[picketlink-commits] Picketlink SVN: r626 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts and 5 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Tue Jan 4 12:14:48 EST 2011
Author: anil.saldhana at jboss.com
Date: 2011-01-04 12:14:44 -0500 (Tue, 04 Jan 2011)
New Revision: 626
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultRevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedRevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedSTSOperations.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedTokenRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevokedToken.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/SecurityTokenRegistry.java
Removed:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/DefaultRevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/FileBasedRevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/JPABasedRevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevocationRegistry.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevokedToken.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AttributeStatementType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnStatementType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthzDecisionStatementType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/BaseIDAbstractType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/ConditionsType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/NameIDType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/StatementAbstractType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectConfirmationType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLPolicyStatementType.java
Log:
bring in token registry and revocation registry into the token providers
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -21,7 +21,7 @@
*/
package org.picketlink.identity.federation.core.saml.v2.providers;
-import java.util.HashMap;
+import java.io.IOException;
import java.util.List;
import java.util.Map;
@@ -38,6 +38,7 @@
import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
@@ -66,21 +67,17 @@
* @author Anil.Saldhana at redhat.com
* @since Dec 30, 2010
*/
-public class SAML20AssertionTokenProvider implements SecurityTokenProvider
+public class SAML20AssertionTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider
{
- public static final String NS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
+ public static final String NS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
- private static Map<String, AssertionType> issuedAssertions = new HashMap<String, AssertionType>();
-
- private Map<String, String> properties;
-
private long ASSERTION_VALIDITY = 5000; //5secs in milis
private long CLOCK_SKEW = 2000; //2secs
public void initialize(Map<String, String> props)
{
- this.properties = props;
+ super.initialize(props);
String validity = this.properties.get( "ASSERTION_VALIDITY" );
if( validity != null )
@@ -152,7 +149,14 @@
throw new ProcessingException( e );
}
- issuedAssertions.put( assertionID, assertionType );
+ try
+ {
+ this.tokenRegistry.addToken(assertionID, assertionType);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException( e );
+ }
samlProtocolContext.setIssuedAssertion( assertionType );
}
@@ -195,8 +199,16 @@
{
throw new ProcessingException( e );
}
- issuedAssertions.put( issuedAssertion.getID(), issuedAssertion );
+
+ try
+ {
+ this.tokenRegistry.addToken( issuedAssertion.getID(), issuedAssertion );
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException( e );
+ }
samlProtocolContext.setIssuedAssertion( issuedAssertion );
}
@@ -214,7 +226,14 @@
SAMLProtocolContext samlProtocolContext = (SAMLProtocolContext) context;
AssertionType issuedAssertion = samlProtocolContext.getIssuedAssertion();
- issuedAssertions.remove( issuedAssertion.getID() );
+ try
+ {
+ this.tokenRegistry.removeToken( issuedAssertion.getID() );
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException( e );
+ }
}
/**
@@ -246,7 +265,7 @@
if( issuedAssertion == null )
throw new ProcessingException( "Assertion is null" );
- if( issuedAssertions.get( issuedAssertion.getID() ) == null )
+ if( this.tokenRegistry.getToken( issuedAssertion.getID() ) == null )
throw new ProcessingException( "Invalid Assertion" );
}
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,164 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts;
+
+import java.security.PrivilegedActionException;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.sts.registry.DefaultRevocationRegistry;
+import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry;
+import org.picketlink.identity.federation.core.sts.registry.FileBasedRevocationRegistry;
+import org.picketlink.identity.federation.core.sts.registry.FileBasedTokenRegistry;
+import org.picketlink.identity.federation.core.sts.registry.JPABasedRevocationRegistry;
+import org.picketlink.identity.federation.core.sts.registry.RevocationRegistry;
+import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry;
+
+/**
+ * Base Class for instances of {@code SecurityTokenProvider}
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 4, 2011
+ */
+public abstract class AbstractSecurityTokenProvider implements SecurityTokenProvider
+{
+ protected static Logger logger = Logger.getLogger( AbstractSecurityTokenProvider.class);
+
+ protected static final String TOKEN_REGISTRY = "TokenRegistry";
+
+ protected static final String TOKEN_REGISTRY_FILE = "TokenRegistryFile";
+
+ protected static final String REVOCATION_REGISTRY = "RevocationRegistry";
+
+ protected static final String REVOCATION_REGISTRY_FILE = "RevocationRegistryFile";
+
+ protected static final String REVOCATION_REGISTRY_JPA_CONFIG = "RevocationRegistryJPAConfig";
+
+ protected static final String ATTRIBUTE_PROVIDER = "AttributeProvider";
+
+ protected SecurityTokenRegistry tokenRegistry = new DefaultTokenRegistry();
+
+ protected RevocationRegistry revocationRegistry = new DefaultRevocationRegistry();
+
+ protected Map<String, String> properties;
+
+ public void initialize(Map<String, String> properties)
+ {
+ this.properties = properties;
+
+ //Check for token registry
+ String tokenRegistryOption = this.properties.get( TOKEN_REGISTRY );
+ if (tokenRegistryOption == null)
+ {
+ if (logger.isDebugEnabled())
+ logger.debug("Security Token registry option not specified: Issued Tokens will not be persisted!");
+ }
+ else
+ {
+ // if a file is to be used as registry, check if the user has specified the file name.
+ if ("FILE".equalsIgnoreCase( tokenRegistryOption ))
+ {
+ String tokenRegistryFile = this.properties.get( TOKEN_REGISTRY_FILE );
+ if ( tokenRegistryFile != null)
+ this.tokenRegistry = new FileBasedTokenRegistry( tokenRegistryFile );
+ else
+ this.tokenRegistry = new FileBasedTokenRegistry();
+ }
+ // the user has specified its own registry implementation class.
+ else
+ {
+ try
+ {
+ Object object = SecurityActions.instantiateClass( tokenRegistryOption );
+ if (object instanceof RevocationRegistry)
+ this.tokenRegistry = ( SecurityTokenRegistry ) object;
+ else
+ {
+ logger.warn( tokenRegistryOption + " is not an instance of SecurityTokenRegistry - using default registry");
+ }
+ }
+ catch (PrivilegedActionException pae )
+ {
+ logger.warn("Error instantiating revocation registry class - using default registry");
+ pae.printStackTrace();
+ }
+ }
+
+ if( this.tokenRegistry == null )
+ tokenRegistry = new DefaultTokenRegistry();
+
+
+ // check if a revocation registry option has been set.
+ String registryOption = this.properties.get(REVOCATION_REGISTRY);
+ if (registryOption == null)
+ {
+ if (logger.isDebugEnabled())
+ logger.debug("Revocation registry option not specified: cancelled ids will not be persisted!");
+ }
+ else
+ {
+ // if a file is to be used as registry, check if the user has specified the file name.
