[picketlink-commits] Picketlink SVN: r640 - in federation/trunk: picketlink-fed-core and 7 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Thu Jan 20 14:13:25 EST 2011
Author: anil.saldhana at jboss.com
Date: 2011-01-20 14:13:23 -0500 (Thu, 20 Jan 2011)
New Revision: 640
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java
Removed:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java
Modified:
federation/trunk/picketlink-fed-core/pom.xml
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
Log:
OpenID provider now works off the common STS
Deleted: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -1,47 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.api.openid.provider;
-
-import java.util.Map;
-
-import org.openid4java.message.ParameterList;
-
-/**
- * Parameter List passed in the messages
- * @author Anil.Saldhana at redhat.com
- * @since Jul 15, 2009
- */
-public class OpenIDParameterList extends ParameterList
-{
- private static final long serialVersionUID = 1L;
-
- public OpenIDParameterList()
- {
- super();
- }
-
- @SuppressWarnings({ "rawtypes"})
- public OpenIDParameterList(Map parameterMap)
- {
- super(parameterMap);
- }
-}
Deleted: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -1,142 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.api.openid.provider;
-
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.DirectError;
-import org.openid4java.message.Message;
-import org.openid4java.message.ParameterList;
-import org.openid4java.server.InMemoryServerAssociationStore;
-import org.openid4java.server.ServerManager;
-
-/**
- * Manages a OpenID Provider
- * @author Anil.Saldhana at redhat.com
- * @since Jul 15, 2009
- */
-public class OpenIDProviderManager
-{
- private ServerManager serverManager = new ServerManager();
-
- /**
- * Initialize internal data structures
- */
- public void initialize()
- {
- serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
- serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
- }
-
- /**
- * Get the end point where the provider is active
- * @return string an url
- */
- public String getEndPoint()
- {
- return serverManager.getOPEndpointUrl();
- }
-
- /**
- * Set the end point where the provider is active
- * @param url
- */
- public void setEndPoint(String url)
- {
- serverManager.setOPEndpointUrl(url);
- }
-
- /**
- * Process a request from the RP/Relying Party (or OpenID Consumer)
- * for authenticating an user
- * @param requestParams
- * @param userSelId
- * @param userSelClaimed
- * @param authenticatedAndApproved
- * @return
- */
- public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
- String userSelId,
- String userSelClaimed,
- boolean authenticatedAndApproved)
- {
- Message authMessage = serverManager.authResponse(requestParams,
- userSelId, userSelClaimed, authenticatedAndApproved);
-
- return new OpenIDMessage(authMessage);
- }
-
- /**
- * Process a request for association from the RP
- * @param requestParams
- * @return
- */
- public OpenIDMessage processAssociationRequest(ParameterList requestParams)
- {
- return new OpenIDMessage(serverManager.associationResponse(requestParams));
- }
-
- /**
- * Process a verification request from RP for an already
- * authenticated user
- * @param requestParams
- * @return
- */
- public OpenIDMessage verify(ParameterList requestParams)
- {
- return new OpenIDMessage(serverManager.verify(requestParams));
- }
-
- /**
- * Create an error message that needs to be passed to the RP
- * @param msg
- * @return
- */
- public OpenIDMessage getDirectError(String msg)
- {
- return new OpenIDMessage(DirectError.createDirectError(msg));
- }
-
- public static class OpenIDMessage
- {
- private Message message;
-
- OpenIDMessage(Message message)
- {
- this.message = message;
- }
-
- public boolean isSuccessful()
- {
- return message instanceof AuthSuccess;
- }
-
- public String getDestinationURL(boolean httpget)
- {
- return ((AuthSuccess) message).getDestinationUrl(httpget);
- }
-
- public String getResponseText()
- {
- return message.keyValueFormEncoding();
- }
- }
-}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/pom.xml
===================================================================
--- federation/trunk/picketlink-fed-core/pom.xml 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/pom.xml 2011-01-20 19:13:23 UTC (rev 640)
@@ -129,7 +129,16 @@
<version>2.7.1.patch01-brew</version>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.openid4java</groupId>
+ <artifactId>openid4java</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<reporting>
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,195 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDTokenRegistryStore;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider
+{
