[seam-commits] Seam SVN: r13645 - in modules/security/trunk/external: src and 36 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Thu Aug 26 05:27:16 EDT 2010
Author: marcelkolsteren
Date: 2010-08-26 05:27:12 -0400 (Thu, 26 Aug 2010)
New Revision: 13645
Added:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Base64.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/EntityBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContextProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlNameId.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextExtension.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManager.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogue.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/DialogueScoped.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogued.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdConsumerManagerFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRequest.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlConstants.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEndpoint.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlExternalEntity.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlIdpOrSp.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlPostMessage.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlProfile.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRequestOrResponse.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServiceType.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForPostBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForRedirectBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSigningKey.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlUtils.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlExternalServiceProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInApplicationScopeProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInVirtualApplicationScopeProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpIncomingLogoutDialogue.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpOutgoingLogoutDialogue.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSession.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlExternalIdentityProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInApplicationScopeProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInVirtualApplicationScopeProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpLogoutDialogue.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSession.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSessions.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContextExtension.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationCreation.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationManagerCreation.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationsCreation.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplication.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplicationScoped.java
modules/security/trunk/external/src/main/resources/META-INF/beans.xml
modules/security/trunk/external/src/main/resources/META-INF/javax.enterprise.inject.spi.Extension
modules/security/trunk/external/src/main/resources/services/
modules/security/trunk/external/src/test/
modules/security/trunk/external/src/test/java/
modules/security/trunk/external/src/test/java/org/
modules/security/trunk/external/src/test/java/org/jboss/
modules/security/trunk/external/src/test/java/org/jboss/seam/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/AfterDeployEventHandler.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/BeforeUnDeployEventHandler.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ClassContextAppenderImpl.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpVirtualApplicationCreator.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForPostBindingTest.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForRedirectBindingTest.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/util/
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/util/MavenArtifactResolver.java
modules/security/trunk/external/src/test/resources/
modules/security/trunk/external/src/test/resources/META-INF/
modules/security/trunk/external/src/test/resources/META-INF/services/
modules/security/trunk/external/src/test/resources/META-INF/services/org.jboss.arquillian.spi.ClassContextAppender
modules/security/trunk/external/src/test/resources/WEB-INF/
modules/security/trunk/external/src/test/resources/WEB-INF/context.xml
modules/security/trunk/external/src/test/resources/WEB-INF/idp-beans.xml
modules/security/trunk/external/src/test/resources/WEB-INF/sp-beans.xml
modules/security/trunk/external/src/test/resources/WEB-INF/web.xml
modules/security/trunk/external/src/test/resources/arquillian.xml
modules/security/trunk/external/src/test/resources/jndi.properties
modules/security/trunk/external/src/test/resources/log4j.xml
modules/security/trunk/external/src/test/resources/test_keystore.jks
Removed:
modules/security/trunk/external/src/main/java/META-INF/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/
modules/security/trunk/external/src/main/resources/META-INF/beans.xml
modules/security/trunk/external/src/main/resources/schema/config/
modules/security/trunk/external/src/main/xjb/config-bindings.xjb
Modified:
modules/security/trunk/external/
modules/security/trunk/external/pom.xml
modules/security/trunk/external/src/main/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java
modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb
Log:
- Refactored the external authentication submodule
- Added SAML IDP support
- Added virtual application scope (for virtual hosting)
- Added dialogue scope (for maintaining the state of SAML interactions, which typically span HTTP requests)
- Added SAML integration test (testing interaction between the browser of the user, a SAML IDP application and two SAML SP applications)
Property changes on: modules/security/trunk/external
___________________________________________________________________
Name: svn:ignore
+ target
.settings
.classpath
.project
Modified: modules/security/trunk/external/pom.xml
===================================================================
--- modules/security/trunk/external/pom.xml 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/pom.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -14,6 +14,12 @@
<packaging>jar</packaging>
<name>Seam Security External Authentication Services</name>
+ <properties>
+ <arquillian.version>1.0.0.Alpha3</arquillian.version>
+ <jbossas.server.manager.version>1.0.3.GA</jbossas.server.manager.version>
+ <jbossas.client.version>6.0.0.20100721-M4</jbossas.client.version>
+ </properties>
+
<build>
<plugins>
<plugin>
@@ -27,7 +33,7 @@
<schemaDirectory>${basedir}/src/main/resources/schema/samlv2</schemaDirectory>
<outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
<clearOutputDir>true</clearOutputDir>
- <staleFile>${project.build.directory}/.staleFlag_saml</staleFile>
+ <staleFile>${project.build.directory}/classes/.staleFlag_saml</staleFile>
<bindingFiles>samlv2-bindings.xjb</bindingFiles>
</configuration>
<goals>
@@ -41,27 +47,13 @@
<packageName>org.jboss.seam.security.external.jaxb.xrds</packageName>
<outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
<clearOutputDir>false</clearOutputDir>
- <staleFile>${project.build.directory}/.staleFlag_xrds</staleFile>
+ <staleFile>${project.build.directory}/classes/.staleFlag_xrds</staleFile>
<bindingFiles>xrds-bindings.xjb</bindingFiles>
</configuration>
<goals>
<goal>xjc</goal>
</goals>
</execution>
- <execution>
- <id>jaxb-config</id>
- <configuration>
- <schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
- <packageName>org.jboss.seam.security.external.jaxb.config</packageName>
- <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
- <clearOutputDir>false</clearOutputDir>
- <staleFile>${project.build.directory}/.staleFlag_config</staleFile>
- <bindingFiles>config-bindings.xjb</bindingFiles>
- </configuration>
- <goals>
- <goal>xjc</goal>
- </goals>
- </execution>
</executions>
</plugin>
</plugins>
@@ -70,6 +62,29 @@
<dependencies>
<dependency>
+ <groupId>org.jboss.weld</groupId>
+ <artifactId>weld-core</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.weld</groupId>
+ <artifactId>weld-extensions</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.seam.servlet</groupId>
+ <artifactId>seam-servlet-api</artifactId>
+ <version>3.0.0-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.seam.servlet</groupId>
+ <artifactId>seam-servlet</artifactId>
+ <version>3.0.0-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
<groupId>javax.el</groupId>
<artifactId>el-api</artifactId>
<scope>provided</scope>
@@ -100,38 +115,6 @@
</dependency>
<dependency>
- <groupId>org.jboss.seam.security</groupId>
- <artifactId>seam-security-api</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.jboss.seam.security</groupId>
- <artifactId>seam-security-impl</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.picketlink.idm</groupId>
- <artifactId>picketlink-idm-core</artifactId>
- <exclusions>
- <exclusion>
- <groupId>com.sun.xml.bind</groupId>
- <artifactId>jaxb-impl</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-core</artifactId>
- <scope>provided</scope>
- </dependency>
-
- <dependency>
<!-- Required until the Servlet 3.0 API can be resolved in Central -->
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
@@ -163,6 +146,103 @@
<optional>true</optional>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>com.sun.xml.bind</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ <version>2.1.9</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Needed by openid4java -->
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.arquillian</groupId>
+ <artifactId>arquillian-junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.0</version>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
+ <profiles>
+ <profile>
+ <id>jbossas-managed-6</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.arquillian.container</groupId>
+ <artifactId>arquillian-jbossas-managed-6</artifactId>
+ <version>${arquillian.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-server-manager</artifactId>
+ <version>${jbossas.server.manager.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-client</artifactId>
+ <type>pom</type>
+ <version>${jbossas.client.version}</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>jbossas-remote-6</id>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.arquillian.container</groupId>
+ <artifactId>arquillian-jbossas-remote-6</artifactId>
+ <version>${arquillian.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-client</artifactId>
+ <type>pom</type>
+ <version>${jbossas.client.version}</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ </profiles>
+
</project>
Property changes on: modules/security/trunk/external/src/main
___________________________________________________________________
Name: svn:ignore
+ generated-source
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Base64.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Base64.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Base64.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,1818 @@
+package org.jboss.seam.security.external;
+
+// TODO: Re-use a Base64 class (e.g. the Base64 class of seam security)
+
+/**
+ * <p>
+ * Encodes and decodes to and from Base64 notation.