+ if ("FILE".equalsIgnoreCase(registryOption))
+ {
+ String registryFile = this.properties.get(REVOCATION_REGISTRY_FILE);
+ if (registryFile != null)
+ this.revocationRegistry = new FileBasedRevocationRegistry(registryFile);
+ else
+ this.revocationRegistry = new FileBasedRevocationRegistry();
+ }
+ // another option is to use the default JPA registry to store the revoked ids.
+ else if ("JPA".equalsIgnoreCase(registryOption))
+ {
+ String configuration = this.properties.get(REVOCATION_REGISTRY_JPA_CONFIG);
+ if (configuration != null)
+ this.revocationRegistry = new JPABasedRevocationRegistry(configuration);
+ else
+ this.revocationRegistry = new JPABasedRevocationRegistry();
+ }
+ // the user has specified its own registry implementation class.
+ else
+ {
+ try
+ {
+ Object object = SecurityActions.instantiateClass(registryOption);
+ if (object instanceof RevocationRegistry)
+ this.revocationRegistry = (RevocationRegistry) object;
+ else
+ {
+ logger.warn(registryOption + " is not an instance of RevocationRegistry - using default registry");
+ }
+ }
+ catch (PrivilegedActionException pae )
+ {
+ logger.warn("Error instantiating revocation registry class - using default registry");
+ pae.printStackTrace();
+ }
+ }
+ }
+
+ if( this.revocationRegistry == null )
+ this.revocationRegistry = new DefaultRevocationRegistry();
+ }
+ }
+
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * <p>
+ * Utility class that executes actions such as creating a class in privileged blocks.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+class SecurityActions
+{
+
+ /**
+ * <p>
+ * Gets the thread context class loader using a privileged block.
+ * </p>
+ *
+ * @return a reference to the thread context {@code ClassLoader}.
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ /**
+ * <p>
+ * Loads a class using the thread context class loader in a privileged block.
+ * </p>
+ *
+ * @param name the fully-qualified name of the class to be loaded.
+ * @return a reference to the loaded {@code Class}.
+ * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause
+ * of the error, so classes using this method must perform a {@code getCause()} in order to get a
+ * reference to the root of the error.
+ */
+ static Class<?> loadClass(final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return getContextClassLoader().loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+
+ /**
+ * <p>
+ * Creates an instance of the specified class in a privileged block. The class must define a default constructor.
+ * </p>
+ *
+ * @param className the fully-qualified name of the class to be instantiated.
+ * @return a reference to the instantiated {@code Object}.
+ * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real
+ * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a
+ * reference to the root of the error.
+ */
+ static Object instantiateClass(final String className) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ Class<?> objectClass = loadClass(className);
+ return objectClass.newInstance();
+ }
+ });
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultRevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultRevocationRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultRevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * <p>
+ * A simple {@code RevocationRegistry} that keeps the revoked token ids in a memory-only cache. This registry is only
+ * used if no other implementation has been configured and it doesn't persist the revoked ids. For these reasons it is
+ * highly recommended that this implementation be used only in testing scenarios.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class DefaultRevocationRegistry implements RevocationRegistry
+{
+ private static Set<String> ids = new HashSet<String>();
+
+ /*
+ * (non-Javadoc)
+ * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#isRevoked(java.lang.String, java.lang.String)
+ */
+ public boolean isRevoked(String tokenType, String id)
+ {
+ return ids.contains(id);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#revokeToken(java.lang.String, java.lang.String)
+ */
+ public void revokeToken(String tokenType, String id)
+ {
+ ids.add(id);
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * Hashmap based token registry
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 4, 2011
+ */
+public class DefaultTokenRegistry implements SecurityTokenRegistry
+{
+ protected Map<String, Object> tokens = new HashMap<String,Object>();
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#addToken(java.lang.String, java.lang.Object)
+ */
+ public void addToken(String tokenID, Object token)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ tokens.put( tokenID, token );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#getToken(java.lang.String)
+ */
+ public Object getToken(String tokenID)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ return tokens.get( tokenID );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#removeToken(java.lang.String)
+ */
+ public void removeToken(String tokenID) throws IOException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+ tokens.remove( tokenID );
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedRevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedRevocationRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedRevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,153 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * <p>
+ * {@code FileBasedRevocationRegistry} is a revocation registry implementation that uses a file to store the ids of the
+ * revoked (canceled) security tokens. By default all ids are stored in $HOME/picketlink-store/sts/revoked.ids but a
+ * different location can be specified through the constructor that takes the file name as a parameter.
+ * </p>
+ * <p>
+ * NOTE: this implementation use a local cache to avoid reading the file system every time a revocation check is made,
+ * making this registry a bad choice for distributed scenarios. Even though the registry file is updated whenever a
+ * new id is revoked, each node in the cluster will have its own cached view and thus a token that has been canceled by
+ * one node may be accepted by another live node as the caches are not refreshed or synchronized.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class FileBasedRevocationRegistry extends FileBasedSTSOperations implements RevocationRegistry
+{
+ private static Logger logger = Logger.getLogger(FileBasedRevocationRegistry.class);
+
+ protected static final String FILE_NAME = "revoked.ids";
+
+ // this set contains the ids of the revoked security tokens.
+ protected static Set<String> revokedIds = new HashSet<String>();
+
+ // the file that stores the revoked ids.
+ protected File registryFile;
+
+ /**
+ * <p>
+ * Creates an instance of {@code RevocationRegistryFile} that stores the canceled ids in the default
+ * {@code $HOME/picketlink-store/sts/revoked.ids} file.
+ * </p>
+ */
+ public FileBasedRevocationRegistry()
+ {
+ this( FILE_NAME );
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RevocationRegistryFile} that stores the canceled ids in specified file.
+ * </p>
+ *
+ * @param registryFile a {@code String} that indicates the file that must be used to store revoked ids.
+ */
+ public FileBasedRevocationRegistry(String registryFileName )
+ {
+ super();
+ this.registryFile = create( registryFileName );
+
+ // load the revoked ids cache.
+ this.loadRevokedIds();
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#isRevoked(java.lang.String, java.lang.String)
+ */
+ public boolean isRevoked(String tokenType, String id)
+ {
+ return revokedIds.contains(id);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#revokeToken(java.lang.String, java.lang.String)
+ */
+ public synchronized void revokeToken(String tokenType, String id)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ try
+ {
+ // write a new line with the revoked id at the end of the file.
+ BufferedWriter writer = new BufferedWriter(new FileWriter(this.registryFile, true));
+ writer.write(id + "\n");
+ writer.close();
+ }
+ catch (IOException ioe)
+ {
+ if (logger.isDebugEnabled())
+ logger.debug("Error appending content to registry file: " + ioe.getMessage());
+ ioe.printStackTrace();
+ }
+ // add the revoked id to the local cache.
