[picketlink-commits] Picketlink SVN: r1008 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util and 3 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Fri Jun 17 14:30:36 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-06-17 14:30:34 -0400 (Fri, 17 Jun 2011)
New Revision: 1008
Modified:
federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
Log:
soap util
Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2011-06-17 18:29:57 UTC (rev 1007)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/servlets/SOAPSAMLXACMLServletUnitTestCase.java 2011-06-17 18:30:34 UTC (rev 1008)
@@ -33,7 +33,6 @@
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPMessage;
@@ -45,6 +44,7 @@
import org.picketlink.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.picketlink.identity.federation.core.util.SOAPUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -88,7 +88,7 @@
bis = new ByteArrayInputStream(baos.toByteArray());
- SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis);
+ SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(bis);
Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0);
assertTrue(xacmlNode instanceof Element);
Element xacmlElement = (Element) xacmlNode;
@@ -129,7 +129,7 @@
ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
- SOAPMessage soapMessage = SOAPSAMLXACMLUtil.getSOAPMessage(bis);
+ SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(bis);
Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0);
XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.getDecisionStatement(xacmlNode);
@@ -169,8 +169,7 @@
private InputStream getSOAPStream(InputStream dataStream) throws Exception
{
- MessageFactory messageFactory = MessageFactory.newInstance();
- SOAPMessage message = messageFactory.createMessage();
+ SOAPMessage message = SOAPUtil.create();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope envelope = soapPart.getEnvelope();
SOAPBody body = envelope.getBody();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java 2011-06-17 18:29:57 UTC (rev 1007)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/DocumentUtil.java 2011-06-17 18:30:34 UTC (rev 1008)
@@ -268,7 +268,7 @@
return sw.toString();
}
-
+
/**
* <p>Get an element from the document given its {@link QName} </p>
* <p>First an attempt to get the element based on its namespace is made, failing which
@@ -277,16 +277,16 @@
* @param elementQName
* @return
*/
- public static Element getElement( Document doc, QName elementQName )
+ public static Element getElement(Document doc, QName elementQName)
{
- NodeList nl = doc.getElementsByTagNameNS( elementQName.getNamespaceURI(), elementQName.getLocalPart() );
- if( nl.getLength() == 0 )
+ NodeList nl = doc.getElementsByTagNameNS(elementQName.getNamespaceURI(), elementQName.getLocalPart());
+ if (nl.getLength() == 0)
{
- nl = doc.getElementsByTagNameNS( "*", elementQName.getLocalPart() );
- if( nl.getLength() == 0 )
- nl = doc.getElementsByTagName( elementQName.getPrefix() + ":" + elementQName.getLocalPart() );
- if( nl.getLength() == 0 )
- return null;
+ nl = doc.getElementsByTagNameNS("*", elementQName.getLocalPart());
+ if (nl.getLength() == 0)
+ nl = doc.getElementsByTagName(elementQName.getPrefix() + ":" + elementQName.getLocalPart());
+ if (nl.getLength() == 0)
+ return null;
}
return (Element) nl.item(0);
}
@@ -310,7 +310,7 @@
* @throws ConfigurationException
* @throws ProcessingException
*/
- public static InputStream getSourceAsStream(Source source) throws ConfigurationException, ProcessingException
+ public static InputStream getSourceAsStream(Source source) throws ConfigurationException, ProcessingException
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
Result streamResult = new StreamResult(baos);
@@ -327,7 +327,7 @@
return new ByteArrayInputStream(baos.toByteArray());
}
-
+
/**
* Stream a DOM Node as a String
* @param node
@@ -460,6 +460,21 @@
}
}
+ public static Document getDocumentFromSource(Source source) throws ProcessingException, ConfigurationException
+ {
+ try
+ {
+ Transformer transformer = TransformerUtil.getTransformer();
+ DOMResult result = new DOMResult();
+ transformer.transform(source, result);
+ return (Document) result.getNode();
+ }
+ catch (TransformerException te)
+ {
+ throw new ProcessingException(te);
+ }
+ }
+
private static void visit(Node node, int level)
{
// Visit each child
@@ -485,5 +500,5 @@