+ public final static String OPENID_1_0_NS = "urn:openid:1:0";
+ public final static String OPENID_1_1_NS = "urn:openid:1:1";
+ public final static String OPENID_2_0_NS = "urn:openid:2:0";
+
+ protected static OpenIDProviderManager serverManager = null; //Will be initialized the first time of access
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
+ public boolean supports(String namespace)
+ {
+ return OPENID_1_0_NS.equals( namespace );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return OPENID_1_0_NS;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName()
+ */
+ public QName getSupportedQName()
+ {
+ return new QName( OPENID_1_0_NS );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family()
+ */
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void issueToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+
+ OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+ if( serverManager.getEndPoint() == null )
+ {
+ serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+ }
+
+ OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+ OpenIDMessage responsem = null;
+
+ if( openIDProtoCtx.getIssueError() )
+ {
+ String errorText = openIDProtoCtx.getErrorText() == null ? "Unknown request" : openIDProtoCtx.getErrorText();
+
+ responsem = serverManager.getDirectError( errorText );
+ }
+ else
+ {
+ MODE mode = openIDProtoCtx.getMode();
+ switch (mode )
+ {
+ case ASSOCIATE :
+ responsem = serverManager.processAssociationRequest( requestp );
+ break;
+
+ case CHECK_AUTHENTICATION:
+ validateToken(openIDProtoCtx);
+ return;
+
+ case CHECK_ID_SETUP:
+ case CHECK_ID_IMMEDIATE:
+ AUTH_HOLDER authHolder = openIDProtoCtx.getAuthenticationHolder();
+ if( authHolder == null )
+ throw new ProcessingException( "Authentication Holder is null" );
+
+ responsem = serverManager.processAuthenticationRequest(requestp,
+ authHolder.getUserSelectedId(),
+ authHolder.getUserSelectedClaimedId(),
+ authHolder.isAuthenticatedAndApproved() );
+ break;
+ default:
+ throw new ProcessingException("Unknown mode");
+ }
+ }
+ openIDProtoCtx.setResponseMessage( responsem );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void renewToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+ }
+
+ /*
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void cancelToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+ */
+ public void validateToken(ProtocolContext context) throws ProcessingException
+ {
+ if( context instanceof OpenIDProtocolContext == false )
+ return;
+
+ check();
+
+ OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+ if( serverManager.getEndPoint() == null )
+ {
+ serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+ }
+
+ OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+ OpenIDMessage responsem = serverManager.verify( requestp );
+ openIDProtoCtx.setResponseMessage( responsem );
+ }
+
+ protected void check()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission( PicketLinkCoreSTS.rte );
+
+ if( serverManager == null )
+ {
+
+ serverManager = new OpenIDProviderManager();
+ serverManager.initialize( new OpenIDTokenRegistryStore(), new OpenIDTokenRegistryStore());
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers;
+
+import javax.xml.namespace.QName;
+
+/**
+ * A {@code SecurityTokenProvider} implementation for Open ID v2
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDVersion2TokenProvider extends OpenIDTokenProvider
+{
+ @Override
+ public boolean supports(String namespace)
+ {
+ return OPENID_2_0_NS.equals( namespace );
+ }
+
+ @Override
+ public String tokenType()
+ {
+ return OPENID_2_0_NS;
+ }
+
+ @Override
+ public QName getSupportedQName()
+ {
+ return new QName( OPENID_2_0_NS );
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import java.util.Map;
+
+import org.openid4java.message.ParameterList;
+
+/**
+ * Parameter List passed in the messages
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDParameterList extends ParameterList
+{
+ private static final long serialVersionUID = 1L;
+
+ public OpenIDParameterList()
+ {
+ super();
+ }
+
+ @SuppressWarnings({ "rawtypes"})
+ public OpenIDParameterList(Map parameterMap)
+ {
+ super(parameterMap);
+ }
+}
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,273 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+
+/**
+ * {@code ProtocolContext} for the OpenID Layer
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDProtocolContext implements ProtocolContext
+{
+ /**
+ * The response message generated by the STS
+ */
+ protected OpenIDMessage responseMessage;
+
+ /**
+ * The list of request parameters for use by the STS
+ */
+ protected OpenIDParameterList requestParameterList;
+
+ /**
+ * The Server Manager needs an endpoint
+ */
+ protected String endpoint;
+
+ /**
+ * Should the STS issue an error?
