[jboss-svn-commits] JBL Code SVN: r21450 - in labs/jbossesb/workspace/dbevenius/security/product: rosetta/src/org/jboss/internal/soa/esb/services/security and 7 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Aug 12 04:03:27 EDT 2008
Author: beve
Date: 2008-08-12 04:03:27 -0400 (Tue, 12 Aug 2008)
New Revision: 21450
Added:
labs/jbossesb/workspace/dbevenius/security/product/lib/ext/jbosssx.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/jbosssx.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/AMConfig.properties
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/jboss-annotations-ejb3.jar
Modified:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/HttpClient.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java
Log:
Updated quickstart to test subject propagation. Work in progress.
Added: labs/jbossesb/workspace/dbevenius/security/product/lib/ext/jbosssx.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/lib/ext/jbosssx.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-08-12 08:03:27 UTC (rev 21450)
@@ -136,9 +136,19 @@
throw new SecurityServiceException("Exception while trying to login:", e);
}
- SecurityAssociation.setPrincipal(securityContext.getSubject().getPrincipals().iterator().next());
+ final Subject subject = securityContext.getSubject();
+ SecurityAssociation.pushSubjectContext(subject, getPrincipal(subject), null);
}
+ private Principal getPrincipal( final Subject subject)
+ {
+ for (Principal principal : subject.getPrincipals())
+ {
+ return principal;
+ }
+ return null;
+ }
+
/**
* Determines if the passed in Subject has the role specified in the context.
* @return true - if the callers has the role
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-08-12 08:03:27 UTC (rev 21450)
@@ -346,7 +346,6 @@
{
final Call callDetails = new Call() ;
callDetails.copy(message.getHeader().getCall()) ;
- LOGGER.info("processPipeine secured");
/*
* If the gateway or another service passed a security context, use that context for authentication.
@@ -355,7 +354,7 @@
* If a SubjectContext does not exist then create one to drive the authentication.
*/
SecurityContext securityContext = (SecurityContext) message.getProperties().getProperty( SecurityService.CONTEXT );
- LOGGER.info("Security Context before authentication : " + securityContext);
+ LOGGER.debug("Security Context before authentication : " + securityContext);
if ( securityContext == null )
{
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml 2008-08-12 08:03:27 UTC (rev 21450)
@@ -31,6 +31,10 @@
</listeners>
<actions mep="OneWay">
+ <action name="debug" class="org.jboss.soa.esb.actions.SystemPrintln">
+ <property name="printfull" value="false"/>
+ <property name="message" value="In Service1"/>
+ </action>
<action name="action1" class="org.jboss.soa.esb.samples.quickstart.opensso.MyJMSListenerAction" process="displayMessage"/>
<!-- The next action is for Continuous Integration testing -->
@@ -71,7 +75,6 @@
<property name="printfull" value="false"/>
<property name="message" value="In Service3"/>
</action>
- <action name="action2" class="org.jboss.soa.esb.samples.quickstart.opensso.MyJMSListenerAction" process="displayMessage"/>
<action name="callEjb" class="org.jboss.soa.esb.samples.quickstart.opensso.EjbClientAction"/>
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/jbosssx.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/jbosssx.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java 2008-08-12 08:03:27 UTC (rev 21450)
@@ -36,6 +36,7 @@
import javax.security.auth.spi.LoginModule;
import org.apache.log4j.Logger;
+import org.jboss.security.SecurityAssociation;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
@@ -157,6 +158,9 @@
*/
public boolean login() throws LoginException
{
+ subject = chooseSubject(SecurityAssociation.getSubject());
+ log.info("Try to authenticate subject : " + subject);
+
hasExistingSSOSession = checkValidSSOSession( subject.getPrincipals(SSOPrincipal.class) ) ;
if ( hasExistingSSOSession )
@@ -188,6 +192,18 @@
return succeeded;
}
+ Subject chooseSubject(final Subject subjectFromAs)
+ {
+ if ( subject.getPrincipals(SSOPrincipal.class).isEmpty() && subjectFromAs != null)
+ {
+ if ( !subjectFromAs.getPrincipals(SSOPrincipal.class).isEmpty() )
+ {
+ return subjectFromAs;
+ }
+ }
+ return subject;
+ }
+
public boolean commit() throws LoginException
{
if (succeeded == false)
@@ -255,13 +271,13 @@
SSOTokenManager tokenMgr = SSOTokenManager.getInstance();
SSOToken ssoToken = tokenMgr.createSSOToken(ssoPrincipal.getToken());
hasSession = tokenMgr.isValidToken(ssoToken);
- log.debug("Has valid session : " + hasSession);
}
catch (final SSOException ignore)
{
hasSession = false;
}
}
+ log.info("Has valid OpenSSO session : " + hasSession);
return hasSession;
}
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/AMConfig.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/AMConfig.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/AMConfig.properties 2008-08-12 08:03:27 UTC (rev 21450)
@@ -0,0 +1,429 @@
+#
+# The contents of this file are subject to the terms
+# of the Common Development and Distribution License
+# (the License). You may not use this file except in
+# compliance with the License.
