[jboss-svn-commits] JBL Code SVN: r29393 - in labs/jbossesb/workspace/dbevenius/saml_support/product: samples/quickstarts/security_saml and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Thu Sep 17 08:42:49 EDT 2009
Author: beve
Date: 2009-09-17 08:42:49 -0400 (Thu, 17 Sep 2009)
New Revision: 29393
Added:
labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml
Modified:
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml
labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/GoodbyeWorldWS.java
Log:
Just trying something out...
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java 2009-09-17 12:42:49 UTC (rev 29393)
@@ -0,0 +1,159 @@
+package org.jboss.soa.esb.services.security.auth.ws;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPHandler;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.soa.esb.services.security.auth.login.JBossSTSConstants;
+import org.w3c.dom.Element;
+
+public class JBossSTSSecurityHandler implements SOAPHandler<SOAPMessageContext>
+{
+ private Logger log = Logger.getLogger(JBossSTSSecurityHandler.class);
+
+ private static final String JBOSS_STS_PROPERTIES = "/jboss-sts.properties";
+
+ public boolean handleMessage(final SOAPMessageContext messageContext)
+ {
+ final Boolean outBound = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
+ if (outBound.booleanValue())
+ return false;
+
+ try
+ {
+ final Properties conf = getConfiguration();
+ log.info("Properties : " + conf);
+ final String serviceName = conf.getProperty(JBossSTSConstants.SERVICE_NAME_OPTION);
+ final String portName = conf.getProperty(JBossSTSConstants.PORT_NAME_OPTION);
+ final String endpointAddress = conf.getProperty(JBossSTSConstants.ENDPOINT_ADDRESS_OPTION);
+ final String username = conf.getProperty(JBossSTSConstants.USERNAME_OPTION);
+ final String password = conf.getProperty(JBossSTSConstants.PASSWORD_OPTION);
+
+ final WSTrustClient wsTrustClient = new WSTrustClient(serviceName, portName, endpointAddress, new SecurityInfo(username, password));
+
+ QName securityQName = getSecurityQName(conf);
+ QName tokenQName = getTokenQName(conf);
+
+ Element securityToken = extractSecurityToken(messageContext, securityQName, tokenQName);
+ // Validate the security token with JBossSTS
+ final boolean valid = wsTrustClient.validateToken(securityToken);
+ if (valid == false)
+ {
+ log.info("Could not validate token");
+ // TODO: Create fault.
+ return false;
+ }
+ else
+ {
+ log.info("Succesfully validated Token : " + securityToken);
+ return true;
+ }
+ }
+ catch (final Exception e)
+ {
+ e.printStackTrace();
+ }
+ return false;
+ }
+
+ private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException
+ {
+ SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
+ // Inspect all SOAP Headers
+ Iterator examineAllHeaderElements = soapHeader.examineAllHeaderElements();
+ while (examineAllHeaderElements.hasNext())
+ {
+ SOAPHeaderElement elem = (SOAPHeaderElement) examineAllHeaderElements.next();
+ QName elementQName = elem.getElementQName();
+ if (elementQName.equals(securityQName))
+ {
+ // Get all(should only be one) the of the Security Headers
+ // that we are interested in.
+ Iterator childElements = elem.getChildElements(tokenQName);
+ while (childElements.hasNext())
+ {
+ return (Element) childElements.next();
+ }
+ }
+ }
+ return null;
+ }
+
+ private QName getSecurityQName(final Properties conf)
+ {
+ String securityElementName = conf.getProperty("securityElementName");
+ String securityElementNS = conf.getProperty("securityElementNS");
+ if (securityElementName == null)
+ securityElementName = "Security";
+ if (securityElementNS == null)
+ securityElementNS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+ return new QName(securityElementNS, securityElementName);
+ }
+
+ private QName getTokenQName(final Properties conf)
+ {
+ String tokenElementName = conf.getProperty("tokenElementName");
+ if (tokenElementName == null)
+ tokenElementName = "Assertion";
+ String tokenElementNS = conf.getProperty("tokenElementNS");
+ if (tokenElementNS == null)
+ tokenElementNS = "urn:oasis:names:tc:SAML:2.0:assertion";
+
+ return new QName(tokenElementNS, tokenElementName);
+ }
+
+ public Set<QName> getHeaders()
+ {
+ return null;
+ }
+
+ public void close(final MessageContext messageContext)
+ {
+ }
+
+ public boolean handleFault(final SOAPMessageContext messageContext)
+ {
+ return false;
+ }
+
+ protected Properties getConfiguration() throws Exception
+ {
+ // get the configuration file and parse it.
+ URL configurationFile = getClass().getResource(JBOSS_STS_PROPERTIES);
+ if (configurationFile == null)
+ throw new ConfigurationException("Could not locate '" + JBOSS_STS_PROPERTIES + "'");
+
+ InputStream in = null;
+ ;
+ try
+ {
+ final Properties properties = new Properties();
+ in = configurationFile.openStream();
+ properties.load(in);
+ return properties;
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Error parsing the configuration file:", e);
+ }
+ finally
+ {
+ in.close();
+ }
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml 2009-09-17 12:40:33 UTC (rev 29392)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/build.xml 2009-09-17 12:42:49 UTC (rev 29393)
@@ -6,7 +6,7 @@
</description>
<!-- additional deploys -->
- <property name="additional.deploys" value="jboss-wsse-client.xml, smooks/*.xml"/>
+ <property name="additional.deploys" value="jboss-wsse-client.xml, smooks/*.xml, jboss-sts.properties"/>
<target name="quickstart-specific-predeploys">
<copy file="${basedir}/jboss-sts.war" todir="${org.jboss.esb.server.deploy.dir}"/>
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/jboss-sts.properties 2009-09-17 12:42:49 UTC (rev 29393)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
+username=admin
+password=admin
Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/GoodbyeWorldWS.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/GoodbyeWorldWS.java 2009-09-17 12:40:33 UTC (rev 29392)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/GoodbyeWorldWS.java 2009-09-17 12:42:49 UTC (rev 29393)
@@ -4,6 +4,7 @@
import javax.jws.WebMethod;
import javax.jws.Oneway;
import javax.jws.WebParam;
+import javax.jws.HandlerChain;
import javax.jws.soap.SOAPBinding;
import org.jboss.soa.esb.message.Message;
@@ -14,6 +15,7 @@
/**
* @author
*/
+ at HandlerChain(file="handlerchain.xml")
@WebService(name = "GoodbyeWorldWS", targetNamespace="http://security_saml/goodbyeworld")
public class GoodbyeWorldWS {
Added: labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml (rev 0)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/samples/quickstarts/security_saml/src/org/jboss/soa/esb/samples/quickstart/securitysaml/webservice/handlerchain.xml 2009-09-17 12:42:49 UTC (rev 29393)
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jws:handler-config xmlns:jws="http://java.sun.com/xml/ns/javaee">
+ <jws:handler-chains>
+ <jws:handler-chain>
+ <jws:handler>
+ <jws:handler-class>org.jboss.soa.esb.services.security.auth.ws.JBossSTSSecurityHandler</jws:handler-class>
+ </jws:handler>
+ </jws:handler-chain>
+ </jws:handler-chains>
+</jws:handler-config>
More information about the jboss-svn-commits
mailing list