[picketlink-commits] Picketlink SVN: r319 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directory.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Sun Jun 27 16:57:26 EDT 2010
Author: sguilhen at redhat.com
Date: 2010-06-27 16:57:26 -0400 (Sun, 27 Jun 2010)
New Revision: 319
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java
Log:
PLFED-79: Added methods that support OnBehalfOf scenarios in STSClient and WSTrustClient
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-24 04:47:35 UTC (rev 318)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-27 20:57:26 UTC (rev 319)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.api.wstrust;
+import java.security.Principal;
+
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
@@ -64,7 +66,8 @@
public WSTrustClient(String serviceName, String port, String endpointURI, SecurityInfo secInfo)
throws ParsingException
{
- this(serviceName, port, new String[]{endpointURI}, secInfo);
+ this(serviceName, port, new String[]
+ {endpointURI}, secInfo);
}
public WSTrustClient(String serviceName, String port, String[] endpointURIs, SecurityInfo secInfo)
@@ -102,7 +105,7 @@
*/
public Element issueToken(String tokenType) throws WSTrustException
{
- return this.issueInternal(null, tokenType, 0);
+ return this.issueInternal(null, tokenType, null, 0);
}
/**
@@ -116,7 +119,7 @@
*/
public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException
{
- return this.issueInternal(endpointURI, null, 0);
+ return this.issueInternal(endpointURI, null, null, 0);
}
/**
@@ -133,9 +136,15 @@
*/
public Element issueToken(String endpointURI, String tokenType) throws WSTrustException
{
- return this.issueInternal(endpointURI, tokenType, 0);
+ return this.issueInternal(endpointURI, tokenType, null, 0);
}
+ public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal)
+ throws WSTrustException
+ {
+ return this.issueInternal(endpointURI, tokenType, principal, 0);
+ }
+
/**
* This method will send a RequestSecurityToken with a RequestType of renew
* and the passed-in tokenType identifies the type of token to be renewed by
@@ -175,7 +184,7 @@
{
return this.cancelInternal(token, 0);
}
-
+
/**
* <p>
* This method issues a token of the specified type for the specified service endpoint and has failover support when
@@ -187,24 +196,26 @@
* @param serviceEndpointURI a {@code String} representing the endpoint URI of the service that will be the ultimate
* recipient of the security token.
* @param tokenType a {@code String} representing the type of token to be issued.
+ * @param principal the {@code Principal} on behalf of whom the token will be issued.
* @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform
* the request.
* @return an {@code Element} representing the security token that has been issued.
* @throws WSTrustException if a WS-Trust exception is thrown by the STS.
*/
- private Element issueInternal(String serviceEndpointURI, String tokenType, int clientIndex) throws WSTrustException
+ private Element issueInternal(String serviceEndpointURI, String tokenType, Principal principal, int clientIndex)
+ throws WSTrustException
{
STSClient client = this.clients[clientIndex];
try
{
- return client.issueToken(serviceEndpointURI, tokenType);
+ return client.issueTokenOnBehalfOf(serviceEndpointURI, tokenType, principal);
}
catch (RuntimeException e)
{
// if this was a connection refused exception and we still have clients to try, call the next client.
if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1)
{
- return this.issueInternal(serviceEndpointURI, tokenType, ++clientIndex);
+ return this.issueInternal(serviceEndpointURI, tokenType, principal, ++clientIndex);
}
throw e;
}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-24 04:47:35 UTC (rev 318)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-27 20:57:26 UTC (rev 319)
@@ -22,6 +22,7 @@
package org.picketlink.identity.federation.core.wstrust;
import java.net.URI;
+import java.security.Principal;
import java.util.Map;
import javax.xml.namespace.QName;
@@ -81,6 +82,15 @@
dispatchLocal.set(dispatch);
}
+ public Element issueToken(String tokenType) throws WSTrustException
+ {
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ setTokenType(tokenType, request);
+ // send the token request to JBoss STS and get the response.
+ return issueToken(request);
+ }
+
/**
* Issues a Security Token for the ultimate recipient of the token.
*
@@ -120,12 +130,29 @@
return issueToken(request);
}
- public Element issueToken(String tokenType) throws WSTrustException
+ /**
+ * <p>
+ * Issues a security token on behalf of the specified principal.
+ * </p>
+ *
+ * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for
+ * the RequestSecurityToken which is an optional element so it may be null.
+ * @param tokenType the type of the token to be issued.
+ * @param principal the {@code Principal} to whom the token will be issued.
+ * @return an {@code Element} representing the issued security token.
+ * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified.
+ * @throws WSTrustException if an error occurs while issuing the security token.
+ */
+ public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal)
+ throws WSTrustException
{
- // create a custom token request message.
+ if (endpointURI == null && tokenType == null)
+ throw new IllegalArgumentException("One of endpointURI or tokenType must be provided.");
+
RequestSecurityToken request = new RequestSecurityToken();
+ setAppliesTo(endpointURI, request);
setTokenType(tokenType, request);
- // send the token request to JBoss STS and get the response.
+ setOnBehalfOf(principal, request);
return issueToken(request);
}
@@ -142,6 +169,13 @@
rst.setTokenType(URI.create(tokenType));
return rst;
}
+
+ private RequestSecurityToken setOnBehalfOf(Principal principal, RequestSecurityToken request)
+ {
+ if (principal != null)
+ request.setOnBehalfOf(WSTrustUtil.createOnBehalfOfWithUsername(principal.getName(), null));
+ return request;
+ }
private Element issueToken(RequestSecurityToken request) throws WSTrustException
{
More information about the picketlink-commits
mailing list