+#
+# You can obtain a copy of the License at
+# https://opensso.dev.java.net/public/CDDLv1.0.html or
+# opensso/legal/CDDLv1.0.txt
+# See the License for the specific language governing
+# permission and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL
+# Header Notice in each file and include the License file
+# at opensso/legal/CDDLv1.0.txt.
+# If applicable, add the following below the CDDL Header,
+# with the fields enclosed by brackets [] replaced by
+# your own identifying information:
+# "Portions Copyrighted [year] [name of copyright owner]"
+#
+# $Id: AMClient.properties,v 1.12 2008/03/04 00:25:12 beomsuk Exp $
+#
+# Copyright 2006 Sun Microsystems Inc. All Rights Reserved
+#
+
+/* The following keys are used to configure the Debug service.
+ * Possible values for the key 'level' are: off | error | warning | message.
+ * The key 'directory' specifies the output directory where the debug files
+ * will be created.
+ * Trailing spaces are significant.
+ * Windows: Use forward slashes "/" separate directories, not backslash "\".
+ * Windows: Spaces in the file name are allowed for Windows.
+ */
+com.iplanet.services.debug.level=message
+com.iplanet.services.debug.directory=/tmp
+
+/*
+ * Server mode should be 'false'
+ */
+com.iplanet.am.serverMode=false
+
+/*
+ * Cache enable / disable properties
+ */
+com.iplanet.am.sdk.caching.enabled=false
+com.sun.identity.idm.cache.enabled=false
+com.sun.identity.sm.cache.enabled=true
+
+/*
+ * Configure remote plugin classes for configuration (SMS)
+ */
+com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
+
+/*
+ * Naming URL
+ */
+com.iplanet.am.naming.url=http://localhost:8080/opensso/namingservice
+
+/*
+ * Notification URL
+ */
+com.iplanet.am.notification.url=
+
+/*
+ * Security Credentails to read the configuration data
+ */
+com.sun.identity.agents.app.username=UrlAccessAgent
+com.iplanet.am.service.password=
+com.iplanet.am.service.secret=AQIC24u86rq9RRbx13mx0nb0uAGpxLdxGBY9
+
+/*
+ * Encryption key that will be used to encrypt and decypt
+ * data to communicate with the server.
+ * This key is needed to decrypt passwords stored
+ * in the SMS configuration.
+ */
+am.encryption.pwd=SAMPLE_RAND
+
+/*
+ * Encryption key that will be used to encrypt and decypt
+ * data used locally within the client.
+ */
+com.sun.identity.client.encryptionKey=SAMPLE_RAND
+
+/*
+ * Encryption: The key "com.iplanet.security.encryptor" specifies
+ * the encrypting class implementation.
+ * Available classes are:
+ * com.iplanet.services.util.JCEEncryption
+ * com.iplanet.services.util.JSSEncryption
+ */
+com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
+
+/*
+ * Property to enable/disable the notifications for am.sdk and IdRepo Caches.
+ * If set to "true" notifications are enabled and disabled if set to "false".
+ */
+com.sun.identity.idm.remote.notification.enabled=true
+
+/*
+ * Cache update time (in minutes) for am.sdk & IdRepo Caches
+ * if notification URL is not provided or if notifications are disabled.
+ * Note:
+ * 1. This property is applicable only if 'com.iplanet.am.notification.url'
+ * is not provided or if 'com.sun.identity.idm.remote.notification.enabled'
+ * is set to 'false'.
+ * 2. If the polling time is set as 0, then polling is disabled.
+ */
+com.iplanet.am.sdk.remote.pollingTime=1
+
+/*
+ * Property to enable/disable the notifications for service management caches.
+ * If set to "true" notifications are enabled and disabled if set to "false".
+ */
+com.sun.identity.sm.notification.enabled=true
+
+/*
+ * Cache update time (in minutes) for service configutation data,
+ * if notification URL is not provided or if notifications are disabled.