+ * </p>
+ * <p>
+ * Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>.
+ * </p>
+ *
+ * <p>
+ * Change Log:
+ * </p>
+ * <ul>
+ * <li>v2.2.1 - Fixed bug using URL_SAFE and ORDERED encodings. Fixed bug when
+ * using very small files (~< 40 bytes).</li>
+ * <li>v2.2 - Added some helper methods for encoding/decoding directly from one
+ * file to the next. Also added a main() method to support command line
+ * encoding/decoding from one file to the next. Also added these Base64
+ * dialects:
+ * <ol>
+ * <li>The default is RFC3548 format.</li>
+ * <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.URLSAFE_FORMAT) generates
+ * URL and file name friendly format as described in Section 4 of RFC3548.
+ * http://www.faqs.org/rfcs/rfc3548.html</li>
+ * <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.ORDERED_FORMAT) generates
+ * URL and file name friendly format that preserves lexical ordering as
+ * described in http://www.faqs.org/qa/rfcc-1940.html</li>
+ * </ol>
+ * Special thanks to Jim Kellerman at <a
+ * href="http://www.powerset.com/">http://www.powerset.com/</a> for contributing
+ * the new Base64 dialects.</li>
+ *
+ * <li>v2.1 - Cleaned up javadoc comments and unused variables and methods.
+ * Added some convenience methods for reading and writing to and from files.</li>
+ * <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on
+ * systems with other encodings (like EBCDIC).</li>
+ * <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
+ * encoded data was a single byte.</li>
+ * <li>v2.0 - I got rid of methods that used booleans to set options. Now
+ * everything is more consolidated and cleaner. The code now detects when data
+ * that's being decoded is gzip-compressed and will decompress it automatically.
+ * Generally things are cleaner. You'll probably have to change some method
+ * calls that you were making to support the new options format (<tt>int</tt>s
+ * that you "OR" together).</li>
+ * <li>v1.5.1 - Fixed bug when decompressing and decoding to a byte[] using
+ * <tt>decode( String s, boolean gzipCompressed )</tt>. Added the ability to
+ * "suspend" encoding in the Output Stream so you can turn on and off the
+ * encoding if you need to embed base64 data in an otherwise "normal" stream
+ * (like an XML file).</li>
+ * <li>v1.5 - Output stream pases on flush() command but doesn't do anything
+ * itself. This helps when using GZIP streams. Added the ability to
+ * GZip-compress objects before encoding them.</li>
+ * <li>v1.4 - Added helper methods to read/write files.</li>
+ * <li>v1.3.6 - Fixed OutputStream.flush() so that 'position' is reset.</li>
+ * <li>v1.3.5 - Added flag to turn on and off line breaks. Fixed bug in input
+ * stream where last buffer being read, if not completely full, was not
+ * returned.</li>
+ * <li>v1.3.4 - Fixed when "improperly padded stream" error was thrown at the
+ * wrong time.</li>
+ * <li>v1.3.3 - Fixed I/O streams which were totally messed up.</li>
+ * </ul>
+ *
+ * <p>
+ * I am placing this code in the Public Domain. Do with it as you will. This
+ * software comes with no guarantees or warranties but with plenty of
+ * well-wishing instead! Please visit <a
+ * href="http://iharder.net/base64">http://iharder.net/base64</a> periodically
+ * to check for updates or to contribute improvements.
+ * </p>
+ *
+ * @author Robert Harder
+ * @author rob at iharder.net
+ * @version 2.2.1
+ */
+public class Base64
+{
+
+ /* ******** P U B L I C F I E L D S ******** */
+
+ /** No options specified. Value is zero. */
+ public final static int NO_OPTIONS = 0;
+
+ /** Specify encoding. */
+ public final static int ENCODE = 1;
+
+ /** Specify decoding. */
+ public final static int DECODE = 0;
+
+ /** Specify that data should be gzip-compressed. */
+ public final static int GZIP = 2;
+
+ /** Don't break lines when encoding (violates strict Base64 specification) */
+ public final static int DONT_BREAK_LINES = 8;
+
+ /**
+ * Encode using Base64-like encoding that is URL- and Filename-safe as
+ * described in Section 4 of RFC3548: <a
+ * href="http://www.faqs.org/rfcs/rfc3548.html"
+ * >http://www.faqs.org/rfcs/rfc3548.html</a>. It is important to note that
+ * data encoded this way is <em>not</em> officially valid Base64, or at the
+ * very least should not be called Base64 without also specifying that is was
+ * encoded using the URL- and Filename-safe dialect.
+ */
+ public final static int URL_SAFE = 16;
+
+ /**
+ * Encode using the special "ordered" dialect of Base64 described here: <a
+ * href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-
+ * 1940.html</a>.
+ */
+ public final static int ORDERED = 32;
+
+ /* ******** P R I V A T E F I E L D S ******** */
+
+ /** Maximum line length (76) of Base64 output. */
+ private final static int MAX_LINE_LENGTH = 76;
+
+ /** The equals sign (=) as a byte. */
+ private final static byte EQUALS_SIGN = (byte) '=';
+
+ /** The new line character (\n) as a byte. */
+ private final static byte NEW_LINE = (byte) '\n';
+
+ /** Preferred encoding. */
+ private final static String PREFERRED_ENCODING = "UTF-8";
+
+ // I think I end up not using the BAD_ENCODING indicator.
+ // private final static byte BAD_ENCODING = -9; // Indicates error in
+ // encoding
+ private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in
+ // encoding
+ private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in
+ // encoding
+
+ /* ******** S T A N D A R D B A S E 6 4 A L P H A B E T ******** */
+
+ /** The 64 valid Base64 values. */
+ // private final static byte[] ALPHABET;
+ /*
+ * Host platform me be something funny like EBCDIC, so we hardcode these
+ * values.
