cc3dc5b65ed8a76dde449787617" Version="2.0"
+IssueInstant="2008-03-19T22:18:42Z" Destination="destination-uri">
+<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity</saml:Issuer>
+<xacml-context:Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+ <!-- **************************************************************** -->
+ <!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <xacml-context:Subject>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Subject>
+ <xacml-context:Resource>
+ <xacml-context:Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Anthony Gurrola</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</xacml-context:AttributeValue>
+ <xacml-context:AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>xxx-DummyConfCode</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue>Dr. Alice</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <xacml-context:AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Resource>
+ <xacml-context:Action/>
+ <xacml-context:Environment>
+ <xacml-context:Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue>
+ </xacml-context:Attribute>
+ </xacml-context:Environment>
+</xacml-context:Request>
+</xacml-samlp:XACMLAuthzDecisionQuery>
\ No newline at end of file
More information about the jboss-identity-commits
mailing list