[picketlink-commits] Picketlink SVN: r983 - in federation/trunk/picketlink-bindings-jboss/src: test/java/org/picketlink/test/identity/federation/bindings/jboss/auth and 1 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Tue Jun 7 21:28:15 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-06-07 21:28:14 -0400 (Tue, 07 Jun 2011)
New Revision: 983
Added:
federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java
federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties
Modified:
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java
Log:
fix role parsing into subject
Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-06-08 01:27:04 UTC (rev 982)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-06-08 01:28:14 UTC (rev 983)
@@ -26,12 +26,11 @@
import java.security.PublicKey;
import java.security.acl.Group;
import java.security.cert.Certificate;
+import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
-import java.util.Set;
import javax.naming.Context;
import javax.naming.InitialContext;
@@ -46,6 +45,7 @@
import org.apache.log4j.Logger;
import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.jboss.security.plugins.JaasSecurityDomain;
@@ -63,12 +63,8 @@
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
-import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import org.w3c.dom.Element;
@@ -419,56 +415,18 @@
}
}
- // check the assertion statements and look for role attributes.
- AttributeStatementType attributeStatement = this.getAttributeStatement(this.assertion);
- if (attributeStatement != null)
- {
- Set<Principal> roles = new HashSet<Principal>();
- List<ASTChoiceType> attributeList = attributeStatement.getAttributes();
- for (ASTChoiceType obj : attributeList)
- {
- AttributeType attribute = obj.getAttribute();
- if (attribute != null)
- {
- // if this is a role attribute, get its values and add them to the role set.
- if (attribute.getName().equals("role"))
- {
- for (Object value : attribute.getAttributeValue())
- roles.add(new PicketLinkPrincipal((String) value));
- }
- }
- }
- Group rolesGroup = new PicketLinkGroup(groupName);
- for (Principal role : roles)
- rolesGroup.addMember(role);
- return new Group[]
- {rolesGroup};
- }
- return new Group[0];
- }
+ List<String> roleKeys = new ArrayList<String>();
+ roleKeys.add("Role");
- /**
- * <p>
- * Checks if the specified SAML assertion contains a {@code AttributeStatementType} and returns this type when it
- * is available.
- * </p>
- *
- * @param assertion a reference to the {@code AssertionType} that may contain an {@code AttributeStatementType}.
- * @return the assertion's {@code AttributeStatementType}, or {@code null} if no such type can be found in the SAML
- * assertion.
- */
- private AttributeStatementType getAttributeStatement(AssertionType assertion)
- {
- Set<StatementAbstractType> statementList = assertion.getStatements();
- if (statementList.size() != 0)
+ Group rolesGroup = new PicketLinkGroup(groupName);
+ List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
+ for (String role : roles)
{
- for (StatementAbstractType statement : statementList)
- {
- if (statement instanceof AttributeStatementType)
- return (AttributeStatementType) statement;
- }
+ rolesGroup.addMember(new SimplePrincipal(role));
}
- return null;
+
+ return new Group[]
+ {rolesGroup};
}
/**
@@ -532,6 +490,10 @@
protected boolean localValidation(Element assertionElement) throws Exception
{
+ if (StringUtil.isNotNull(SecurityActions.getSystemProperty("PL_TEST"))) //Local testing
+ {
+ return true;
+ }
try
{
Context ctx = new InitialContext();
Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2011-06-08 01:27:04 UTC (rev 982)
+++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2011-06-08 01:28:14 UTC (rev 983)
@@ -22,6 +22,7 @@
package org.picketlink.identity.federation.bindings.jboss.auth;
import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -35,7 +36,7 @@
* @version $Revision: 1 $
*/
class SecurityActions
-{
+{
static SecurityContext createSecurityContext() throws PrivilegedActionException
{
return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
@@ -46,4 +47,15 @@
}
});
}
+
+ static String getSystemProperty(final String key)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key);
+ }
+ });
+ }
}
\ No newline at end of file
Added: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java (rev 0)
+++ federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java 2011-06-08 01:28:14 UTC (rev 983)
@@ -0,0 +1,134 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.bindings.jboss.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.ObjectCallback;
+import org.junit.Before;
+import org.junit.Test;
+import org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+
+/**
+ * Unit Test the {@code SAML2STSLoginModule}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 7, 2011
+ */
+public class SAML2STSLoginModuleUnitTestCase
+{
+ @Before
+ public void setup()
+ {
+ System.setProperty("PL_TEST", "true");
+ System.setProperty("java.security.debug", "true");
+
+ Configuration.setConfiguration(new Configuration()
+ {
+ @SuppressWarnings(
+ {"rawtypes", "unchecked"})
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name)
+ {
+ final Map options = new HashMap();
+ options.put("configFile", "sts-client.properties");
+ options.put("localValidation", "true");
+ options.put("localValidationSecurityDomain", "someSD");
+
+ AppConfigurationEntry a2 = new AppConfigurationEntry(SAML2STSLoginModule.class.getName(),
+ LoginModuleControlFlag.REQUIRED, options);
+ return new AppConfigurationEntry[]
+ {a2};
+ }
+ });
+ }
+
+ public class MyCBH implements CallbackHandler
+ {
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), new NameIDType());
+
+ assertion.setSubject(AssertionUtil.createAssertionSubject("anil"));
+
+ List<String> roles = new ArrayList<String>();
+ roles.add("test1");
+ roles.add("test2");
+ assertion.addStatement(StatementUtil.createAttributeStatement(roles));
+ try
+ {
+ SamlCredential cred = new SamlCredential(AssertionUtil.asString(assertion));
+ ObjectCallback obj = (ObjectCallback) callbacks[0];
+ obj.setCredential(cred);
+ }
+ catch (ProcessingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ @Test
+ public void testAuth() throws Exception
+ {
+ Subject subject = new Subject();
+
+ LoginContext lc = new LoginContext("something", subject, new MyCBH());
+ lc.login();
+
+ Set<Group> groups = subject.getPrincipals(Group.class);
+ assertNotNull(groups);
+ assertEquals(1, groups.size());
+ Group gp = groups.iterator().next();
+ assertTrue(gp.isMember(new SimplePrincipal("test1")));
+ assertTrue(gp.isMember(new SimplePrincipal("test2")));
+ }
+
+}
\ No newline at end of file
Added: federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties
===================================================================
--- federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties (rev 0)
+++ federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties 2011-06-08 01:28:14 UTC (rev 983)
@@ -0,0 +1,5 @@
+serviceName=PicketLinkSTS
+portName=PicketLinkSTSPort
+endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS
+username=admin
+password=admin
Property changes on: federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties
___________________________________________________________________
Added: svn:executable
+ *
More information about the picketlink-commits
mailing list