+ */
+ private final static byte[] _STANDARD_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9',
+ (byte) '+', (byte) '/' };
+
+ /**
+ * Translates a Base64 value to either its 6-bit reconstruction value or a
+ * negative number indicating some other meaning.
+ **/
+ private final static byte[] _STANDARD_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+ // 0
+ // -
+ // 8
+ -5, -5, // Whitespace: Tab and Linefeed
+ -9, -9, // Decimal 11 - 12
+ -5, // Whitespace: Carriage Return
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+ -9, -9, -9, -9, -9, // Decimal 27 - 31
+ -5, // Whitespace: Space
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+ 62, // Plus sign at decimal 43
+ -9, -9, -9, // Decimal 44 - 46
+ 63, // Slash at decimal 47
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, // Numbers zero through nine
+ -9, -9, -9, // Decimal 58 - 60
+ -1, // Equals sign at decimal 61
+ -9, -9, -9, // Decimal 62 - 64
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, // Letters 'A' through
+ // 'N'
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, // Letters 'O' through
+ // 'Z'
+ -9, -9, -9, -9, -9, -9, // Decimal 91 - 96
+ 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a'
+ // through 'm'
+ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n'
+ // through 'z'
+ -9, -9, -9, -9 // Decimal 123 - 126
+ /*
+ * ,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 127 - 139
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 140 - 152
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 153 - 165
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 166 - 178
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 179 - 191
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 192 - 204
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 205 - 217
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 218 - 230
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 231 - 243
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9 // Decimal 244 - 255
+ */
+ };
+
+ /* ******** U R L S A F E B A S E 6 4 A L P H A B E T ******** */
+
+ /**
+ * Used in the URL- and Filename-safe dialect described in Section 4 of
+ * RFC3548: <a
+ * href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org
+ * /rfcs/rfc3548.html</a>. Notice that the last two bytes become "hyphen" and
+ * "underscore" instead of "plus" and "slash."
+ */
+ private final static byte[] _URL_SAFE_ALPHABET = { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9',
+ (byte) '-', (byte) '_' };
+
+ /**
+ * Used in decoding URL- and Filename-safe dialects of Base64.
+ */
+ private final static byte[] _URL_SAFE_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+ // 0
+ // -
+ // 8
+ -5, -5, // Whitespace: Tab and Linefeed
+ -9, -9, // Decimal 11 - 12
+ -5, // Whitespace: Carriage Return
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+ -9, -9, -9, -9, -9, // Decimal 27 - 31
+ -5, // Whitespace: Space
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+ -9, // Plus sign at decimal 43
+ -9, // Decimal 44
+ 62, // Minus sign at decimal 45
+ -9, // Decimal 46
+ -9, // Slash at decimal 47
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, // Numbers zero through nine
+ -9, -9, -9, // Decimal 58 - 60
+ -1, // Equals sign at decimal 61
+ -9, -9, -9, // Decimal 62 - 64
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, // Letters 'A' through
+ // 'N'
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, // Letters 'O' through
+ // 'Z'
+ -9, -9, -9, -9, // Decimal 91 - 94
+ 63, // Underscore at decimal 95
+ -9, // Decimal 96
+ 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a'
+ // through 'm'
+ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n'
+ // through 'z'
+ -9, -9, -9, -9 // Decimal 123 - 126
+ /*
+ * ,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 127 - 139
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 140 - 152
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 153 - 165
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 166 - 178
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 179 - 191
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 192 - 204
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 205 - 217
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 218 - 230
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 231 - 243
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9 // Decimal 244 - 255
+ */
+ };
+
+ /* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
+
+ /**
+ * I don't get the point of this technique, but it is described here: <a
+ * href= "http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-
+ * 1940. html</a>.
+ */
+ private final static byte[] _ORDERED_ALPHABET = { (byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) '_', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
+ (byte) 'y', (byte) 'z' };
+
+ /**
+ * Used in decoding the "ordered" dialect of Base64.
+ */
+ private final static byte[] _ORDERED_DECODABET = { -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+ // 0
+ // -
+ // 8
+ -5, -5, // Whitespace: Tab and Linefeed
+ -9, -9, // Decimal 11 - 12
+ -5, // Whitespace: Carriage Return
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+ -9, -9, -9, -9, -9, // Decimal 27 - 31
+ -5, // Whitespace: Space
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+ -9, // Plus sign at decimal 43
+ -9, // Decimal 44
+ 0, // Minus sign at decimal 45
+ -9, // Decimal 46
+ -9, // Slash at decimal 47
+ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // Numbers zero through nine
+ -9, -9, -9, // Decimal 58 - 60
+ -1, // Equals sign at decimal 61
+ -9, -9, -9, // Decimal 62 - 64
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, // Letters 'A'
+ // through 'M'
+ 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, // Letters 'N'
+ // through 'Z'
+ -9, -9, -9, -9, // Decimal 91 - 94
+ 37, // Underscore at decimal 95
+ -9, // Decimal 96
+ 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, // Letters 'a'
+ // through 'm'
+ 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, // Letters 'n'
+ // through 'z'
+ -9, -9, -9, -9 // Decimal 123 - 126
+ /*
+ * ,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 127 - 139
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 140 - 152
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 153 - 165
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 166 - 178
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 179 - 191
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 192 - 204
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 205 - 217
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 218 - 230
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 231 - 243
+ * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9 // Decimal 244 - 255
+ */
+ };
+
+ /* ******** D E T E R M I N E W H I C H A L H A B E T ******** */
+
+ /**
+ * Returns one of the _SOMETHING_ALPHABET byte arrays depending on the
+ * options specified. It's possible, though silly, to specify ORDERED and
+ * URLSAFE in which case one of them will be picked, though there is no
+ * guarantee as to which one will be picked.
+ */
+ private final static byte[] getAlphabet(int options)
+ {
+ if ((options & URL_SAFE) == URL_SAFE)
+ return _URL_SAFE_ALPHABET;
+ else if ((options & ORDERED) == ORDERED)
+ return _ORDERED_ALPHABET;
+ else
+ return _STANDARD_ALPHABET;
+
+ } // end getAlphabet
+
+ /**
+ * Returns one of the _SOMETHING_DECODABET byte arrays depending on the
+ * options specified. It's possible, though silly, to specify ORDERED and
+ * URL_SAFE in which case one of them will be picked, though there is no
+ * guarantee as to which one will be picked.