factory.setNamespaceAware(true);
factory.setXIncludeAware(true);
return factory;
- }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-06-17 18:29:57 UTC (rev 1007)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-06-17 18:30:34 UTC (rev 1008)
@@ -22,17 +22,10 @@
package org.picketlink.identity.federation.core.saml.v2.util;
import java.io.IOException;
-import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
-import javax.xml.soap.MessageFactory;
-import javax.xml.soap.SOAPBody;
-import javax.xml.soap.SOAPEnvelope;
-import javax.xml.soap.SOAPException;
-import javax.xml.soap.SOAPFault;
-import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLEventReader;
import org.jboss.security.xacml.core.JBossRequestContext;
@@ -56,7 +49,7 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
import org.w3c.dom.Node;
@@ -67,7 +60,7 @@
* @since Jan 28, 2009
*/
public class SOAPSAMLXACMLUtil
-{
+{
/**
* Parse the XACML Authorization Decision Query from the Dom Element
* @param samlRequest
@@ -76,16 +69,16 @@
* @throws ConfigurationException
* @throws ParsingException
*/
- public static XACMLAuthzDecisionQueryType getXACMLQueryType( Node samlRequest )
- throws ParsingException, ConfigurationException, ProcessingException
+ public static XACMLAuthzDecisionQueryType getXACMLQueryType(Node samlRequest) throws ParsingException,
+ ConfigurationException, ProcessingException
{
//We reparse it because the document may have issues with namespaces
//String elementString = DocumentUtil.getDOMElementAsString(samlRequest);
-
- XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlRequest ));
+
+ XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlRequest));
SAMLXACMLRequestParser samlXACMLRequestParser = new SAMLXACMLRequestParser();
return (XACMLAuthzDecisionQueryType) samlXACMLRequestParser.parse(xmlEventReader);
-
+
/*Unmarshaller um = JAXBUtil.getUnmarshaller(collectivePackage);
um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
@@ -95,54 +88,37 @@
throw new RuntimeException("Unsupported type:" + xacmlObject);
return (XACMLAuthzDecisionQueryType)xacmlObject; */
}
-
- public static XACMLAuthzDecisionStatementType getDecisionStatement( Node samlResponse ) throws ConfigurationException, ProcessingException, ParsingException
+
+ public static XACMLAuthzDecisionStatementType getDecisionStatement(Node samlResponse) throws ConfigurationException,
+ ProcessingException, ParsingException
{
- XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( DocumentUtil.getNodeAsStream( samlResponse ));
+ XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlResponse));
SAMLParser samlParser = new SAMLParser();
- org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType response =
- (org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType) samlParser.parse( xmlEventReader );
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType response = (org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType) samlParser
+ .parse(xmlEventReader);
List<RTChoiceType> choices = response.getAssertions();
- for( RTChoiceType rst: choices )
+ for (RTChoiceType rst : choices)
{
AssertionType assertion = rst.getAssertion();
- if( assertion == null )
+ if (assertion == null)
continue;
Set<StatementAbstractType> stats = assertion.getStatements();
- for( StatementAbstractType stat: stats )
+ for (StatementAbstractType stat : stats)
{
- if( stat instanceof XACMLAuthzDecisionStatementType )
+ if (stat instanceof XACMLAuthzDecisionStatementType)
{
return (XACMLAuthzDecisionStatementType) stat;
}
}
}
-
- throw new RuntimeException( "Not found XACMLAuthzDecisionStatementType" );
+
+ throw new RuntimeException("Not found XACMLAuthzDecisionStatementType");
}
-
- public static SOAPMessage getSOAPMessage( InputStream is ) throws IOException, SOAPException
+
+ public synchronized static org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType handleXACMLQuery(
+ PolicyDecisionPoint pdp, String issuer, XACMLAuthzDecisionQueryType xacmlRequest) throws ProcessingException,
+ ConfigurationException
{
- MessageFactory messageFactory = MessageFactory.newInstance();
- return messageFactory.createMessage(null, is );
- }
-
- public static SOAPMessage createFault( String message ) throws SOAPException
- {
- MessageFactory messageFactory = MessageFactory.newInstance();
- SOAPMessage msg = messageFactory.createMessage() ;
- SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope();
- SOAPBody body = envelope.getBody();
- SOAPFault fault = body.addFault();
- fault.setFaultCode("Server");
- fault.setFaultActor( "urn:picketlink" );
- fault.setFaultString( message );
- return msg;
- }
-
- public synchronized static org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType handleXACMLQuery(
- PolicyDecisionPoint pdp, String issuer, XACMLAuthzDecisionQueryType xacmlRequest ) throws ProcessingException, ConfigurationException
- {
RequestType requestType = xacmlRequest.getRequest();
RequestContext requestContext = new JBossRequestContext();
@@ -152,38 +128,34 @@
}
catch (IOException e)
{
- throw new ProcessingException( e );
+ throw new ProcessingException(e);
}
//pdp evaluation is thread safe
- ResponseContext responseContext = pdp.evaluate(requestContext);
+ ResponseContext responseContext = pdp.evaluate(requestContext);
ResponseType responseType = new ResponseType();
ResultType resultType = responseContext.getResult();
responseType.getResult().add(resultType);
- XACMLAuthzDecisionStatementType xacmlStatement =
- XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType, responseType);
+ XACMLAuthzDecisionStatementType xacmlStatement = XACMLContextFactory.createXACMLAuthzDecisionStatementType(
+ requestType, responseType);
//Place the xacml statement in an assertion
//Then the assertion goes inside a SAML Response
- String ID = IDGenerator.create("ID_");
- IssuerInfoHolder issuerInfo = new IssuerInfoHolder( issuer );
+ String ID = IDGenerator.create("ID_");
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder(issuer);
List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
statements.add(xacmlStatement);
- AssertionType assertion = SAMLAssertionFactory.createAssertion(ID,
- issuerInfo.getIssuer(),
- XMLTimeUtil.getIssueInstant(),
- null,
- null,
- statements);
+ AssertionType assertion = SAMLAssertionFactory.createAssertion(ID, issuerInfo.getIssuer(),
+ XMLTimeUtil.getIssueInstant(), null, null, statements);
- org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = JBossSAMLAuthnResponseFactory.createResponseType( ID, issuerInfo, assertion );
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = JBossSAMLAuthnResponseFactory
+ .createResponseType(ID, issuerInfo, assertion);
-
return samlResponseType;
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java 2011-06-17 18:29:57 UTC (rev 1007)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SOAPUtil.java 2011-06-17 18:30:34 UTC (rev 1008)
@@ -21,10 +21,21 @@
*/
package org.picketlink.identity.federation.core.util;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+
import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPMessage;
+import javax.xml.transform.Source;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Node;
+
/**
* Utility class dealing with SAAJ
* @author Anil.Saldhana at redhat.com
@@ -40,4 +51,39 @@
return soapMessage;
}
+ public static SOAPMessage getSOAPMessage(InputStream is) throws IOException, SOAPException
+ {
+ MessageFactory messageFactory = MessageFactory.newInstance();
+ return messageFactory.createMessage(null, is);
+ }
+
+ public static SOAPMessage createFault(String message) throws SOAPException
+ {
+ MessageFactory messageFactory = MessageFactory.newInstance();
+ SOAPMessage msg = messageFactory.createMessage();
+ SOAPEnvelope envelope = msg.getSOAPPart().getEnvelope();
+ SOAPBody body = envelope.getBody();
+ SOAPFault fault = body.addFault();
+ fault.setFaultCode("Server");
+ fault.setFaultActor("urn:picketlink");
+ fault.setFaultString(message);
+ return msg;
+ }
+
+ public static Node getSOAPData(SOAPMessage soapMessage) throws SOAPException
+ {
+ return soapMessage.getSOAPBody().getFirstChild();
+ }
+
+ public static void addData(Source data, SOAPMessage soapMessage) throws SOAPException
+ {
+ try
+ {
+ soapMessage.getSOAPBody().addDocument(DocumentUtil.getDocumentFromSource(data));
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2011-06-17 18:29:57 UTC (rev 1007)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2011-06-17 18:30:34 UTC (rev 1008)
@@ -20,30 +20,30 @@
*/
package org.picketlink.identity.federation.core.wstrust.handlers;
-import static org.junit.Assert.*;
+import static javax.xml.ws.handler.MessageContext.MESSAGE_OUTBOUND_PROPERTY;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import static javax.xml.ws.handler.soap.SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY;