+ revokedIds.add(id);
+ }
+
+ /**
+ * <p>
+ * This method loads the ids of the revoked assertions from the registry file. All retrieved ids are set in the
+ * local cache of revoked ids.
+ * </p>
+ */
+ private void loadRevokedIds()
+ {
+ try
+ {
+ // read the file contents and populate the local cache.
+ BufferedReader reader = new BufferedReader(new FileReader(this.registryFile));
+ String id = reader.readLine();
+ while (id != null)
+ {
+ revokedIds.add(id);
+ id = reader.readLine();
+ }
+ reader.close();
+ }
+ catch (IOException ioe)
+ {
+ if (logger.isDebugEnabled())
+ logger.debug("Error opening registry file: " + ioe.getMessage());
+ ioe.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedSTSOperations.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedSTSOperations.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedSTSOperations.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.log4j.Logger;
+
+/**
+ * A base class for file based STS operations
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 4, 2011
+ */
+public abstract class FileBasedSTSOperations
+{
+ private static Logger logger = Logger.getLogger( FileBasedSTSOperations.class );
+ protected File directory;
+
+ public FileBasedSTSOperations()
+ {
+ // use the default location registry file location.
+ StringBuilder builder = new StringBuilder();
+ builder.append(System.getProperty("user.home"));
+ builder.append(System.getProperty("file.separator") + "picketlink-store");
+ builder.append(System.getProperty("file.separator") + "sts");
+
+ // check if the $HOME/picketlink-store/sts directory exists.
+ directory = new File(builder.toString());
+ if (!directory.exists())
+ directory.mkdirs();
+ }
+
+ /**
+ * Create a file with the provided name
+ * @param fileName
+ * @return {@code File} handle
+ */
+ protected File create( String fileName )
+ {
+ if ( fileName == null)
+ throw new IllegalArgumentException("The file name cannot be null");
+
+ // check if the specified file exists. If not, create it.
+ File createdFile = new File( fileName );
+ if (! createdFile.exists())
+ {
+ try
+ {
+ createdFile.createNewFile();
+ }
+ catch (IOException ioe)
+ {
+ if (logger.isDebugEnabled())
+ logger.debug("Error creating file: " + ioe.getMessage());
+ ioe.printStackTrace();
+ }
+ }
+ return createdFile;
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedTokenRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedTokenRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/FileBasedTokenRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,173 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * A File based implementation of the {@code SecurityTokenRegistry}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 4, 2011
+ */
+public class FileBasedTokenRegistry extends FileBasedSTSOperations implements SecurityTokenRegistry
+{
+ protected static final String FILE_NAME = "token.registry";
+
+ // the file that stores the tokens.
+ protected File registryFile;
+
+ protected Map<String,TokenHolder> holders = new HashMap<String,TokenHolder>();
+
+ public FileBasedTokenRegistry()
+ {
+ this( FILE_NAME );
+ }
+
+ public FileBasedTokenRegistry( String fileName )
+ {
+ super();
+ if( directory == null )
+ throw new IllegalStateException( "The directory has not been set" );
+
+ // check if the default registry file exists.
+ this.registryFile = create( fileName );
+
+ try
+ {
+ read();
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException( e );
+ }
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#addToken(java.lang.String, java.lang.Object)
+ */
+ public void addToken(String tokenID, Object token) throws IOException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ if( !( token instanceof Serializable ))
+ throw new IOException( "Token is not serialiable" );
+
+ holders.put(tokenID, new TokenHolder(tokenID, token));
+ flush();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#removeToken(java.lang.String)
+ */
+ public void removeToken(String tokenID) throws IOException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ holders.remove(tokenID);
+ flush();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#getToken(java.lang.String)
+ */
+ public Object getToken(String tokenID)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ TokenHolder holder = holders.get( tokenID );
+ if( holder != null )
+ return holder.token;
+
+ return null;
+ }
+
+ protected synchronized void flush() throws IOException
+ {
+ FileOutputStream fos = new FileOutputStream( registryFile );
+ ObjectOutputStream oos = new ObjectOutputStream(fos);
+ oos.writeObject( holders );
+ oos.close();
+ }
+
+ @SuppressWarnings("unchecked")
+ protected synchronized void read() throws IOException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ FileInputStream fis = new FileInputStream( registryFile );
+ ObjectInputStream ois = new ObjectInputStream(fis);
+ try
+ {
+ holders = (Map<String, TokenHolder>) ois.readObject();
+ }
+ catch (ClassNotFoundException e)
+ {
+ throw new IOException( e );
+ }
+ finally
+ {
+ ois.close();
+ }
+ }
+
+ protected static class TokenHolder implements Serializable
+ {
+ private static final long serialVersionUID = 1L;
+ String id;
+ Object token;
+
+ public TokenHolder(String id, Object token)
+ {
+ super();
+ this.id = id;
+ this.token = token;
+ }
+
+ public String getId()
+ {
+ return id;
+ }
+
+ public Object getToken()
+ {
+ return token;
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,117 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import javax.persistence.EntityTransaction;
+import javax.persistence.Persistence;
+
+import org.apache.log4j.Logger;
+
+/**
+ * <p>
+ * {@code JPABasedRevocationRegistry} is a revocation registry implementation that uses JPA to store the ids of the
+ * revoked (canceled) security tokens on a database. By default, the JPA configuration has the name {@code picketlink-sts}
+ * but a different configuration name can be specified through the constructor that takes a {@code String} as a parameter.
+ * </p>
+ * <p>
+ * NOTE: this implementation doesn't keep any cache of the security token ids. It performs a JPA query every time the
+ * {@code isRevoked(String id)} method is called. Many JPA providers have internal caching mechanisms that can keep the
+ * data in the cache synchronized with the database and avoid unnecessary trips to the database. This makes this registry
+ * a good choice for clustered environments as any changes to the revocation table made by a node will be visible to
+ * the other nodes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class JPABasedRevocationRegistry implements RevocationRegistry
+{
+
+ private static Logger logger = Logger.getLogger(JPABasedRevocationRegistry.class);
+
+ private EntityManagerFactory factory;
+
+ /**
+ * <p>
+ * Creates an instance of {@code JPABasedRevocationRegistry} that uses the default {@code picketlink-sts} JPA
+ * configuration to persist the ids of the canceled security tokens.
+ * </p>
+ */
+ public JPABasedRevocationRegistry()
+ {
+ this ("picketlink-sts");
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code JPABasedRevocationRegistry} that uses the specified JPA configuration to persist
+ * the ids of the canceled security tokens.
+ * </p>
+ *
+ * @param configuration a {@code String} representing the JPA configuration name to be used.