+ */
+ private final static byte[] getDecodabet(int options)
+ {
+ if ((options & URL_SAFE) == URL_SAFE)
+ return _URL_SAFE_DECODABET;
+ else if ((options & ORDERED) == ORDERED)
+ return _ORDERED_DECODABET;
+ else
+ return _STANDARD_DECODABET;
+
+ } // end getAlphabet
+
+ /** Defeats instantiation. */
+ private Base64()
+ {
+ }
+
+ /**
+ * Encodes or decodes two files from the command line; <strong>feel free to
+ * delete this method (in fact you probably should) if you're embedding this
+ * code into a larger program.</strong>
+ */
+ public final static void main(String[] args)
+ {
+ if (args.length < 3)
+ {
+ usage("Not enough arguments.");
+ } // end if: args.length < 3
+ else
+ {
+ String flag = args[0];
+ String infile = args[1];
+ String outfile = args[2];
+ if (flag.equals("-e"))
+ {
+ Base64.encodeFileToFile(infile, outfile);
+ } // end if: encode
+ else if (flag.equals("-d"))
+ {
+ Base64.decodeFileToFile(infile, outfile);
+ } // end else if: decode
+ else
+ {
+ usage("Unknown flag: " + flag);
+ } // end else
+ } // end else
+ } // end main
+
+ /**
+ * Prints command line usage.
+ *
+ * @param msg A message to include with usage info.
+ */
+ private final static void usage(String msg)
+ {
+ System.err.println(msg);
+ System.err.println("Usage: java Base64 -e|-d inputfile outputfile");
+ } // end usage
+
+ /* ******** E N C O D I N G M E T H O D S ******** */
+
+ /**
+ * Encodes up to the first three bytes of array <var>threeBytes</var> and
+ * returns a four-byte array in Base64 notation. The actual number of
+ * significant bytes in your array is given by <var>numSigBytes</var>. The
+ * array <var>threeBytes</var> needs only be as big as
+ * <var>numSigBytes</var>. Code can reuse a byte array by passing a four-byte
+ * array as <var>b4</var>.
+ *
+ * @param b4 A reusable byte array to reduce array instantiation
+ * @param threeBytes the array to convert
+ * @param numSigBytes the number of significant bytes in your array
+ * @return four byte array in Base64 notation.
+ * @since 1.5.1
+ */
+ private static byte[] encode3to4(byte[] b4, byte[] threeBytes, int numSigBytes, int options)
+ {
+ encode3to4(threeBytes, 0, numSigBytes, b4, 0, options);
+ return b4;
+ } // end encode3to4
+
+ /**
+ * <p>
+ * Encodes up to three bytes of the array <var>source</var> and writes the
+ * resulting four Base64 bytes to <var>destination</var>. The source and
+ * destination arrays can be manipulated anywhere along their length by
+ * specifying <var>srcOffset</var> and <var>destOffset</var>. This method
+ * does not check to make sure your arrays are large enough to accomodate
+ * <var>srcOffset</var> + 3 for the <var>source</var> array or
+ * <var>destOffset</var> + 4 for the <var>destination</var> array. The actual
+ * number of significant bytes in your array is given by
+ * <var>numSigBytes</var>.
+ * </p>
+ * <p>
+ * This is the lowest level of the encoding methods with all possible
+ * parameters.
+ * </p>
+ *
+ * @param source the array to convert
+ * @param srcOffset the index where conversion begins
+ * @param numSigBytes the number of significant bytes in your array
+ * @param destination the array to hold the conversion
+ * @param destOffset the index where output will be put
+ * @return the <var>destination</var> array
+ * @since 1.3
+ */
+ private static byte[] encode3to4(byte[] source, int srcOffset, int numSigBytes, byte[] destination, int destOffset, int options)
+ {
+ byte[] ALPHABET = getAlphabet(options);
+
+ // 1 2 3
+ // 01234567890123456789012345678901 Bit position
+ // --------000000001111111122222222 Array position from threeBytes
+ // --------| || || || | Six bit groups to index ALPHABET
+ // >>18 >>12 >> 6 >> 0 Right shift necessary
+ // 0x3f 0x3f 0x3f Additional AND
+
+ // Create buffer with zero-padding if there are only one or two
+ // significant bytes passed in the array.
+ // We have to shift left 24 in order to flush out the 1's that appear
+ // when Java treats a value as negative that is cast from a byte to an
+ // int.
+ int inBuff = (numSigBytes > 0 ? ((source[srcOffset] << 24) >>> 8) : 0) | (numSigBytes > 1 ? ((source[srcOffset + 1] << 24) >>> 16) : 0) | (numSigBytes > 2 ? ((source[srcOffset + 2] << 24) >>> 24) : 0);
+
+ switch (numSigBytes)
+ {
+ case 3:
+ destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+ destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f];
+ destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f];
+ destination[destOffset + 3] = ALPHABET[(inBuff) & 0x3f];
+ return destination;
+
+ case 2:
+ destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+ destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f];
+ destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f];
+ destination[destOffset + 3] = EQUALS_SIGN;
+ return destination;
+
+ case 1:
+ destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+ destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f];
+ destination[destOffset + 2] = EQUALS_SIGN;
+ destination[destOffset + 3] = EQUALS_SIGN;
+ return destination;
+
+ default:
+ return destination;
+ } // end switch
+ } // end encode3to4
+
+ /**
+ * Serializes an object and returns the Base64-encoded version of that
+ * serialized object. If the object cannot be serialized or there is another
+ * error, the method will return <tt>null</tt>. The object is not
+ * GZip-compressed before being encoded.
+ *
+ * @param serializableObject The object to encode
+ * @return The Base64-encoded object
+ * @since 1.4
+ */
+ public static String encodeObject(java.io.Serializable serializableObject)
+ {
+ return encodeObject(serializableObject, NO_OPTIONS);
+ } // end encodeObject
+
+ /**
+ * Serializes an object and returns the Base64-encoded version of that
+ * serialized object. If the object cannot be serialized or there is another
+ * error, the method will return <tt>null</tt>.
+ * <p>
+ * Valid options:
+ *
+ * <pre>
+ * GZIP: gzip-compresses object before encoding it.
+ * DONT_BREAK_LINES: don't break lines at 76 characters
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
+ * <p>
+ * Example:
+ * <code>encodeObject( myObj, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+ *
+ * @param serializableObject The object to encode
+ * @param options Specified options
+ * @return The Base64-encoded object
+ * @see Base64#GZIP
+ * @see Base64#DONT_BREAK_LINES
+ * @since 2.0
+ */
+ public static String encodeObject(java.io.Serializable serializableObject, int options)
+ {
+ // Streams
+ java.io.ByteArrayOutputStream baos = null;
+ java.io.OutputStream b64os = null;
+ java.io.ObjectOutputStream oos = null;
+ java.util.zip.GZIPOutputStream gzos = null;
+
+ // Isolate options
+ int gzip = (options & GZIP);
+ // int dontBreakLines = (options & DONT_BREAK_LINES);
+
+ try
+ {
+ // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
+ baos = new java.io.ByteArrayOutputStream();
+ b64os = new Base64.OutputStream(baos, ENCODE | options);
+
+ // GZip?
+ if (gzip == GZIP)
+ {
+ gzos = new java.util.zip.GZIPOutputStream(b64os);
+ oos = new java.io.ObjectOutputStream(gzos);
+ } // end if: gzip
+ else
+ oos = new java.io.ObjectOutputStream(b64os);
+
+ oos.writeObject(serializableObject);
+ } // end try
+ catch (java.io.IOException e)
+ {
+ e.printStackTrace();
+ return null;
+ } // end catch
+ finally
+ {
+ try
+ {
+ oos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ gzos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ b64os.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ baos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ // Return value according to relevant encoding.