+ */
+ protected Boolean issueError = Boolean.FALSE;
+
+ /**
+ * What is the text the STS should use for the error?
+ */
+ protected String errorText = null;
+
+ /**
+ * The OpenID mode
+ */
+ protected MODE mode;
+
+ /**
+ * STS uses the AUTH_HOLDER information for processing authentication requests
+ */
+ protected AUTH_HOLDER authenticationHolder;
+
+ /**
+ * An Enum indicating the OpenID mode
+ */
+ public enum MODE { ASSOCIATE, CHECK_ID_SETUP, CHECK_ID_IMMEDIATE, CHECK_AUTHENTICATION };
+
+ /**
+ * Class to hold the information for authentication requests
+ */
+ public static class AUTH_HOLDER
+ {
+ private String userSelectedId, userSelectedClaimedId;
+ private boolean authenticatedAndApproved;
+
+ public AUTH_HOLDER(String userSelectedId, String userSelectedClaimedId, boolean authenticatedAndApproved)
+ {
+ this.userSelectedId = userSelectedId;
+ this.userSelectedClaimedId = userSelectedClaimedId;
+ this.authenticatedAndApproved = authenticatedAndApproved;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "AUTH_HOLDER [userSelectedId=" + userSelectedId + ", userSelectedClaimedId=" + userSelectedClaimedId
+ + ", authenticatedAndApproved=" + authenticatedAndApproved + "]";
+ }
+
+ public String getUserSelectedId()
+ {
+ return userSelectedId;
+ }
+
+ public String getUserSelectedClaimedId()
+ {
+ return userSelectedClaimedId;
+ }
+
+ public boolean isAuthenticatedAndApproved()
+ {
+ return authenticatedAndApproved;
+ }
+ }
+
+ /**
+ * Get the holder of authentication information
+ * @return
+ */
+ public AUTH_HOLDER getAuthenticationHolder()
+ {
+ return authenticationHolder;
+ }
+
+ /**
+ * Set an authentication holder
+ * @param authenticationHolder
+ */
+ public void setAuthenticationHolder(AUTH_HOLDER authenticationHolder)
+ {
+ this.authenticationHolder = authenticationHolder;
+ }
+
+ /**
+ * Get the Open ID mode
+ * @return
+ */
+ public MODE getMode()
+ {
+ return this.mode;
+ }
+
+ /**
+ * Set the OpenID mode
+ * @param theMode
+ */
+ public void setMode( MODE theMode )
+ {
+ this.mode = theMode;
+ }
+
+ /**
+ * Get the error text (Null by default)
+ * @return
+ */
+ public String getErrorText()
+ {
+ return errorText;
+ }
+
+ /**
+ * Set the error text
+ * @param errorText
+ */
+ public void setErrorText(String errorText)
+ {
+ this.errorText = errorText;
+ }
+
+ /**
+ * Should the STS issue an error response token
+ * @return
+ */
+ public Boolean getIssueError()
+ {
+ return issueError;
+ }
+
+ /**
+ * Set the error response token for the STS
+ * @param issueError
+ */
+ public void setIssueError(Boolean issueError)
+ {
+ this.issueError = issueError;
+ }
+
+ /**
+ * Get the endpoint address
+ * @return
+ */
+ public String getEndpoint()
+ {
+ return endpoint;
+ }
+
+ /**
+ * Set the endpoint address
+ * @param endpoint
+ */
+ public void setEndpoint(String endpoint)
+ {
+ this.endpoint = endpoint;
+ }
+
+ /**
+ * Get the request parameter list
+ * @return an instanceof {@code OpenIDParameterList}
+ */
+ public OpenIDParameterList getRequestParameterList()
+ {
+ return requestParameterList;
+ }
+
+ /**
+ * Set the request parameter list
+ * @param requestParameterList an instanceof {@code OpenIDParameterList}
+ */
+ public void setRequestParameterList(OpenIDParameterList requestParameterList)
+ {
+ this.requestParameterList = requestParameterList;
+ }
+
+ /**
+ * Get the {@code OpenIDMessage} response message that the STS has generated
+ * @return
+ */
+ public OpenIDMessage getResponseMessage()
+ {
+ return responseMessage;
+ }
+
+ /**
+ * Set the {@code OpenIDMessage} response message
+ * @param responseMessage
+ */
+ public void setResponseMessage(OpenIDMessage responseMessage)
+ {
+ this.responseMessage = responseMessage;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#serviceName()
+ */
+ public String serviceName()
+ {
+ return null;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#tokenType()
+ */
+ public String tokenType()
+ {
+ return OpenIDTokenProvider.OPENID_1_0_NS;