+ */
+ public JPABasedRevocationRegistry(String configuration)
+ {
+ if (configuration == null)
+ throw new IllegalArgumentException("The JPA configuration name cannot be null");
+ this.factory = Persistence.createEntityManagerFactory(configuration);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#isRevoked(java.lang.String, java.lang.String)
+ */
+ public boolean isRevoked(String tokenType, String id)
+ {
+ // try to locate a RevokedToken entity with the specified id.
+ EntityManager manager = this.factory.createEntityManager();
+ Object object = manager.find(RevokedToken.class, id);
+ manager.close();
+
+ return object != null;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#revokeToken(java.lang.String, java.lang.String)
+ */
+ public void revokeToken(String tokenType, String id)
+ {
+ // if a RevokedToken entity with the specified id doesn't exist in the database, create one and insert it.
+ EntityManager manager = this.factory.createEntityManager();
+ if (manager.find(RevokedToken.class, id) != null)
+ {
+ if (logger.isDebugEnabled())
+ logger.debug("Token with id=" + id + " has already been cancelled");
+ }
+ else
+ {
+ RevokedToken revokedToken = new RevokedToken(tokenType, id);
+ EntityTransaction transaction = manager.getTransaction();
+ transaction.begin();
+ manager.persist(revokedToken);
+ transaction.commit();
+ }
+ manager.close();
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevocationRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+/**
+ * <p>
+ * A {@code RevocationRegistry} is used to store the ids of revoked (canceled) security tokens.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public interface RevocationRegistry
+{
+ /**
+ * <p>
+ * Indicates whether the token with the specified id has been revoked or not.
+ * </p>
+ *
+ * @param tokenType a {@code String} representing the token type.
+ * @param id a {@code String} representing the token id.
+ * @return {@code true} if the specified id has been revoked; {@code false} otherwise.
+ */
+ public boolean isRevoked(String tokenType, String id);
+
+ /**
+ * <p>
+ * Adds the specified id to the revocation registry. The security token type can be used to distinguish tokens
+ * that may have the same id but that are of different types.
+ * </p>
+ *
+ * @param tokenType a {@code String} representing the security token type.
+ * @param id the id to registered.
+ */
+ public void revokeToken(String tokenType, String id);
+}
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevokedToken.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevokedToken.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/RevokedToken.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,118 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+
+/**
+ * <p>
+ * {@code RevokedToken} is a simple JPA entity used by the {@code JPABasedRevocationRegistry} to persist the ids of
+ * the revoked security tokens.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ at Entity
+public class RevokedToken
+{
+
+ @Column
+ private String tokenType;
+
+ @Id
+ private String tokenId;
+
+ /**
+ * <p>
+ * Default constructor.
+ * </p>
+ */
+ public RevokedToken()
+ {
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RevokedToken} with the specified token type and token id.
+ * </p>
+ *
+ * @param tokenType a {@code String} representing the token type.
+ * @param tokenId a {@code String} representing the token id.
+ */
+ public RevokedToken(String tokenType, String tokenId)
+ {
+ this.tokenType = tokenType;
+ this.tokenId = tokenId;
+ }
+
+ /**
+ * <p>
+ * Obtains the type of the revoked security token.
+ * </p>
+ *
+ * @return a {@code String} containing the revoked token type.
+ */
+ public String getTokenType()
+ {
+ return this.tokenType;
+ }
+
+ /**
+ * <p>
+ * Sets the type of revoked security token.
+ * </p>
+ *
+ * @param tokenType a {@code String} containing the type to be set.
+ */
+ public void setTokenType(String tokenType)
+ {
+ this.tokenType = tokenType;
+ }
+
+ /**
+ * <p>
+ * Obtains the id of the revoked security token.
+ * </p>
+ *
+ * @return a {@code String} containing the revoked token id.
+ */
+ public String getTokenId()
+ {
+ return this.tokenId;
+ }
+
+ /**
+ * <p>
+ * Sets the id of the revoked security token.
+ * </p>
+ *
+ * @param tokenId a {@code String} containing the id to be set.
+ */
+ public void setTokenId(String tokenId)
+ {
+ this.tokenId = tokenId;
+ }
+
+
+}
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/SecurityTokenRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/SecurityTokenRegistry.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/SecurityTokenRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.sts.registry;
+
+import java.io.IOException;
+
+
+/**
+ * A registry of Security Tokens that may be issued by
+ * instances of {@code SecurityTokenProvider}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 4, 2011
+ */
+public interface SecurityTokenRegistry
+{
+ /**
+ * Add a token to the registry with the given id
+ * @param tokenID
+ * @param token
+ * @throws {@code IOException}
+ */
+ void addToken( String tokenID, Object token ) throws IOException;
+
+ /**
+ * Remove a token given the ID
+ * @param tokenID
+ * @param token
+ * @throws {@code IOException}
+ */
+ void removeToken( String tokenID ) throws IOException;
+
+ /**
+ * Given the id, return a token
+ * @param tokenID
+ * @return
+ */
+ Object getToken( String tokenID );
+}
\ No newline at end of file
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/DefaultRevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/DefaultRevocationRegistry.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/DefaultRevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -1,58 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.wstrust.plugins;
-
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * <p>
- * A simple {@code RevocationRegistry} that keeps the revoked token ids in a memory-only cache. This registry is only
- * used if no other implementation has been configured and it doesn't persist the revoked ids. For these reasons it is
- * highly recommended that this implementation be used only in testing scenarios.
- * </p>
- *
- * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
- */
-public class DefaultRevocationRegistry implements RevocationRegistry
-{
- private static Set<String> ids = new HashSet<String>();
-
- /*
- * (non-Javadoc)
- * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#isRevoked(java.lang.String, java.lang.String)
- */
- public boolean isRevoked(String tokenType, String id)
- {
- return ids.contains(id);
- }
-
- /*
- * (non-Javadoc)
- * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#revokeToken(java.lang.String, java.lang.String)
- */
- public void revokeToken(String tokenType, String id)
- {
- ids.add(id);
- }
-
-}
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/FileBasedRevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/FileBasedRevocationRegistry.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/FileBasedRevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -1,191 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.wstrust.plugins;
-
-import java.io.BufferedReader;
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileReader;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.log4j.Logger;
-
-/**
- * <p>
- * {@code FileBasedRevocationRegistry} is a revocation registry implementation that uses a file to store the ids of the
- * revoked (canceled) security tokens. By default all ids are stored in $HOME/picketlink-store/sts/revoked.ids but a
- * different location can be specified through the constructor that takes the file name as a parameter.
- * </p>
- * <p>
- * NOTE: this implementation use a local cache to avoid reading the file system every time a revocation check is made,
- * making this registry a bad choice for distributed scenarios. Even though the registry file is updated whenever a
- * new id is revoked, each node in the cluster will have its own cached view and thus a token that has been canceled by
- * one node may be accepted by another live node as the caches are not refreshed or synchronized.