+ try
+ {
+ return new String(baos.toByteArray(), PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uue)
+ {
+ return new String(baos.toByteArray());
+ } // end catch
+
+ } // end encode
+
+ /**
+ * Encodes a byte array into Base64 notation. Does not GZip-compress data.
+ *
+ * @param source The data to convert
+ * @since 1.4
+ */
+ public static String encodeBytes(byte[] source)
+ {
+ return encodeBytes(source, 0, source.length, NO_OPTIONS);
+ } // end encodeBytes
+
+ /**
+ * Encodes a byte array into Base64 notation.
+ * <p>
+ * Valid options:
+ *
+ * <pre>
+ * GZIP: gzip-compresses object before encoding it.
+ * DONT_BREAK_LINES: don't break lines at 76 characters
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+ * <p>
+ * Example:
+ * <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+ *
+ *
+ * @param source The data to convert
+ * @param options Specified options
+ * @see Base64#GZIP
+ * @see Base64#DONT_BREAK_LINES
+ * @since 2.0
+ */
+ public static String encodeBytes(byte[] source, int options)
+ {
+ return encodeBytes(source, 0, source.length, options);
+ } // end encodeBytes
+
+ /**
+ * Encodes a byte array into Base64 notation. Does not GZip-compress data.
+ *
+ * @param source The data to convert
+ * @param off Offset in array where conversion should begin
+ * @param len Length of data to convert
+ * @since 1.4
+ */
+ public static String encodeBytes(byte[] source, int off, int len)
+ {
+ return encodeBytes(source, off, len, NO_OPTIONS);
+ } // end encodeBytes
+
+ /**
+ * Encodes a byte array into Base64 notation.
+ * <p>
+ * Valid options:
+ *
+ * <pre>
+ * GZIP: gzip-compresses object before encoding it.
+ * DONT_BREAK_LINES: don't break lines at 76 characters
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+ * <p>
+ * Example:
+ * <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+ *
+ *
+ * @param source The data to convert
+ * @param off Offset in array where conversion should begin
+ * @param len Length of data to convert
+ * @param options Specified options, alphabet type is pulled from this
+ * (standard, url-safe, ordered)
+ * @see Base64#GZIP
+ * @see Base64#DONT_BREAK_LINES
+ * @since 2.0
+ */
+ public static String encodeBytes(byte[] source, int off, int len, int options)
+ {
+ // Isolate options
+ int dontBreakLines = (options & DONT_BREAK_LINES);
+ int gzip = (options & GZIP);
+
+ // Compress?
+ if (gzip == GZIP)
+ {
+ java.io.ByteArrayOutputStream baos = null;
+ java.util.zip.GZIPOutputStream gzos = null;
+ Base64.OutputStream b64os = null;
+
+ try
+ {
+ // GZip -> Base64 -> ByteArray
+ baos = new java.io.ByteArrayOutputStream();
+ b64os = new Base64.OutputStream(baos, ENCODE | options);
+ gzos = new java.util.zip.GZIPOutputStream(b64os);
+
+ gzos.write(source, off, len);
+ gzos.close();
+ } // end try
+ catch (java.io.IOException e)
+ {
+ e.printStackTrace();
+ return null;
+ } // end catch
+ finally
+ {
+ try
+ {
+ gzos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ b64os.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ baos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ // Return value according to relevant encoding.
+ try
+ {
+ return new String(baos.toByteArray(), PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uue)
+ {
+ return new String(baos.toByteArray());
+ } // end catch
+ } // end if: compress
+
+ // Else, don't compress. Better not to use streams at all then.
+ else
+ {
+ // Convert option to boolean in way that code likes it.
+ boolean breakLines = dontBreakLines == 0;
+
+ int len43 = len * 4 / 3;
+ byte[] outBuff = new byte[(len43) // Main 4:3
+ + ((len % 3) > 0 ? 4 : 0) // Account for padding
+ + (breakLines ? (len43 / MAX_LINE_LENGTH) : 0)]; // New lines
+ int d = 0;
+ int e = 0;
+ int len2 = len - 2;
+ int lineLength = 0;
+ for (; d < len2; d += 3, e += 4)
+ {
+ encode3to4(source, d + off, 3, outBuff, e, options);
+
+ lineLength += 4;
+ if (breakLines && lineLength == MAX_LINE_LENGTH)
+ {
+ outBuff[e + 4] = NEW_LINE;
+ e++;
+ lineLength = 0;
+ } // end if: end of line
+ } // en dfor: each piece of array
+
+ if (d < len)
+ {
+ encode3to4(source, d + off, len - d, outBuff, e, options);
+ e += 4;
+ } // end if: some padding needed
+
+ // Return value according to relevant encoding.
+ try
+ {
+ return new String(outBuff, 0, e, PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uue)
+ {
+ return new String(outBuff, 0, e);
+ } // end catch
+
+ } // end else: don't compress
+
+ } // end encodeBytes
+
+ /* ******** D E C O D I N G M E T H O D S ******** */
+
+ /**
+ * Decodes four bytes from array <var>source</var> and writes the resulting
+ * bytes (up to three of them) to <var>destination</var>. The source and
+ * destination arrays can be manipulated anywhere along their length by
+ * specifying <var>srcOffset</var> and <var>destOffset</var>. This method
+ * does not check to make sure your arrays are large enough to accomodate
+ * <var>srcOffset</var> + 4 for the <var>source</var> array or
+ * <var>destOffset</var> + 3 for the <var>destination</var> array. This
+ * method returns the actual number of bytes that were converted from the
+ * Base64 encoding.
+ * <p>
+ * This is the lowest level of the decoding methods with all possible
+ * parameters.
+ * </p>
+ *
+ *
+ * @param source the array to convert
+ * @param srcOffset the index where conversion begins
+ * @param destination the array to hold the conversion
+ * @param destOffset the index where output will be put
+ * @param options alphabet type is pulled from this (standard, url-safe,
+ * ordered)
+ * @return the number of decoded bytes converted
+ * @since 1.3
+ */
+ private static int decode4to3(byte[] source, int srcOffset, byte[] destination, int destOffset, int options)
+ {
+ byte[] DECODABET = getDecodabet(options);
+
+ // Example: Dk==
+ if (source[srcOffset + 2] == EQUALS_SIGN)
+ {
+ // Two ways to do the same thing. Don't know which way I like best.
+ // int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+ // | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
+ int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18) | ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12);
+
+ destination[destOffset] = (byte) (outBuff >>> 16);
+ return 1;
+ }
+
+ // Example: DkL=
+ else if (source[srcOffset + 3] == EQUALS_SIGN)
+ {
+ // Two ways to do the same thing. Don't know which way I like best.