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#getQName()
+ */
+ public QName getQName()
+ {
+ return new QName( OpenIDTokenProvider.OPENID_1_0_NS );
+ }
+
+ /**
+ * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#family()
+ */
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,168 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.DirectError;
+import org.openid4java.message.Message;
+import org.openid4java.message.ParameterList;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.openid4java.server.ServerManager;
+
+/**
+ * Manages a OpenID Provider
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDProviderManager
+{
+ /**
+ * Internal server manager for processing
+ */
+ private ServerManager serverManager = new ServerManager();
+
+ /**
+ * Initialize internal data structures
+ */
+ public void initialize()
+ {
+ serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
+ serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
+ }
+
+ /**
+ * Initialize the Shared Association and Private Association stores
+ * @param sharedAssociationStore a set of 2 association stores {@code ServerAssociationStore}
+ * @throws {@code IllegalArgumentException} if the number of stores is not 2
+ */
+ public void initialize( ServerAssociationStore... sharedAssociationStore )
+ {
+ if( sharedAssociationStore == null || sharedAssociationStore.length == 0 )
+ {
+ initialize();
+ return;
+ }
+
+ if( sharedAssociationStore.length != 2 )
+ throw new IllegalArgumentException( "Number of association stores not equal to 2" );
+ serverManager.setSharedAssociations( sharedAssociationStore[0] );
+ serverManager.setPrivateAssociations( sharedAssociationStore[1] );
+ }
+
+ /**
+ * Get the end point where the provider is active
+ * @return string an url
+ */
+ public String getEndPoint()
+ {
+ return serverManager.getOPEndpointUrl();
+ }
+
+ /**
+ * Set the end point where the provider is active
+ * @param url
+ */
+ public void setEndPoint(String url)
+ {
+ serverManager.setOPEndpointUrl(url);
+ }
+
+ /**
+ * Process a request from the RP/Relying Party (or OpenID Consumer)
+ * for authenticating an user
+ * @param requestParams
+ * @param userSelId
+ * @param userSelClaimed
+ * @param authenticatedAndApproved
+ * @return
+ */
+ public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
+ String userSelId,
+ String userSelClaimed,
+ boolean authenticatedAndApproved)
+ {
+ Message authMessage = serverManager.authResponse(requestParams,
+ userSelId, userSelClaimed, authenticatedAndApproved);
+
+ return new OpenIDMessage(authMessage);
+ }
+
+ /**
+ * Process a request for association from the RP
+ * @param requestParams
+ * @return
+ */
+ public OpenIDMessage processAssociationRequest(ParameterList requestParams)
+ {
+ return new OpenIDMessage(serverManager.associationResponse(requestParams));
+ }
+
+ /**
+ * Process a verification request from RP for an already
+ * authenticated user
+ * @param requestParams
+ * @return
+ */
+ public OpenIDMessage verify(ParameterList requestParams)
+ {
+ return new OpenIDMessage(serverManager.verify(requestParams));
+ }
+
+ /**
+ * Create an error message that needs to be passed to the RP
+ * @param msg
+ * @return
+ */
+ public OpenIDMessage getDirectError(String msg)
+ {
+ return new OpenIDMessage(DirectError.createDirectError(msg));
+ }
+
+ /**
+ * Class to hold the open id message
+ */
+ public static class OpenIDMessage
+ {
+ private Message message;
+
+ OpenIDMessage(Message message)
+ {
+ this.message = message;
+ }
+
+ public boolean isSuccessful()
+ {
+ return message instanceof AuthSuccess;
+ }
+
+ public String getDestinationURL(boolean httpget)
+ {
+ return ((AuthSuccess) message).getDestinationUrl(httpget);
+ }
+
+ public String getResponseText()
+ {
+ return message.keyValueFormEncoding();
+ }
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import java.io.IOException;
+
+import org.openid4java.association.Association;