- * </p>
- *
- * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
- */
-public class FileBasedRevocationRegistry implements RevocationRegistry
-{
- private static Logger logger = Logger.getLogger(FileBasedRevocationRegistry.class);
-
- // this set contains the ids of the revoked security tokens.
- private static Set<String> revokedIds = new HashSet<String>();
-
- // the file that stores the revoked ids.
- private File registryFile;
-
- /**
- * <p>
- * Creates an instance of {@code RevocationRegistryFile} that stores the canceled ids in the default
- * {@code $HOME/picketlink-store/sts/revoked.ids} file.
- * </p>
- */
- public FileBasedRevocationRegistry()
- {
- // use the default location registry file location.
- StringBuilder builder = new StringBuilder();
- builder.append(System.getProperty("user.home"));
- builder.append(System.getProperty("file.separator") + "picketlink-store");
- builder.append(System.getProperty("file.separator") + "sts");
-
- // check if the $HOME/picketlink-store/sts directory exists.
- File directory = new File(builder.toString());
- if (!directory.exists())
- directory.mkdirs();
-
- // check if the default registry file exists.
- this.registryFile = new File(directory, "revoked.ids");
- if (!this.registryFile.exists())
- {
- try
- {
- this.registryFile.createNewFile();
- }
- catch (IOException ioe)
- {
- if (logger.isDebugEnabled())
- logger.debug("Error creating default registry file: " + ioe.getMessage());
- ioe.printStackTrace();
- }
- }
-
- // load the revoked ids cache.
- this.loadRevokedIds();
- }
-
- /**
- * <p>
- * Creates an instance of {@code RevocationRegistryFile} that stores the canceled ids in specified file.
- * </p>
- *
- * @param registryFile a {@code String} that indicates the file that must be used to store revoked ids.
- */
- public FileBasedRevocationRegistry(String registryFile)
- {
- if (registryFile == null)
- throw new IllegalArgumentException("The revoked ids file cannot be null");
-
- // check if the specified file exists. If not, create it.
- this.registryFile = new File(registryFile);
- if (!this.registryFile.exists())
- {
- try
- {
- this.registryFile.createNewFile();
- }
- catch (IOException ioe)
- {
- if (logger.isDebugEnabled())
- logger.debug("Error creating registry file: " + ioe.getMessage());
- ioe.printStackTrace();
- }
- }
-
- // load the revoked ids cache.
- this.loadRevokedIds();
- }
-
- /*
- * (non-Javadoc)
- * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#isRevoked(java.lang.String, java.lang.String)
- */
- public boolean isRevoked(String tokenType, String id)
- {
- return revokedIds.contains(id);
- }
-
- /*
- * (non-Javadoc)
- * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#revokeToken(java.lang.String, java.lang.String)
- */
- public synchronized void revokeToken(String tokenType, String id)
- {
- try
- {
- // write a new line with the revoked id at the end of the file.
- BufferedWriter writer = new BufferedWriter(new FileWriter(this.registryFile, true));
- writer.write(id + "\n");
- writer.close();
- }
- catch (IOException ioe)
- {
- if (logger.isDebugEnabled())
- logger.debug("Error appending content to registry file: " + ioe.getMessage());
- ioe.printStackTrace();
- }
- // add the revoked id to the local cache.
- revokedIds.add(id);
-
- }
-
- /**
- * <p>
- * This method loads the ids of the revoked assertions from the registry file. All retrieved ids are set in the
- * local cache of revoked ids.
- * </p>
- */
- private void loadRevokedIds()
- {
- try
- {
- // read the file contents and populate the local cache.
- BufferedReader reader = new BufferedReader(new FileReader(this.registryFile));
- String id = reader.readLine();
- while (id != null)
- {
- revokedIds.add(id);
- id = reader.readLine();
- }
- reader.close();
- }
- catch (IOException ioe)
- {
- if (logger.isDebugEnabled())
- logger.debug("Error opening registry file: " + ioe.getMessage());
- ioe.printStackTrace();
- }
- }
-}
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/JPABasedRevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/JPABasedRevocationRegistry.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/JPABasedRevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -1,118 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.wstrust.plugins;
-
-import javax.persistence.EntityManager;
-import javax.persistence.EntityManagerFactory;
-import javax.persistence.EntityTransaction;
-import javax.persistence.Persistence;
-
-import org.apache.log4j.Logger;
-
-/**
- * <p>
- * {@code JPABasedRevocationRegistry} is a revocation registry implementation that uses JPA to store the ids of the
- * revoked (canceled) security tokens on a database. By default, the JPA configuration has the name {@code picketlink-sts}
- * but a different configuration name can be specified through the constructor that takes a {@code String} as a parameter.
- * </p>
- * <p>
- * NOTE: this implementation doesn't keep any cache of the security token ids. It performs a JPA query every time the
- * {@code isRevoked(String id)} method is called. Many JPA providers have internal caching mechanisms that can keep the
- * data in the cache synchronized with the database and avoid unnecessary trips to the database. This makes this registry
- * a good choice for clustered environments as any changes to the revocation table made by a node will be visible to
- * the other nodes.
- * </p>
- *
- * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
- */
-public class JPABasedRevocationRegistry implements RevocationRegistry
-{
-
- private static Logger logger = Logger.getLogger(JPABasedRevocationRegistry.class);
-
- private EntityManagerFactory factory;
-
- /**
- * <p>
- * Creates an instance of {@code JPABasedRevocationRegistry} that uses the default {@code picketlink-sts} JPA
- * configuration to persist the ids of the canceled security tokens.
- * </p>
- */
- public JPABasedRevocationRegistry()
- {
- this ("picketlink-sts");
- }
-
- /**
- * <p>
- * Creates an instance of {@code JPABasedRevocationRegistry} that uses the specified JPA configuration to persist
- * the ids of the canceled security tokens.
- * </p>
- *
- * @param configuration a {@code String} representing the JPA configuration name to be used.
- */
- public JPABasedRevocationRegistry(String configuration)
- {
- if (configuration == null)
- throw new IllegalArgumentException("The JPA configuration name cannot be null");
- this.factory = Persistence.createEntityManagerFactory(configuration);
- }
-
- /*
- * (non-Javadoc)
- * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#isRevoked(java.lang.String, java.lang.String)
- */
- public boolean isRevoked(String tokenType, String id)
- {
- // try to locate a RevokedToken entity with the specified id.
- EntityManager manager = this.factory.createEntityManager();
- Object object = manager.find(RevokedToken.class, id);
- manager.close();
-
- return object != null;
- }
-
- /*
- * (non-Javadoc)
- * @see org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry#revokeToken(java.lang.String, java.lang.String)
- */
- public void revokeToken(String tokenType, String id)
- {
- // if a RevokedToken entity with the specified id doesn't exist in the database, create one and insert it.