+ // int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+ // | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+ // | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
+ int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18) | ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12) | ((DECODABET[source[srcOffset + 2]] & 0xFF) << 6);
+
+ destination[destOffset] = (byte) (outBuff >>> 16);
+ destination[destOffset + 1] = (byte) (outBuff >>> 8);
+ return 2;
+ }
+
+ // Example: DkLE
+ else
+ {
+ try
+ {
+ // Two ways to do the same thing. Don't know which way I like best.
+ // int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6
+ // )
+ // | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+ // | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
+ // | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
+ int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18) | ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12) | ((DECODABET[source[srcOffset + 2]] & 0xFF) << 6) | ((DECODABET[source[srcOffset + 3]] & 0xFF));
+
+ destination[destOffset] = (byte) (outBuff >> 16);
+ destination[destOffset + 1] = (byte) (outBuff >> 8);
+ destination[destOffset + 2] = (byte) (outBuff);
+
+ return 3;
+ }
+ catch (Exception e)
+ {
+ // System.out.println(""+source[srcOffset]+ ": " + ( DECODABET[
+ // source[ srcOffset ] ] ) );
+ // System.out.println(""+source[srcOffset+1]+ ": " + ( DECODABET[
+ // source[ srcOffset + 1 ] ] ) );
+ // System.out.println(""+source[srcOffset+2]+ ": " + ( DECODABET[
+ // source[ srcOffset + 2 ] ] ) );
+ // System.out.println(""+source[srcOffset+3]+ ": " + ( DECODABET[
+ // source[ srcOffset + 3 ] ] ) );
+ return -1;
+ } // end catch
+ }
+ } // end decodeToBytes
+
+ /**
+ * Very low-level access to decoding ASCII characters in the form of a byte
+ * array. Does not support automatically gunzipping or any other "fancy"
+ * features.
+ *
+ * @param source The Base64 encoded data
+ * @param off The offset of where to begin decoding
+ * @param len The length of characters to decode
+ * @return decoded data
+ * @since 1.3
+ */
+ public static byte[] decode(byte[] source, int off, int len, int options)
+ {
+ byte[] DECODABET = getDecodabet(options);
+
+ int len34 = len * 3 / 4;
+ byte[] outBuff = new byte[len34]; // Upper limit on size of output
+ int outBuffPosn = 0;
+
+ byte[] b4 = new byte[4];
+ int b4Posn = 0;
+ int i = 0;
+ byte sbiCrop = 0;
+ byte sbiDecode = 0;
+ for (i = off; i < off + len; i++)
+ {
+ sbiCrop = (byte) (source[i] & 0x7f); // Only the low seven bits
+ sbiDecode = DECODABET[sbiCrop];
+
+ if (sbiDecode >= WHITE_SPACE_ENC) // White space, Equals sign or better
+ {
+ if (sbiDecode >= EQUALS_SIGN_ENC)
+ {
+ b4[b4Posn++] = sbiCrop;
+ if (b4Posn > 3)
+ {
+ outBuffPosn += decode4to3(b4, 0, outBuff, outBuffPosn, options);
+ b4Posn = 0;
+
+ // If that was the equals sign, break out of 'for' loop
+ if (sbiCrop == EQUALS_SIGN)
+ break;
+ } // end if: quartet built
+
+ } // end if: equals sign or better
+
+ } // end if: white space, equals sign or better
+ else
+ {
+ System.err.println("Bad Base64 input character at " + i + ": " + source[i] + "(decimal)");
+ return null;
+ } // end else:
+ } // each input character
+
+ byte[] out = new byte[outBuffPosn];
+ System.arraycopy(outBuff, 0, out, 0, outBuffPosn);
+ return out;
+ } // end decode
+
+ /**
+ * Decodes data from Base64 notation, automatically detecting gzip-compressed
+ * data and decompressing it.
+ *
+ * @param s the string to decode
+ * @return the decoded data
+ * @since 1.4
+ */
+ public static byte[] decode(String s)
+ {
+ return decode(s, NO_OPTIONS);
+ }
+
+ /**
+ * Decodes data from Base64 notation, automatically detecting gzip-compressed
+ * data and decompressing it.
+ *
+ * @param s the string to decode
+ * @param options encode options such as URL_SAFE
+ * @return the decoded data
+ * @since 1.4
+ */
+ public static byte[] decode(String s, int options)
+ {
+ byte[] bytes;
+ try
+ {
+ bytes = s.getBytes(PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uee)
+ {
+ bytes = s.getBytes();
+ } // end catch
+ // </change>
+
+ // Decode
+ bytes = decode(bytes, 0, bytes.length, options);
+
+ // Check to see if it's gzip-compressed
+ // GZIP Magic Two-Byte Number: 0x8b1f (35615)
+ if (bytes != null && bytes.length >= 4)
+ {
+
+ int head = (bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);
+ if (java.util.zip.GZIPInputStream.GZIP_MAGIC == head)
+ {
+ java.io.ByteArrayInputStream bais = null;
+ java.util.zip.GZIPInputStream gzis = null;
+ java.io.ByteArrayOutputStream baos = null;
+ byte[] buffer = new byte[2048];
+ int length = 0;
+
+ try
+ {
+ baos = new java.io.ByteArrayOutputStream();
+ bais = new java.io.ByteArrayInputStream(bytes);
+ gzis = new java.util.zip.GZIPInputStream(bais);
+
+ while ((length = gzis.read(buffer)) >= 0)
+ {
+ baos.write(buffer, 0, length);
+ } // end while: reading input
+
+ // No error? Get new bytes.
+ bytes = baos.toByteArray();
+
+ } // end try
+ catch (java.io.IOException e)
+ {
+ // Just return originally-decoded bytes
+ } // end catch
+ finally
+ {
+ try
+ {
+ baos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ gzis.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ bais.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ } // end if: gzipped
+ } // end if: bytes.length >= 2
+
+ return bytes;
+ } // end decode
+
+ /**
+ * Attempts to decode Base64 data and deserialize a Java Object within.
+ * Returns <tt>null</tt> if there was an error.
+ *
+ * @param encodedObject The Base64 data to decode
+ * @return The decoded and deserialized object
+ * @since 1.5
+ */
+ public static Object decodeToObject(String encodedObject)
+ {
+ // Decode and gunzip if necessary
+ byte[] objBytes = decode(encodedObject);
+
+ java.io.ByteArrayInputStream bais = null;
+ java.io.ObjectInputStream ois = null;
+ Object obj = null;
+
+ try
+ {
+ bais = new java.io.ByteArrayInputStream(objBytes);
+ ois = new java.io.ObjectInputStream(bais);
+
+ obj = ois.readObject();
+ } // end try
+ catch (java.io.IOException e)
+ {
+ e.printStackTrace();
+ obj = null;
+ } // end catch
+ catch (java.lang.ClassNotFoundException e)
+ {
+ e.printStackTrace();
+ obj = null;
+ } // end catch
+ finally
+ {
+ try
+ {
+ bais.close();
+ }
+ catch (Exception e)
+ {
+ }
+ try
+ {
+ ois.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ return obj;
+ } // end decodeObject
+
+ /**
+ * Convenience method for encoding data to a file.