-import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.namespace.QName;
-import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.ws.soap.SOAPFaultException;
import org.junit.Before;
import org.junit.Test;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.util.SOAPUtil;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
-import org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler;
-import org.picketlink.identity.federation.core.wstrust.handlers.STSSecurityHandler;
import org.w3c.dom.Element;
/**
@@ -63,174 +63,178 @@
*/
public class STSSaml20HandlerTestCase
{
- private SOAPMessageContext soapMessageContext;
- private SOAPMessage soapMessage;
- private STSClient wsTrustClient;
- private STSSaml20Handler samlHandler;
-
- @Test
- public void handleMessageValidToken() throws Exception
- {
- when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
-
- final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
- addSecurityAssertionElement(securityHeader);
-
- when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
- when(soapMessageContext.getMessage()).thenReturn(soapMessage);
-
- boolean result = samlHandler.handleMessage(soapMessageContext);
- assertTrue(result);
- }
-
- @Test
- public void handleMessageInValidToken() throws Exception
- {
- when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
-
- final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
- addSecurityAssertionElement(securityHeader);
+ private SOAPMessageContext soapMessageContext;
- when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
- when(soapMessageContext.getMessage()).thenReturn(soapMessage);
- try
- {
- samlHandler.handleMessage(soapMessageContext);
- fail("handleMessage should have thrown an exception");
- }
- catch (final Exception e)
- {
- assertTrue (e instanceof SOAPFaultException);
- assertSoapFaultString(e, "The security token could not be authenticated or authorized");
- }
- }
-
- @Test
- public void handleMessageMissingSecurityToken() throws Exception
- {
- when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
- when(soapMessageContext.getMessage()).thenReturn(soapMessage);
- try
- {
- samlHandler.handleMessage(soapMessageContext);
- fail("handleMessage should have thrown a exception!");
- }
- catch (final Exception e)
- {
- assertTrue (e instanceof SOAPFaultException);
- assertSoapFaultString(e, "No security token could be found in the SOAP Header");
- }
- }
+ private SOAPMessage soapMessage;
- @Test
- public void handleMessageInvalidSecurityToken() throws Exception
- {
- when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
-
- final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
- addSecurityAssertionElement(securityHeader);
-
- when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
- when(soapMessageContext.getMessage()).thenReturn(soapMessage);
- try
- {
- samlHandler.handleMessage(soapMessageContext);
- fail("handleMessage should have thrown a exception!");
- }
- catch (final Exception e)
- {
- assertTrue (e instanceof SOAPFaultException);
- assertSoapFaultString(e, "The security token could not be authenticated or authorized");
- }
- }
+ private STSClient wsTrustClient;
- @Test
- public void usernamePasswordFromSOAPMessageContext() throws Exception
- {
- when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
-
- final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
- addSecurityAssertionElement(securityHeader);
-
- when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
- when(soapMessageContext.getMessage()).thenReturn(soapMessage);
-
- when(soapMessageContext.get(STSSecurityHandler.USERNAME_MSG_CONTEXT_PROPERTY)).thenReturn("Fletch");
- when(soapMessageContext.get(STSSecurityHandler.PASSWORD_MSG_CONTEXT_PROPERTY)).thenReturn("letmein");
-
- samlHandler.handleMessage(soapMessageContext);
-
- assertEquals("Fletch", samlHandler.getConfigBuilder().getUsername());
- assertEquals("letmein", samlHandler.getConfigBuilder().getPassword());
- }
-
- @Test
- public void handleMessageOutbound()
- {
- when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(true);
- assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext));
- }
+ private STSSaml20Handler samlHandler;
- @Before
- public void setUp()
- {
- // Create a Mock for WSTrustClient.