- EntityManager manager = this.factory.createEntityManager();
- if (manager.find(RevokedToken.class, id) != null)
- {
- if (logger.isDebugEnabled())
- logger.debug("Token with id=" + id + " has already been cancelled");
- }
- else
- {
- RevokedToken revokedToken = new RevokedToken(tokenType, id);
- EntityTransaction transaction = manager.getTransaction();
- transaction.begin();
- manager.persist(revokedToken);
- transaction.commit();
- }
- manager.close();
- }
-
-}
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevocationRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevocationRegistry.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevocationRegistry.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -1,54 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.wstrust.plugins;
-
-/**
- * <p>
- * A {@code RevocationRegistry} is used to store the ids of revoked (canceled) security tokens.
- * </p>
- *
- * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
- */
-public interface RevocationRegistry
-{
- /**
- * <p>
- * Indicates whether the token with the specified id has been revoked or not.
- * </p>
- *
- * @param tokenType a {@code String} representing the token type.
- * @param id a {@code String} representing the token id.
- * @return {@code true} if the specified id has been revoked; {@code false} otherwise.
- */
- public boolean isRevoked(String tokenType, String id);
-
- /**
- * <p>
- * Adds the specified id to the revocation registry. The security token type can be used to distinguish tokens
- * that may have the same id but that are of different types.
- * </p>
- *
- * @param tokenType a {@code String} representing the security token type.
- * @param id the id to registered.
- */
- public void revokeToken(String tokenType, String id);
-}
Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevokedToken.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevokedToken.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/RevokedToken.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -1,118 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.core.wstrust.plugins;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.Id;
-
-/**
- * <p>
- * {@code RevokedToken} is a simple JPA entity used by the {@code JPABasedRevocationRegistry} to persist the ids of
- * the revoked security tokens.
- * </p>
- *
- * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
- */
- at Entity
-public class RevokedToken
-{
-
- @Column
- private String tokenType;
-
- @Id
- private String tokenId;
-
- /**
- * <p>
- * Default constructor.
- * </p>
- */
- public RevokedToken()
- {
- }
-
- /**
- * <p>
- * Creates an instance of {@code RevokedToken} with the specified token type and token id.
- * </p>
- *
- * @param tokenType a {@code String} representing the token type.
- * @param tokenId a {@code String} representing the token id.
- */
- public RevokedToken(String tokenType, String tokenId)
- {
- this.tokenType = tokenType;
- this.tokenId = tokenId;
- }
-
- /**
- * <p>
- * Obtains the type of the revoked security token.
- * </p>
- *
- * @return a {@code String} containing the revoked token type.
- */
- public String getTokenType()
- {
- return this.tokenType;
- }
-
- /**
- * <p>
- * Sets the type of revoked security token.
- * </p>
- *
- * @param tokenType a {@code String} containing the type to be set.
- */
- public void setTokenType(String tokenType)
- {
- this.tokenType = tokenType;
- }
-
- /**
- * <p>
- * Obtains the id of the revoked security token.
- * </p>
- *
- * @return a {@code String} containing the revoked token id.
- */
- public String getTokenId()
- {
- return this.tokenId;
- }
-
- /**
- * <p>
- * Sets the id of the revoked security token.
- * </p>
- *
- * @param tokenId a {@code String} containing the id to be set.
- */
- public void setTokenId(String tokenId)
- {
- this.tokenId = tokenId;
- }
-
-
-}
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -34,15 +34,12 @@
import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
import org.picketlink.identity.federation.core.wstrust.SecurityToken;
import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
-import org.picketlink.identity.federation.core.wstrust.plugins.DefaultRevocationRegistry;
-import org.picketlink.identity.federation.core.wstrust.plugins.FileBasedRevocationRegistry;
-import org.picketlink.identity.federation.core.wstrust.plugins.JPABasedRevocationRegistry;
-import org.picketlink.identity.federation.core.wstrust.plugins.RevocationRegistry;
import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
@@ -66,23 +63,10 @@
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
*/
-public class SAML20TokenProvider implements SecurityTokenProvider
+public class SAML20TokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider
{
+ protected static Logger logger = Logger.getLogger(SAML20TokenProvider.class);
- private static Logger logger = Logger.getLogger(SAML20TokenProvider.class);
-
- private static final String REVOCATION_REGISTRY = "RevocationRegistry";
-
- private static final String REVOCATION_REGISTRY_FILE = "RevocationRegistryFile";
-
- private static final String REVOCATION_REGISTRY_JPA_CONFIG = "RevocationRegistryJPAConfig";
-
- private static final String ATTRIBUTE_PROVIDER = "AttributeProvider";
-
- private RevocationRegistry revocationRegistry;
-
- private Map<String, String> properties;
-
private SAML20TokenAttributeProvider attributeProvider;
/*
@@ -92,59 +76,8 @@
*/
public void initialize(Map<String, String> properties)
{
- this.properties = properties;
-
- // check if a revocation registry option has been set.
- String registryOption = this.properties.get(REVOCATION_REGISTRY);
- if (registryOption == null)
- {
- if (logger.isDebugEnabled())
- logger.debug("Revocation registry option not specified: cancelled ids will not be persisted!");
- this.revocationRegistry = new DefaultRevocationRegistry();
- }
- else
- {
- // if a file is to be used as registry, check if the user has specified the file name.
- if ("FILE".equalsIgnoreCase(registryOption))
- {
- String registryFile = this.properties.get(REVOCATION_REGISTRY_FILE);
- if (registryFile != null)
- this.revocationRegistry = new FileBasedRevocationRegistry(registryFile);
- else
- this.revocationRegistry = new FileBasedRevocationRegistry();
- }
- // another option is to use the default JPA registry to store the revoked ids.
- else if ("JPA".equalsIgnoreCase(registryOption))
- {
- String configuration = this.properties.get(REVOCATION_REGISTRY_JPA_CONFIG);
- if (configuration != null)
- this.revocationRegistry = new JPABasedRevocationRegistry(configuration);
- else
- this.revocationRegistry = new JPABasedRevocationRegistry();
- }
- // the user has specified its own registry implementation class.
- else
- {
- try
- {
- Object object = SecurityActions.instantiateClass(registryOption);
- if (object instanceof RevocationRegistry)
- this.revocationRegistry = (RevocationRegistry) object;
- else
- {
- logger.warn(registryOption + " is not an instance of RevocationRegistry - using default registry");
- this.revocationRegistry = new DefaultRevocationRegistry();
- }
- }
- catch (PrivilegedActionException pae)
- {
- logger.warn("Error instantiating revocation registry class - using default registry");
- pae.printStackTrace();
- this.revocationRegistry = new DefaultRevocationRegistry();
- }
- }
- }
-
+ super.initialize(properties);
+
// Check if an attribute provider has been set.