+ *
+ * @param dataToEncode byte array of data to encode in base64 form
+ * @param filename Filename for saving encoded data
+ * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
+ *
+ * @since 2.1
+ */
+ public static boolean encodeToFile(byte[] dataToEncode, String filename)
+ {
+ boolean success = false;
+ Base64.OutputStream bos = null;
+ try
+ {
+ bos = new Base64.OutputStream(new java.io.FileOutputStream(filename), Base64.ENCODE);
+ bos.write(dataToEncode);
+ success = true;
+ } // end try
+ catch (java.io.IOException e)
+ {
+
+ success = false;
+ } // end catch: IOException
+ finally
+ {
+ try
+ {
+ bos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ return success;
+ } // end encodeToFile
+
+ /**
+ * Convenience method for decoding data to a file.
+ *
+ * @param dataToDecode Base64-encoded data as a string
+ * @param filename Filename for saving decoded data
+ * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
+ *
+ * @since 2.1
+ */
+ public static boolean decodeToFile(String dataToDecode, String filename)
+ {
+ boolean success = false;
+ Base64.OutputStream bos = null;
+ try
+ {
+ bos = new Base64.OutputStream(new java.io.FileOutputStream(filename), Base64.DECODE);
+ bos.write(dataToDecode.getBytes(PREFERRED_ENCODING));
+ success = true;
+ } // end try
+ catch (java.io.IOException e)
+ {
+ success = false;
+ } // end catch: IOException
+ finally
+ {
+ try
+ {
+ bos.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ return success;
+ } // end decodeToFile
+
+ /**
+ * Convenience method for reading a base64-encoded file and decoding it.
+ *
+ * @param filename Filename for reading encoded data
+ * @return decoded byte array or null if unsuccessful
+ *
+ * @since 2.1
+ */
+ public static byte[] decodeFromFile(String filename)
+ {
+ byte[] decodedData = null;
+ Base64.InputStream bis = null;
+ try
+ {
+ // Set up some useful variables
+ java.io.File file = new java.io.File(filename);
+ byte[] buffer = null;
+ int length = 0;
+ int numBytes = 0;
+
+ // Check for size of file
+ if (file.length() > Integer.MAX_VALUE)
+ {
+ System.err.println("File is too big for this convenience method (" + file.length() + " bytes).");
+ return null;
+ } // end if: file too big for int index
+ buffer = new byte[(int) file.length()];
+
+ // Open a stream
+ bis = new Base64.InputStream(new java.io.BufferedInputStream(new java.io.FileInputStream(file)), Base64.DECODE);
+
+ // Read until done
+ while ((numBytes = bis.read(buffer, length, 4096)) >= 0)
+ length += numBytes;
+
+ // Save in a variable to return
+ decodedData = new byte[length];
+ System.arraycopy(buffer, 0, decodedData, 0, length);
+
+ } // end try
+ catch (java.io.IOException e)
+ {
+ System.err.println("Error decoding from file " + filename);
+ } // end catch: IOException
+ finally
+ {
+ try
+ {
+ bis.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ return decodedData;
+ } // end decodeFromFile
+
+ /**
+ * Convenience method for reading a binary file and base64-encoding it.
+ *
+ * @param filename Filename for reading binary data
+ * @return base64-encoded string or null if unsuccessful
+ *
+ * @since 2.1
+ */
+ public static String encodeFromFile(String filename)
+ {
+ String encodedData = null;
+ Base64.InputStream bis = null;
+ try
+ {
+ // Set up some useful variables
+ java.io.File file = new java.io.File(filename);
+ byte[] buffer = new byte[Math.max((int) (file.length() * 1.4), 40)]; // Need
+ // max()
+ // for
+ // math
+ // on
+ // small
+ // files
+ // (v2.2.1)
+ int length = 0;
+ int numBytes = 0;
+
+ // Open a stream
+ bis = new Base64.InputStream(new java.io.BufferedInputStream(new java.io.FileInputStream(file)), Base64.ENCODE);
+
+ // Read until done
+ while ((numBytes = bis.read(buffer, length, 4096)) >= 0)
+ length += numBytes;
+
+ // Save in a variable to return
+ encodedData = new String(buffer, 0, length, Base64.PREFERRED_ENCODING);
+
+ } // end try
+ catch (java.io.IOException e)
+ {
+ System.err.println("Error encoding from file " + filename);
+ } // end catch: IOException
+ finally
+ {
+ try
+ {
+ bis.close();
+ }
+ catch (Exception e)
+ {
+ }
+ } // end finally
+
+ return encodedData;
+ } // end encodeFromFile
+
+ /**
+ * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
+ *
+ * @param infile Input file
+ * @param outfile Output file
+ * @since 2.2
+ */
+ public static void encodeFileToFile(String infile, String outfile)
+ {
+ String encoded = Base64.encodeFromFile(infile);
+ java.io.OutputStream out = null;
+ try
+ {
+ out = new java.io.BufferedOutputStream(new java.io.FileOutputStream(outfile));
+ out.write(encoded.getBytes("US-ASCII")); // Strict, 7-bit output.
+ } // end try
+ catch (java.io.IOException ex)
+ {
+ ex.printStackTrace();
+ } // end catch
+ finally
+ {
+ try
+ {
+ out.close();
+ }
+ catch (Exception ex)
+ {
+ }
+ } // end finally
+ } // end encodeFileToFile
+
+ /**
+ * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
+ *
+ * @param infile Input file
+ * @param outfile Output file
+ * @since 2.2
+ */
+ public static void decodeFileToFile(String infile, String outfile)
+ {
+ byte[] decoded = Base64.decodeFromFile(infile);
+ java.io.OutputStream out = null;
+ try
+ {
+ out = new java.io.BufferedOutputStream(new java.io.FileOutputStream(outfile));
+ out.write(decoded);
+ } // end try
+ catch (java.io.IOException ex)
+ {
+ ex.printStackTrace();
+ } // end catch
+ finally
+ {
+ try
+ {
+ out.close();
+ }
+ catch (Exception ex)
+ {
+ }
+ } // end finally
+ } // end decodeFileToFile
+
+ /* ******** I N N E R C L A S S I N P U T S T R E A M ******** */
+
+ /**
+ * A {@link Base64.InputStream} will read data from another
+ * <tt>java.io.InputStream</tt>, given in the constructor, and encode/decode
+ * to/from Base64 notation on the fly.
+ *
+ * @see Base64
+ * @since 1.3
+ */
+ public static class InputStream extends java.io.FilterInputStream
+ {
+ private boolean encode; // Encoding or decoding
+ private int position; // Current position in the buffer
+ private byte[] buffer; // Small buffer holding converted data
+ private int bufferLength; // Length of buffer (3 or 4)
+ private int numSigBytes; // Number of meaningful bytes in the buffer
+ private int lineLength;
+ private boolean breakLines; // Break lines at less than 80 characters
+ private int options; // Record options used to create the stream.