- wsTrustClient = mock(STSClient.class);
-
- samlHandler = new FakeSamlHandler(wsTrustClient);
- samlHandler.setConfigFile("wstrust/auth/jboss-sts-client.properties");
- // Simulate the WS Engine calling @PostConstruct.
- samlHandler.parseSTSConfig();
-
- soapMessageContext = mock(SOAPMessageContext.class);
-
- try
- {
- soapMessage = MessageFactory.newInstance().createMessage();
- }
- catch (SOAPException e)
- {
- e.printStackTrace();
- fail(e.getMessage());
- }
- }
-
- private SOAPHeaderElement addSecurityHeader(final SOAPHeader soapHeader) throws SOAPException
- {
- final QName securityQName = samlHandler.getSecurityElementQName();
- final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse"));
- soapHeader.addChildElement(securityHeader);
- return securityHeader;
- }
+ @Test
+ public void handleMessageValidToken() throws Exception
+ {
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
- private SOAPElement addSecurityAssertionElement(final SOAPHeaderElement securityHeader) throws SOAPException
- {
- final QName tokenElementQName = this.samlHandler.getTokenElementQName();
- final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml"));
- return securityHeader.addChildElement(tokenElement);
- }
+ final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
+ addSecurityAssertionElement(securityHeader);
- private void assertSoapFaultString(final Exception e, final String str)
- {
- SOAPFaultException soapFaultException = (SOAPFaultException) e;
- SOAPFault fault = soapFaultException.getFault();
- assertEquals(str, fault.getFaultString());
- }
+ when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(soapMessageContext.getMessage()).thenReturn(soapMessage);
- private class FakeSamlHandler extends STSSaml20Handler
- {
- private final STSClient stsClient;
+ boolean result = samlHandler.handleMessage(soapMessageContext);
+ assertTrue(result);
+ }
- public FakeSamlHandler(final STSClient stsClient)
- {
- this.stsClient = stsClient;
- }
+ @Test
+ public void handleMessageInValidToken() throws Exception
+ {
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
- @Override
- protected STSClient createSTSClient(Builder builder) throws ParsingException
- {
- return stsClient;
- }
- }
+ final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
+ addSecurityAssertionElement(securityHeader);
+
+ when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(soapMessageContext.getMessage()).thenReturn(soapMessage);
+ try
+ {
+ samlHandler.handleMessage(soapMessageContext);
+ fail("handleMessage should have thrown an exception");
+ }
+ catch (final Exception e)
+ {
+ assertTrue(e instanceof SOAPFaultException);
+ assertSoapFaultString(e, "The security token could not be authenticated or authorized");
+ }
+ }
+
+ @Test
+ public void handleMessageMissingSecurityToken() throws Exception
+ {
+ when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(soapMessageContext.getMessage()).thenReturn(soapMessage);
+ try
+ {
+ samlHandler.handleMessage(soapMessageContext);
+ fail("handleMessage should have thrown a exception!");
+ }
+ catch (final Exception e)
+ {
+ assertTrue(e instanceof SOAPFaultException);
+ assertSoapFaultString(e, "No security token could be found in the SOAP Header");
+ }
+ }
+
+ @Test
+ public void handleMessageInvalidSecurityToken() throws Exception
+ {
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
+
+ final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
+ addSecurityAssertionElement(securityHeader);
+
+ when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(soapMessageContext.getMessage()).thenReturn(soapMessage);