String attributeProviderClassName = this.properties.get(ATTRIBUTE_PROVIDER);
if (attributeProviderClassName == null)
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AssertionType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.assertion;
+import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
@@ -52,8 +53,10 @@
* @author Anil.Saldhana at redhat.com
* @since Nov 24, 2010
*/
-public class AssertionType
-{
+public class AssertionType implements Serializable
+{
+ private static final long serialVersionUID = 1L;
+
private String ID;
private Element signature;
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AttributeStatementType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AttributeStatementType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AttributeStatementType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -50,7 +50,8 @@
*/
public class AttributeStatementType
extends StatementAbstractType
-{
+{
+ private static final long serialVersionUID = 1L;
protected List<ASTChoiceType> attributes = new ArrayList<ASTChoiceType>();
public void addAttribute( ASTChoiceType attribute )
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnStatementType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnStatementType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthnStatementType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -49,8 +49,9 @@
*/
public class AuthnStatementType
extends StatementAbstractType
-{
-
+{
+ private static final long serialVersionUID = 1L;
+
protected SubjectLocalityType subjectLocality;
protected AuthnContextType authnContext;
protected XMLGregorianCalendar authnInstant;
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthzDecisionStatementType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthzDecisionStatementType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/AuthzDecisionStatementType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -49,96 +49,96 @@
*
*/
public class AuthzDecisionStatementType
- extends StatementAbstractType
-{
+extends StatementAbstractType
+{
+ private static final long serialVersionUID = 1L;
+ protected List<ActionType> action = new ArrayList<ActionType>();
+ protected EvidenceType evidence;
+ protected String resource;
+ protected DecisionType decision;
- protected List<ActionType> action = new ArrayList<ActionType>();
- protected EvidenceType evidence;
- protected String resource;
- protected DecisionType decision;
+ /**
+ * Gets the value of the action property.
+ */
+ public List<ActionType> getAction()
+ {
+ return Collections.unmodifiableList( this.action );
+ }
- /**
- * Gets the value of the action property.
- */
- public List<ActionType> getAction()
- {
- return Collections.unmodifiableList( this.action );
- }
-
- public void addAction( ActionType actionType )
- {
- action.add(actionType);
- }
+ public void addAction( ActionType actionType )
+ {
+ action.add(actionType);
+ }
- /**
- * Gets the value of the evidence property.
- *
- * @return
- * possible object is
- * {@link EvidenceType }
- *
- */
- public EvidenceType getEvidence() {
- return evidence;
- }
+ /**
+ * Gets the value of the evidence property.
+ *
+ * @return
+ * possible object is
+ * {@link EvidenceType }
+ *
+ */
+ public EvidenceType getEvidence() {
+ return evidence;
+ }
- /**
- * Sets the value of the evidence property.
- *
- * @param value
- * allowed object is
- * {@link EvidenceType }
- *
- */
- public void setEvidence(EvidenceType value) {
- this.evidence = value;
- }
+ /**
+ * Sets the value of the evidence property.
+ *
+ * @param value
+ * allowed object is
+ * {@link EvidenceType }
+ *
+ */
+ public void setEvidence(EvidenceType value) {
+ this.evidence = value;
+ }
- /**
- * Gets the value of the resource property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
- public String getResource() {
- return resource;
- }
+ /**
+ * Gets the value of the resource property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getResource() {
+ return resource;
+ }
- /**
- * Sets the value of the resource property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setResource(String value) {
- this.resource = value;
- }
+ /**
+ * Sets the value of the resource property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setResource(String value) {
+ this.resource = value;
+ }
- /**
- * Gets the value of the decision property.
- *
- * @return
- * possible object is
- * {@link DecisionType }
- *
- */
- public DecisionType getDecision() {
- return decision;
- }
+ /**
+ * Gets the value of the decision property.
+ *
+ * @return
+ * possible object is
+ * {@link DecisionType }
+ *
+ */
+ public DecisionType getDecision() {
+ return decision;
+ }
- /**
- * Sets the value of the decision property.
- *
- * @param value
- * allowed object is
- * {@link DecisionType }
- *
- */
- public void setDecision(DecisionType value) {
- this.decision = value;
- }
+ /**
+ * Sets the value of the decision property.
+ *
+ * @param value
+ * allowed object is
+ * {@link DecisionType }
+ *
+ */
+ public void setDecision(DecisionType value) {
+ this.decision = value;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/BaseIDAbstractType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/BaseIDAbstractType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/BaseIDAbstractType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.assertion;
+import java.io.Serializable;
+
/**
* Abstract Type that represents an ID
<pre>
@@ -36,8 +38,9 @@
* @author Anil.Saldhana at redhat.com
* @since Nov 24, 2010
*/
-public abstract class BaseIDAbstractType
-{
+public abstract class BaseIDAbstractType implements Serializable
+{
+ private static final long serialVersionUID = 1L;
private String nameQualifier;
private String sPNameQualifier;
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/ConditionsType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/ConditionsType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/ConditionsType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.assertion;
+import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -52,70 +53,71 @@
*
*
*/
-public class ConditionsType
-{
- protected List<ConditionAbstractType> conditions = new ArrayList<ConditionAbstractType>();
- protected XMLGregorianCalendar notBefore;
- protected XMLGregorianCalendar notOnOrAfter;
+public class ConditionsType implements Serializable
+{
+ private static final long serialVersionUID = 1L;
+ protected List<ConditionAbstractType> conditions = new ArrayList<ConditionAbstractType>();
+ protected XMLGregorianCalendar notBefore;
+ protected XMLGregorianCalendar notOnOrAfter;
- public void addCondition( ConditionAbstractType condition )
- {
- this.conditions.add( condition );
- }
-
- /**
- * Gets an read only conditions list.
- */
- public List<ConditionAbstractType> getConditions()
- {
- return Collections.unmodifiableList( this.conditions );
- }
+ public void addCondition( ConditionAbstractType condition )
+ {
+ this.conditions.add( condition );
+ }
- /**
- * Gets the value of the notBefore property.
- *
- * @return
- * possible object is
- * {@link XMLGregorianCalendar }
- *
- */
- public XMLGregorianCalendar getNotBefore() {
- return notBefore;
- }
+ /**
+ * Gets an read only conditions list.
+ */
+ public List<ConditionAbstractType> getConditions()
+ {
+ return Collections.unmodifiableList( this.conditions );
+ }
- /**
- * Sets the value of the notBefore property.
- *
- * @param value
- * allowed object is
- * {@link XMLGregorianCalendar }
- *
- */
- public void setNotBefore(XMLGregorianCalendar value) {
- this.notBefore = value;
- }
+ /**
+ * Gets the value of the notBefore property.
+ *
+ * @return
+ * possible object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public XMLGregorianCalendar getNotBefore() {
+ return notBefore;
+ }
- /**
- * Gets the value of the notOnOrAfter property.
- *
- * @return
- * possible object is
- * {@link XMLGregorianCalendar }
- *
- */
- public XMLGregorianCalendar getNotOnOrAfter() {
- return notOnOrAfter;
- }
+ /**
+ * Sets the value of the notBefore property.