+import org.openid4java.association.AssociationException;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry;
+import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry;
+
+/**
+ * A {@code SecurityTokenRegistry} for OpenID that uses in memory registry
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenRegistryStore extends DefaultTokenRegistry implements ServerAssociationStore, SecurityTokenRegistry
+{
+ protected InMemoryServerAssociationStore store = new InMemoryServerAssociationStore();
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#generate(java.lang.String, int)
+ */
+ public Association generate(String type, int expiryIn) throws AssociationException
+ {
+ Association association = store.generate(type, expiryIn);
+ try
+ {
+ addToken( association.getHandle(), association );
+ }
+ catch (IOException e)
+ {
+ throw new AssociationException( e );
+ }
+ return association;
+ }
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#load(java.lang.String)
+ */
+ public Association load(String handle)
+ {
+ return (Association) getToken( handle );
+ }
+
+ /**
+ * @see org.openid4java.server.ServerAssociationStore#remove(java.lang.String)
+ */
+ public void remove(String handle)
+ {
+ try
+ {
+ removeToken( handle );
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException( e );
+ }
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -39,7 +39,7 @@
/**
* @see org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#addToken(java.lang.String, java.lang.Object)
*/
- public void addToken(String tokenID, Object token)
+ public void addToken(String tokenID, Object token) throws IOException
{
SecurityManager sm = System.getSecurityManager();
if( sm != null )
Modified: federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml 2011-01-20 19:13:23 UTC (rev 640)
@@ -5,5 +5,8 @@
TokenType="urn:oasis:names:tc:SAML:2.0:assertion"
TokenElement="Assertion"
TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
+ <TokenProvider ProviderClass="org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider"
+ TokenType="urn:openid:1:0"
+ TokenElementNS="urn:openid:1:0"/>
</TokenProviders>
</PicketLinkSTS>
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java 2011-01-20 19:13:23 UTC (rev 640)
@@ -32,9 +32,13 @@
import javax.servlet.http.HttpSession;
import org.openid4java.message.Parameter;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDParameterList;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
/**
* Servlet that provides the Provider functionality
@@ -47,10 +51,9 @@
private static final long serialVersionUID = 1L;
private transient ServletContext servletContext = null;
private String securePageName = "securepage.jsp";
+
+ private transient PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
- private transient OpenIDProviderManager serverManager = new OpenIDProviderManager();
- //private ServerManager serverManager = new ServerManager();
-
@Override
public void init(ServletConfig config) throws ServletException
{
@@ -60,7 +63,7 @@
if(secpageStr != null && secpageStr.length() > 0)
securePageName = secpageStr;
- serverManager.initialize();
+ sts.installDefaultConfiguration( ( String[] )null );
}
@Override
@@ -72,17 +75,16 @@
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
- HttpSession session = request.getSession();
+ HttpSession session = request.getSession();
+
+ OpenIDProtocolContext protoCtx = new OpenIDProtocolContext();
+
+ protoCtx.setEndpoint(request.getScheme() + "://" +
+ request.getServerName() + ":" +
+ request.getServerPort() +
+ request.getContextPath() +
+ "/provider/");
- if(serverManager.getEndPoint() == null)
- {
- serverManager.setEndPoint(request.getScheme() + "://" +
- request.getServerName() + ":" +
- request.getServerPort() +
- request.getContextPath() +
- "/provider/");
- }
-
OpenIDParameterList requestp;
if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here
@@ -103,6 +105,9 @@
}
}
+ protoCtx.setRequestParameterList( requestp );
+
+
String mode = requestp.hasParameter("openid.mode") ?