+ try
+ {
+ samlHandler.handleMessage(soapMessageContext);
+ fail("handleMessage should have thrown a exception!");
+ }
+ catch (final Exception e)
+ {
+ assertTrue(e instanceof SOAPFaultException);
+ assertSoapFaultString(e, "The security token could not be authenticated or authorized");
+ }
+ }
+
+ @Test
+ public void usernamePasswordFromSOAPMessageContext() throws Exception
+ {
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
+
+ final SOAPHeaderElement securityHeader = addSecurityHeader(soapMessage.getSOAPHeader());
+ addSecurityAssertionElement(securityHeader);
+
+ when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(false);
+ when(soapMessageContext.getMessage()).thenReturn(soapMessage);
+
+ when(soapMessageContext.get(STSSecurityHandler.USERNAME_MSG_CONTEXT_PROPERTY)).thenReturn("Fletch");
+ when(soapMessageContext.get(STSSecurityHandler.PASSWORD_MSG_CONTEXT_PROPERTY)).thenReturn("letmein");
+
+ samlHandler.handleMessage(soapMessageContext);
+
+ assertEquals("Fletch", samlHandler.getConfigBuilder().getUsername());
+ assertEquals("letmein", samlHandler.getConfigBuilder().getPassword());
+ }
+
+ @Test
+ public void handleMessageOutbound()
+ {
+ when(soapMessageContext.get(MESSAGE_OUTBOUND_PROPERTY)).thenReturn(true);
+ assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext));
+ }
+
+ @Before
+ public void setUp()
+ {
+ // Create a Mock for WSTrustClient.
+ wsTrustClient = mock(STSClient.class);
+
+ samlHandler = new FakeSamlHandler(wsTrustClient);
+ samlHandler.setConfigFile("wstrust/auth/jboss-sts-client.properties");
+ // Simulate the WS Engine calling @PostConstruct.
+ samlHandler.parseSTSConfig();
+
+ soapMessageContext = mock(SOAPMessageContext.class);
+
+ try
+ {
+ soapMessage = SOAPUtil.create();
+ }
+ catch (SOAPException e)
+ {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private SOAPHeaderElement addSecurityHeader(final SOAPHeader soapHeader) throws SOAPException
+ {
+ final QName securityQName = samlHandler.getSecurityElementQName();
+ final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(),
+ securityQName.getLocalPart(), "wsse"));
+ soapHeader.addChildElement(securityHeader);
+ return securityHeader;
+ }
+
+ private SOAPElement addSecurityAssertionElement(final SOAPHeaderElement securityHeader) throws SOAPException
+ {
+ final QName tokenElementQName = this.samlHandler.getTokenElementQName();
+ final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(),
+ tokenElementQName.getLocalPart(), "saml"));
+ return securityHeader.addChildElement(tokenElement);
+ }
+
+ private void assertSoapFaultString(final Exception e, final String str)
+ {
+ SOAPFaultException soapFaultException = (SOAPFaultException) e;
+ SOAPFault fault = soapFaultException.getFault();
+ assertEquals(str, fault.getFaultString());
+ }
+
+ private class FakeSamlHandler extends STSSaml20Handler
+ {
+ private final STSClient stsClient;
+
+ public FakeSamlHandler(final STSClient stsClient)
+ {
+ this.stsClient = stsClient;
+ }
+
+ @Override
+ protected STSClient createSTSClient(Builder builder) throws ParsingException
+ {
+ return stsClient;
+ }
+ }
}
-
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-06-17 18:29:57 UTC (rev 1007)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-06-17 18:30:34 UTC (rev 1008)
@@ -33,7 +33,6 @@
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
@@ -51,6 +50,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.SOAPUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.w3c.dom.Document;
@@ -64,15 +64,17 @@
* @since Jan 27, 2009
*/
public class SOAPSAMLXACMLServlet extends HttpServlet
-{
+{