+ *
+ * @param value
+ * allowed object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public void setNotBefore(XMLGregorianCalendar value) {
+ this.notBefore = value;
+ }
- /**
- * Sets the value of the notOnOrAfter property.
- *
- * @param value
- * allowed object is
- * {@link XMLGregorianCalendar }
- *
- */
- public void setNotOnOrAfter(XMLGregorianCalendar value) {
- this.notOnOrAfter = value;
- }
+ /**
+ * Gets the value of the notOnOrAfter property.
+ *
+ * @return
+ * possible object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public XMLGregorianCalendar getNotOnOrAfter() {
+ return notOnOrAfter;
+ }
+
+ /**
+ * Sets the value of the notOnOrAfter property.
+ *
+ * @param value
+ * allowed object is
+ * {@link XMLGregorianCalendar }
+ *
+ */
+ public void setNotOnOrAfter(XMLGregorianCalendar value) {
+ this.notOnOrAfter = value;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/NameIDType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/NameIDType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/NameIDType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -40,17 +40,18 @@
</extension>
</simpleContent>
</complexType>
-
+
<attributeGroup name="IDNameQualifiers">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
</attributeGroup>
*/
-
+
+ private static final long serialVersionUID = 1L;
private String value;
private URI format;
private String sPProvidedID;
-
+
public String getValue()
{
return value;
@@ -59,7 +60,7 @@
{
this.value = value;
}
-
+
public String getsPProvidedID()
{
return sPProvidedID;
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/StatementAbstractType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/StatementAbstractType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/StatementAbstractType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -21,6 +21,8 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.assertion;
+
+import java.io.Serializable;
@@ -40,6 +42,7 @@
*
*
*/
-public abstract class StatementAbstractType
-{
+public abstract class StatementAbstractType implements Serializable
+{
+ private static final long serialVersionUID = 1L;
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectConfirmationType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectConfirmationType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectConfirmationType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -22,8 +22,10 @@
package org.picketlink.identity.federation.newmodel.saml.v2.assertion;
+import java.io.Serializable;
+
/**
* <p>Java class for SubjectConfirmationType complex type.
*
@@ -49,9 +51,9 @@
*
*
*/
-public class SubjectConfirmationType
-{
-
+public class SubjectConfirmationType implements Serializable
+{
+ private static final long serialVersionUID = 1L;
protected BaseIDAbstractType baseID;
protected NameIDType nameID;
protected EncryptedElementType encryptedID;
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/assertion/SubjectType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.newmodel.saml.v2.assertion;
+import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -54,8 +55,10 @@
*
*
*/
-public class SubjectType
-{
+public class SubjectType implements Serializable
+{
+ private static final long serialVersionUID = 1L;
+
protected List<SubjectConfirmationType> subjectConfirmation = new ArrayList<SubjectConfirmationType>();
protected STSubType subType;
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLAuthzDecisionStatementType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -20,7 +20,7 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion;
-
+
import org.jboss.security.xacml.core.model.context.RequestType;
import org.jboss.security.xacml.core.model.context.ResponseType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
@@ -47,57 +47,58 @@
*
*/
public class XACMLAuthzDecisionStatementType
- extends StatementAbstractType
+extends StatementAbstractType
{
- public static final String XSI_TYPE = "xacml-samlp:XACMLAuthzDecisionStatementType";
- protected ResponseType response;
- protected RequestType request;
+ private static final long serialVersionUID = 1L;
+ public static final String XSI_TYPE = "xacml-samlp:XACMLAuthzDecisionStatementType";
+ protected ResponseType response;
+ protected RequestType request;
- /**
- * Gets the value of the response property.
- *
- * @return
- * possible object is
- * {@link ResponseType }
- *
- */
- public ResponseType getResponse() {
- return response;
- }
+ /**
+ * Gets the value of the response property.
+ *
+ * @return
+ * possible object is
+ * {@link ResponseType }
+ *
+ */
+ public ResponseType getResponse() {
+ return response;
+ }
- /**
- * Sets the value of the response property.
- *
- * @param value
- * allowed object is
- * {@link ResponseType }
- *
- */
- public void setResponse(ResponseType value) {
- this.response = value;
- }
+ /**
+ * Sets the value of the response property.
+ *
+ * @param value
+ * allowed object is
+ * {@link ResponseType }
+ *
+ */
+ public void setResponse(ResponseType value) {
+ this.response = value;
+ }
- /**
- * Gets the value of the request property.
- *
- * @return
- * possible object is
- * {@link RequestType }
- *
- */
- public RequestType getRequest() {
- return request;
- }
+ /**
+ * Gets the value of the request property.
+ *
+ * @return
+ * possible object is
+ * {@link RequestType }
+ *
+ */
+ public RequestType getRequest() {
+ return request;
+ }
- /**
- * Sets the value of the request property.
- *
- * @param value
- * allowed object is
- * {@link RequestType }
- *
- */
- public void setRequest(RequestType value) {
- this.request = value;
- }
+ /**
+ * Sets the value of the request property.
+ *
+ * @param value
+ * allowed object is
+ * {@link RequestType }
+ *
+ */
+ public void setRequest(RequestType value) {
+ this.request = value;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLPolicyStatementType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLPolicyStatementType.java 2011-01-03 21:12:33 UTC (rev 625)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/newmodel/saml/v2/profiles/xacml/assertion/XACMLPolicyStatementType.java 2011-01-04 17:14:44 UTC (rev 626)
@@ -49,12 +49,14 @@
*
*/
public class XACMLPolicyStatementType
- extends StatementAbstractType
+extends StatementAbstractType
{
- public static class ChoiceType
- {
- private PolicyType policy;
- private PolicySetType policySet;
+ private static final long serialVersionUID = 1L;
+
+ public static class ChoiceType
+ {
+ private PolicyType policy;
+ private PolicySetType policySet;
public PolicyType getPolicy()
{
return policy;
@@ -71,21 +73,21 @@
{
this.policySet = policySet;
}
- }
+ }
- protected List<ChoiceType> choiceTypeList = new ArrayList<ChoiceType>();
+ protected List<ChoiceType> choiceTypeList = new ArrayList<ChoiceType>();
- public void add(ChoiceType choice )
- {
- choiceTypeList.add(choice);
- }
-
- /**
- * Gets the value of the choiceTypeList property.
- */
- public List<ChoiceType> getChoiceType()
- {
- return choiceTypeList;
- }
+ public void add(ChoiceType choice )
+ {
+ choiceTypeList.add(choice);
+ }
+ /**
+ * Gets the value of the choiceTypeList property.
+ */
+ public List<ChoiceType> getChoiceType()
+ {
+ return choiceTypeList;
+ }
+
}
\ No newline at end of file
More information about the picketlink-commits
mailing list