requestp.getParameterValue("openid.mode") : null;
@@ -113,8 +118,20 @@
if ("associate".equals(mode))
{
+ protoCtx.setMode( MODE.ASSOCIATE );
+ try
+ {
+ sts.issueToken( protoCtx );
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+
+ responsem = protoCtx.getResponseMessage();
+
// --- process an association request ---
- responsem = serverManager.processAssociationRequest(requestp);
+ /*responsem = serverManager.processAssociationRequest(requestp);*/
responseText = responsem.getResponseText();
}
else if ("checkid_setup".equals(mode)
@@ -146,15 +163,33 @@
//Fallback
if( authenticatedAndApproved == Boolean.TRUE && userSelectedId == null )
+ {
+ userSelectedId = userSelectedClaimedId;
+ }
+ if( "checkid_setup".equals(mode) )
+ protoCtx.setMode( MODE.CHECK_ID_SETUP );
+ else
+ protoCtx.setMode( MODE.CHECK_ID_IMMEDIATE );
+
+ protoCtx.setAuthenticationHolder( new AUTH_HOLDER(userSelectedId,
+ userSelectedClaimedId, authenticatedAndApproved));
+
+ try
{
- if( request.getUserPrincipal() != null )
- userSelectedId = request.getUserPrincipal().getName();
+ sts.issueToken(protoCtx);
}
- // --- process an authentication request ---
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+
+ /*// --- process an authentication request ---
responsem = serverManager.processAuthenticationRequest(requestp,
userSelectedId,
userSelectedClaimedId,
- authenticatedAndApproved.booleanValue());
+ authenticatedAndApproved.booleanValue());*/
+
+ responsem = protoCtx.getResponseMessage();
// caller will need to decide which of the following to use:
// - GET HTTP-redirect to the return_to URL
@@ -174,18 +209,41 @@
}
else if ("check_authentication".equals(mode))
{
+ try
+ {
+ sts.validateToken( protoCtx );
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+ responsem = protoCtx.getResponseMessage();
+
+
// --- processing a verification request ---
- responsem = serverManager.verify(requestp);
+ //responsem = serverManager.verify(requestp);
responseText = responsem.getResponseText();
}
else
{
+ protoCtx.setIssueError( Boolean.TRUE );
+ protoCtx.setErrorText( "Unknown request" );
+ try
+ {
+ sts.issueToken(protoCtx);
+ }
+ catch (ProcessingException e)
+ {
+ throw new ServletException( e );
+ }
+ responsem = protoCtx.getResponseMessage();
+
// --- error response ---
- responsem = serverManager.getDirectError("Unknown request");
+ //responsem = serverManager.getDirectError("Unknown request");
responseText = responsem.getResponseText();
}
log( "response="+responseText );
response.getWriter().write(responseText);
- }
+ }
}
\ No newline at end of file
More information about the picketlink-commits
mailing list