private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class);
- private boolean trace = log.isTraceEnabled();
+ private final boolean trace = log.isTraceEnabled();
+
private static final long serialVersionUID = 1L;
private String policyConfigFileName = null;
private String issuerId = null;
+
private String issuer = null;
boolean debug = false;
@@ -80,37 +82,37 @@
private transient PolicyDecisionPoint pdp = null;
public void init(ServletConfig config) throws ServletException
- {
+ {
issuerId = config.getInitParameter("issuerID");
- if(issuerId == null)
+ if (issuerId == null)
issuerId = "issue-id:1";
- issuer = config.getInitParameter("issuer");
- if(issuer == null)
+ issuer = config.getInitParameter("issuer");
+ if (issuer == null)
issuer = "urn:jboss-identity";
policyConfigFileName = config.getInitParameter("policyConfigFileName");
- if(policyConfigFileName == null)
- policyConfigFileName = "policyConfig.xml";
+ if (policyConfigFileName == null)
+ policyConfigFileName = "policyConfig.xml";
String debugStr = config.getInitParameter("debug");
try
{
debug = Boolean.parseBoolean(debugStr);
}
- catch(Exception ignore)
+ catch (Exception ignore)
{
debug = false;
}
- if(trace)
+ if (trace)
{
log.trace("Issuer=" + issuer + " :: issuerID=" + issuerId);
log.trace("PolicyConfig File:" + policyConfigFileName);
- log.trace("Debug="+debug);
+ log.trace("Debug=" + debug);
}
- if(debug)
+ if (debug)
{
SecurityActions.setSystemProperty("jaxb.debug", "true");
}
@@ -121,70 +123,69 @@
}
catch (PrivilegedActionException e)
{
- log("Exception loading PDP::",e);
+ log("Exception loading PDP::", e);
throw new ServletException("Unable to load PDP");
}
- super.init(config);
+ super.init(config);
}
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
XACMLAuthzDecisionQueryType xacmlRequest = null;
- MessageFactory messageFactory = null;
SOAPMessage returnSOAPMessage = null;
try
{
try
{
- messageFactory = MessageFactory.newInstance();
- SOAPMessage soapMessage = messageFactory.createMessage( null, req.getInputStream() );
+ SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(req.getInputStream());
SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
SOAPBody soapBody = soapEnvelope.getBody();
NodeList nl = soapBody.getChildNodes();
Node node = null;
-
+
int length = nl != null ? nl.getLength() : 0;
- for( int i = 0; i < length; i++ )
+ for (int i = 0; i < length; i++)
{
- Node n = nl.item(i);
+ Node n = nl.item(i);
String localName = n.getLocalName();
- if( localName != null && ( localName.contains( JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get() )
- || localName.contains( JBossSAMLConstants.REQUEST_ABSTRACT.get() )))
+ if (localName != null
+ && (localName.contains(JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get()) || localName
+ .contains(JBossSAMLConstants.REQUEST_ABSTRACT.get())))
{
node = n;
break;
}
}
- if( node == null )
- throw new ServletException( "Did not find XACML query nodes" );
- xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType( node );
+ if (node == null)
+ throw new ServletException("Did not find XACML query nodes");
+ xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType(node);
}
catch (SOAPException e)
- {
+ {
e.printStackTrace();
- throw new ServletException( e );
+ throw new ServletException(e);
}
catch (ParsingException e)
{
- throw new ServletException( e );
+ throw new ServletException(e);
}
catch (ConfigurationException e)
{
- throw new ServletException( e );
+ throw new ServletException(e);
}
catch (ProcessingException e)
{
- throw new ServletException( e );
+ throw new ServletException(e);