+ * Note:
+ * 1. This property is applicable only if 'com.iplanet.am.notification.url'
+ * is not provided or if 'com.sun.identity.sm.notification.enabled' is
+ * set to 'false'.
+ * 2. If the cache time is set as 0, then no cache updates will occur.
+ */
+com.sun.identity.sm.cacheTime=1
+
+/*
+ * Server protocol, host and port to be used by Client Services
+ */
+com.iplanet.am.server.protocol=http
+com.iplanet.am.server.host=localhost
+com.iplanet.am.server.port=8080
+com.iplanet.am.services.deploymentDescriptor=opensso
+com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
+com.iplanet.am.console.host=@CONSOLE_HOST@
+com.iplanet.am.console.port=@CONSOLE_PORT@
+com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
+com.iplanet.am.console.remote=@CONSOLE_REMOTE@
+
+com.iplanet.am.cookie.name=iPlanetDirectoryPro
+
+/*
+ * Session related properties.
+ */
+com.iplanet.am.session.client.polling.enable=true
+com.iplanet.am.session.client.polling.period=180
+
+/*
+ * Identify cert db directory path, prefix and password file
+ * to initialize JSS Socket Factory when Web Container is configured SSL
+ */
+com.iplanet.am.admin.cli.certdb.dir=
+com.iplanet.am.admin.cli.certdb.prefix=
+com.iplanet.am.admin.cli.certdb.passfile=//config/.wtpass
+
+/*
+ * Identify property value for SSL ApprovalCallback / HostnameVerifier
+ * If com.iplanet.services.comm is configured as protocol handler
+ * and the checkSubjectAltName or resolveIPAddress feature is enabled,
+ * cert8.db and key3.db with the prefix value of
+ * com.iplanet.am.admin.cli.certdb.prefix will have to be created under
+ * the directory of com.iplanet.am.admin.cli.certdb.dir before server is
+ * restarted.
+ */
+com.iplanet.am.jssproxy.trustAllServerCerts=false
+com.iplanet.am.jssproxy.checkSubjectAltName=false
+com.iplanet.am.jssproxy.resolveIPAddress=false
+com.iplanet.am.jssproxy.SSLTrustHostList=false
+
+/**************************************************************
+ * Policy Client parameters
+ **************************************************************/
+/* Policy decision log parameters. Possible values for logging.level
+ * are NONE, ALLOW, DENY, BOTH, and DECISION */
+com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
+com.sun.identity.agents.logging.level=NONE
+
+/* Notification URL for updating cache */
+com.sun.identity.agents.notification.enabled=false
+com.sun.identity.agents.notification.url=
+
+/* Cache time in minutes */
+com.sun.identity.agents.polling.interval=3
+
+/* Information to cache. Possible value are "subtree" or "self" */
+com.sun.identity.policy.client.cacheMode=subtree
+
+/* Policy client clock skew value in seconds */
+com.sun.identity.policy.client.clockSkew=10
+
+/*
+* Explicitly disable monitoring services in the client applications.
+*/
+com.sun.identity.monitoring=off
+
+/*
+* Specify if allow to use cached data for HttpURLConnection
+*/
+com.sun.identity.urlconnection.useCache=false
+
+#
+# Specify implementation class for
+# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
+com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
+
+#
+# Specify implementation class for
+# com.sun.identity.plugin.datastore.DataStoreProvider interface.
+# This property defines the default datastore provider.
+com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
+
+#
+# Specify implementation class for
+# com.sun.identity.plugin.session.SessionProvider interface.
+com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider
+
+#
+# Specify XML signature provider class
+com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
+
+#
+# Specify XML key provider implementation class
+com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
+
+#
+# Identify SAML XML signature keystore file, keystore password file
+# and key password file
+com.sun.identity.saml.xmlsig.keystore=@BASE_DIR@/keystore.jks
+com.sun.identity.saml.xmlsig.storepass=@BASE_DIR@/.storepass
+com.sun.identity.saml.xmlsig.keypass=@BASE_DIR@/.keypass
+com.sun.identity.saml.xmlsig.certalias=test
+
+#
+# Specify type of KeyStore used for saml xml signature. Default is JKS.
+# com.sun.identity.saml.xmlsig.storetype=JKS
+
+#
+# Flag for checking the Certificate which is embedded in the
+# KeyInfo against the certificates in the keystore (specified
+# by the "com.sun.identity.saml.xmlsig.keystore" property).
+# Possible values for the key are: on|off. If the flag is "on",
+# the certification must be presented in the keystore for
+# XML signature validation. If the flag is "off", skip
+# the presence checking.