}
/*JAXBElement<RequestAbstractType> jaxbRequestType = null;
- Envelope envelope = null;
- XACMLAuthzDecisionQueryType xacmlRequest = null;
+ Envelope envelope = null;
+ XACMLAuthzDecisionQueryType xacmlRequest = null;
- try
- {
+ try
+ {
Document inputDoc = DocumentUtil.getDocument(req.getInputStream());
if(debug && trace)
log.trace("Received SOAP:"+DocumentUtil.asString(inputDoc));
@@ -224,12 +225,11 @@
*/
+ if (xacmlRequest == null)
+ throw new IOException("XACML Request not parsed");
- if(xacmlRequest == null)
- throw new IOException("XACML Request not parsed");
-
- org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType =
- SOAPSAMLXACMLUtil.handleXACMLQuery(pdp, issuer, xacmlRequest);
+ org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = SOAPSAMLXACMLUtil
+ .handleXACMLQuery(pdp, issuer, xacmlRequest);
/*RequestType requestType = xacmlRequest.getRequest();
@@ -264,65 +264,65 @@
statements);
org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType samlResponseType = saml2Response.createResponseType(ID, issuerInfo, assertion);
-*/
+ */
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(baos);
- SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter( xmlStreamWriter );
- samlResponseWriter.write( samlResponseType );
- Document responseDocument = DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() ));
+ SAMLResponseWriter samlResponseWriter = new SAMLResponseWriter(xmlStreamWriter);
+ samlResponseWriter.write(samlResponseType);
+ Document responseDocument = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
- returnSOAPMessage = messageFactory.createMessage();
+ returnSOAPMessage = SOAPUtil.create();
SOAPBody returnSOAPBody = returnSOAPMessage.getSOAPBody();
- returnSOAPBody.addDocument( responseDocument );
+ returnSOAPBody.addDocument(responseDocument);
/*JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get();
//Create a SOAP Envelope to hold the SAML response
envelope = this.createEnvelope(jaxbResponse); */
}
- catch ( Exception e )
- {
+ catch (Exception e)
+ {
e.printStackTrace();
String id = IDGenerator.create();
- log.error(id + "::Exception:", e);
+ log.error(id + "::Exception:", e);
try
{
- returnSOAPMessage = SOAPSAMLXACMLUtil.createFault( "Server Error" );
+ returnSOAPMessage = SOAPUtil.createFault("Server Error");
}
catch (SOAPException e1)
- {
+ {
}
//envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id));
- }
+ }
finally
{
resp.setContentType("text/xml;charset=utf-8");;
- OutputStream os = resp.getOutputStream();
+ OutputStream os = resp.getOutputStream();
try
{
- if( returnSOAPMessage == null )
- throw new RuntimeException( "SOAPMessage for return is null" );
- returnSOAPMessage.writeTo( os );
+ if (returnSOAPMessage == null)
+ throw new RuntimeException("SOAPMessage for return is null");
+ returnSOAPMessage.writeTo(os);
/*if(envelope == null)
throw new IllegalStateException("SOAPEnvelope is null");
JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage());
marshaller.marshal(jaxbEnvelope, os); */
}
- catch ( Exception e )
+ catch (Exception e)
{
- log("marshalling exception",e);
- }
- }
- }
+ log("marshalling exception", e);
+ }
+ }
+ }
private PolicyDecisionPoint getPDP() throws PrivilegedActionException
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
- if(is == null)
- throw new IllegalStateException(policyConfigFileName + " could not be located");
- return new JBossPDP(is);
- }
+ if (is == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be located");
+ return new JBossPDP(is);
+ }
}
\ No newline at end of file
More information about the picketlink-commits
mailing list