+com.sun.identity.saml.checkcert=on
+
+#
+# XML cannonicalization algorithm. Used for SAML XML signature generation
+# and verification. When not specified, or value is empty, default value
+# will be used. The following is the list of supported algorithms:
+# http://www.w3.org/2001/10/xml-exc-c14n# (default)
+# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
+com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
+
+#
+# XML signature algorithm. Used for SAML XML Signature generation and
+# verification. When not specified, or value is empty, default value will be
+# used. The following is the list of supported algorithms:
+# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
+# http://www.w3.org/2000/09/xmldsig#hmac-sha1
+# http://www.w3.org/2000/09/xmldsig#dsa-sha1
+# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
+# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
+# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
+# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
+# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
+# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
+# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
+# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
+# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
+com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
+
+#
+# XML transformation algorithm. Used for SAML XML signature generation
+# and verification. When not specified, or value is empty, default value
+# will be used. The following is the list of supported algorithms:
+# http://www.w3.org/2001/10/xml-exc-c14n# (default)
+# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
+# http://www.w3.org/TR/1999/REC-xslt-19991116
+# http://www.w3.org/2000/09/xmldsig#base64
+# http://www.w3.org/TR/1999/REC-xpath-19991116
+# http://www.w3.org/2000/09/xmldsig#enveloped-signature
+# http://www.w3.org/TR/2001/WD-xptr-20010108
+# http://www.w3.org/2002/04/xmldsig-filter2
+# http://www.w3.org/2002/06/xmldsig-filter2
+# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
+com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
+
+
+#
+# SAML2 XML Encryption Provider Implementation class
+com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
+
+
+#
+# SAML2 XML Signing Provider Implementation class.
+com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
+
+#
+# SAML2 XML Signing Certificate Validation.
+com.sun.identity.saml2.crl.check=false
+
+#
+# SAML2 XML Signing Certificate Validation.
+com.sun.identity.saml2.crl.check.ca=false
+
+#
+# Client ceritificate alias that will be used in SSL connection for Liberty
+# SOAP Binding
+com.sun.identity.liberty.ws.soap.certalias=
+
+#
+# If the message timestamp is before current timestamp by this amount
+# (millisec), it is considered a stale message.
+com.sun.identity.liberty.ws.soap.staleTimeLimit=300000
+
+#
+# All the messageID of a valid message will be stored in a cache with the it
+# is received to avoid duplicate messages. If the current time minus the
+# received time is greater than the above staleTimeLimit, it should be removed
+# from the cache. The is property specify the interval(millisec) that a
+# cleanup thread should check the cache and remove those messageID.
+com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
+
+#
+# Supported SOAP actors. Each actor must be seperated by '|'
+com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
+
+#
+# Namespace prefix mapping used when marshalling a JAXB content tree to a
+# DOM tree. The syntax is
+# <prefix>=<namespace>|<prefix>=<namespace>|..........
+com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
+
+#
+# JAXB package list used when constructing JAXBContext. Each package must be
+# seperated by ':'.
+com.sun.identity.liberty.ws.jaxb.packageList=
+
+#
+# Liberty ID-WSF security profile,
+# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
+# alias for issuing web service security token for this web service client
+# com.sun.identity.liberty.ws.ta.certalias specifies certificate
+# alias for trusted authority that will be used to sign SAML or SAML
+# BEARER token of response message.
+# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
+# aliases for trusted CA. SAML or SAML BEARER token of incoming request
+# message needs to be signed by a trusted CA in this list. The syntax is
+# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
+# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
+# 'issuer' is used when the token doesn't have a KeyInfo inside the
+# signature. The 'issuer' of the token needs to be in this list and the
+# corresponding cert alias will be used to verify signature. If KeyInfo
+# exists, the keystore needs to contain a cert alias that matches the
+# KeyInfo and the cert alias needs to be in this list.
+# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
+# implementation for security token provider
+com.sun.identity.liberty.ws.wsc.certalias=
+com.sun.identity.liberty.ws.ta.certalias=
+com.sun.identity.liberty.ws.trustedca.certaliases=
+com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
+
+
+#
+# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
+# interactions based on user agent redirects. This should be running in
+# the same JVM where Liberty SP is running
+com.sun.identity.liberty.interaction.wspRedirectHandler=http://localhost:8080/opensso/WSPRedirectHandler
+
+
+#
+# indicates whether WSC would participate in interaction
+# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
+# default value:interactIfNeeded
+# value used if an invalid value is specified:interactIfNeeded
+com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
+
+
+#
+# indicates whether WSC would include userInteractionHeader
+# valid values are yes|no (case ignored)
+# default value:yes
+# value used if no value is specified:yes
+com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
+
+
+#
+# indicates whether WSC would redirect user for interaction
+# valid values are yes|no
+# default value:yes
+# value used if no value is specified:yes
+com.sun.identity.liberty.interaction.wscWillRedirect=yes
+
+
+#
+# WSC's preference on the acceptable duration for interaction(in seconds)
+# default value if the value is not specified or a non integer value is
+# specified : 60
+com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
+
+
+#
+# indicates whether WSC would enforce that redirected to URL is https
+# valid values are yes|no (case ignored)
+# liberty specification require the value to be yes
+# default value:yes
+# value used if no value is specified:yes
+com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
+
+
+#
+# This property is used to determine the Liberty identity web services framework
+# to be used when the framework can not determine from the in-bound message or
+# from the resource offering when AM is acting as the WSC.
+# The default version is 1.1, but the possible values are 1.0 or 1.1
+# com.sun.identity.liberty.wsf.version=1.1
+
+#
+# Login URL and Authentication web service URL for Liberty use cases
+com.sun.identity.loginurl=http://localhost:8080/opensso/UI/Login
+com.sun.identity.liberty.authnsvc.url=http://localhost:8080/opensso/Liberty/authnsvc
+
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java 2008-08-12 08:03:27 UTC (rev 21450)
@@ -20,6 +20,8 @@
*/
package org.jboss.soa.security.opensso;
+import static org.junit.Assert.*;
+
import java.util.HashMap;
import java.util.Map;
@@ -51,11 +53,35 @@
@Test
public void initialize()
{
- final Map<String,Object> options = new HashMap<String,Object>();
+ final Map<String,Object> options = getValidOptions();
OpenSSOLoginModule loginModule = new OpenSSOLoginModule();
loginModule.initialize(subject, null, null, options);
}
+ @Test
+ public void chooseSubject()
+ {
+ final Map<String,Object> options = getValidOptions();
+ OpenSSOLoginModule loginModule = new OpenSSOLoginModule();
+ loginModule.initialize(subject, null, null, options);
+ Subject chooseSubject = loginModule.chooseSubject(null);
+ assertEquals(subject, chooseSubject);
+
+ Subject newSubject = new Subject();
+ newSubject.getPrincipals().add(new SSOPrincipal("2121455"));
+ chooseSubject = loginModule.chooseSubject(newSubject);
+ assertFalse(subject.equals(chooseSubject));
+ }
+
+ private Map<String,Object> getValidOptions()
+ {
+ final Map<String,Object> options = new HashMap<String,Object>();
+ options.put("orgName", "opensso");
+ options.put("moduleName", "logingModule");
+ options.put("amPropertiesFile", "/AMConfig.properties");
+ return options;
+ }
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(OpenSSOLoginModuleTest.class);
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/jboss-annotations-ejb3.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/jboss-annotations-ejb3.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/HttpClient.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/HttpClient.java 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/HttpClient.java 2008-08-12 08:03:27 UTC (rev 21450)
@@ -48,7 +48,7 @@
metadata.put("TYPE", "POST");
metadata.put("http.basic.username", username);
metadata.put("http.basic.password", password);
- remotingClient.invokeOneway( "testing", metadata );
+ remotingClient.invokeOneway( "Message payload example(just a String) ", metadata );
System.out.println("Sent http post to server.");
Integer responseCode = (Integer) metadata.get(HTTPMetadataConstants.RESPONSE_CODE);
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java 2008-08-12 06:55:30 UTC (rev 21449)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java 2008-08-12 08:03:27 UTC (rev 21450)
@@ -25,8 +25,11 @@
import javax.ejb.*;
import javax.annotation.*;
import javax.annotation.security.*;
+import org.jboss.annotation.security.SecurityDomain;
+
@Stateless
+ at SecurityDomain("OpenSSOLogin")
public class SimpleSLSB implements SimpleRemote
{
@Resource SessionContext ctx;
@@ -36,8 +39,8 @@
public void printMessage(final String message)
{
System.out.println("SimpleSLSB printMessage : " + message);
- Principal principal = ctx.getCallerPrincipal();
- System.out.println("SimpleSLSB Caller principal: " + principal );
+ System.out.println("SimpleSLSB Caller principal: " +ctx.getCallerPrincipal());
+ System.out.println("isCallerInRole('adminRole') : " + ctx.isCallerInRole("adminRole"));
}
}
More information about the jboss-svn-commits
mailing list