+ // private byte[] alphabet; // Local copies to avoid extra method calls
+ private byte[] decodabet; // Local copies to avoid extra method calls
+
+ /**
+ * Constructs a {@link Base64.InputStream} in DECODE mode.
+ *
+ * @param in the <tt>java.io.InputStream</tt> from which to read data.
+ * @since 1.3
+ */
+ public InputStream(java.io.InputStream in)
+ {
+ this(in, DECODE);
+ } // end constructor
+
+ /**
+ * Constructs a {@link Base64.InputStream} in either ENCODE or DECODE
+ * mode.
+ * <p>
+ * Valid options:
+ *
+ * <pre>
+ * ENCODE or DECODE: Encode or Decode as data is read.
+ * DONT_BREAK_LINES: don't break lines at 76 characters
+ * (only meaningful when encoding)
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
+ *
+ *
+ * @param in the <tt>java.io.InputStream</tt> from which to read data.
+ * @param options Specified options
+ * @see Base64#ENCODE
+ * @see Base64#DECODE
+ * @see Base64#DONT_BREAK_LINES
+ * @since 2.0
+ */
+ public InputStream(java.io.InputStream in, int options)
+ {
+ super(in);
+ this.breakLines = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
+ this.encode = (options & ENCODE) == ENCODE;
+ this.bufferLength = encode ? 4 : 3;
+ this.buffer = new byte[bufferLength];
+ this.position = -1;
+ this.lineLength = 0;
+ this.options = options; // Record for later, mostly to determine which
+ // alphabet to use
+ // this.alphabet = getAlphabet(options);
+ this.decodabet = getDecodabet(options);
+ } // end constructor
+
+ /**
+ * Reads enough of the input stream to convert to/from Base64 and returns
+ * the next byte.
+ *
+ * @return next byte
+ * @since 1.3
+ */
+ @Override
+ public int read() throws java.io.IOException
+ {
+ // Do we need to get data?
+ if (position < 0)
+ {
+ if (encode)
+ {
+ byte[] b3 = new byte[3];
+ int numBinaryBytes = 0;
+ for (int i = 0; i < 3; i++)
+ {
+ try
+ {
+ int b = in.read();
+
+ // If end of stream, b is -1.
+ if (b >= 0)
+ {
+ b3[i] = (byte) b;
+ numBinaryBytes++;
+ } // end if: not end of stream
+
+ } // end try: read
+ catch (java.io.IOException e)
+ {
+ // Only a problem if we got no data at all.
+ if (i == 0)
+ throw e;
+
+ } // end catch
+ } // end for: each needed input byte
+
+ if (numBinaryBytes > 0)
+ {
+ encode3to4(b3, 0, numBinaryBytes, buffer, 0, options);
+ position = 0;
+ numSigBytes = 4;
+ } // end if: got data
+ else
+ {
+ return -1;
+ } // end else
+ } // end if: encoding
+
+ // Else decoding
+ else
+ {
+ byte[] b4 = new byte[4];
+ int i = 0;
+ for (i = 0; i < 4; i++)
+ {
+ // Read four "meaningful" bytes:
+ int b = 0;
+ do
+ {
+ b = in.read();
+ }
+ while (b >= 0 && decodabet[b & 0x7f] <= WHITE_SPACE_ENC);
+
+ if (b < 0)
+ break; // Reads a -1 if end of stream
+
+ b4[i] = (byte) b;
+ } // end for: each needed input byte
+
+ if (i == 4)
+ {
+ numSigBytes = decode4to3(b4, 0, buffer, 0, options);
+ position = 0;
+ } // end if: got four characters
+ else if (i == 0)
+ {
+ return -1;
+ } // end else if: also padded correctly
+ else
+ {
+ // Must have broken out from above.
+ throw new java.io.IOException("Improperly padded Base64 input.");
+ } // end
+
+ } // end else: decode
+ } // end else: get data
+
+ // Got data?
+ if (position >= 0)
+ {
+ // End of relevant data?
+ if ( /* !encode && */position >= numSigBytes)
+ return -1;
+
+ if (encode && breakLines && lineLength >= MAX_LINE_LENGTH)
+ {
+ lineLength = 0;
+ return '\n';
+ } // end if
+ else
+ {
+ lineLength++; // This isn't important when decoding
+ // but throwing an extra "if" seems
+ // just as wasteful.
+
+ int b = buffer[position++];
+
+ if (position >= bufferLength)
+ position = -1;
+
+ return b & 0xFF; // This is how you "cast" a byte that's
+ // intended to be unsigned.
+ } // end else
+ } // end if: position >= 0
+
+ // Else error
+ else
+ {
+ // When JDK1.4 is more accepted, use an assertion here.
+ throw new java.io.IOException("Error in Base64 code reading stream.");
+ } // end else
+ } // end read
+
+ /**
+ * Calls {@link #read()} repeatedly until the end of stream is reached or
+ * <var>len</var> bytes are read. Returns number of bytes read into array
+ * or -1 if end of stream is encountered.
+ *
+ * @param dest array to hold values
+ * @param off offset for array
+ * @param len max number of bytes to read into array
+ * @return bytes read into array or -1 if end of stream is encountered.
+ * @since 1.3
+ */
+ @Override
+ public int read(byte[] dest, int off, int len) throws java.io.IOException
+ {
+ int i;
+ int b;
+ for (i = 0; i < len; i++)
+ {
+ b = read();
+
+ // if( b < 0 && i == 0 )
+ // return -1;
+
+ if (b >= 0)
+ dest[off + i] = (byte) b;
+ else if (i == 0)
+ return -1;
+ else
+ break; // Out of 'for' loop
+ } // end for: each byte read
+ return i;
+ } // end read
+
+ } // end inner class InputStream
+
+ /* ******** I N N E R C L A S S O U T P U T S T R E A M ******** */
+
+ /**
+ * A {@link Base64.OutputStream} will write data to another
+ * <tt>java.io.OutputStream</tt>, given in the constructor, and encode/decode
+ * to/from Base64 notation on the fly.
+ *
+ * @see Base64
+ * @since 1.3
+ */
+ public static class OutputStream extends java.io.FilterOutputStream
+ {
+ private boolean encode;
+ private int position;
+ private byte[] buffer;
+ private int bufferLength;
+ private int lineLength;
+ private boolean breakLines;
+ private byte[] b4; // Scratch used in a few places
+ private boolean suspendEncoding;
+ private int options; // Record for later
+ // private byte[] alphabet; // Local copies to avoid extra method calls
+ private byte[] decodabet; // Local copies to avoid extra method calls
+
+ /**
+ * Constructs a {@link Base64.OutputStream} in ENCODE mode.
+ *
+ * @param out the <tt>java.io.OutputStream</tt> to which data will be
+ * written.
+ * @since 1.3
+ */
+ public OutputStream(java.io.OutputStream out)
+ {
+ this(out, ENCODE);
+ } // end constructor
+
+ /**
+ * Constructs a {@link Base64.OutputStream} in either ENCODE or DECODE
+ * mode.
+ * <p>
+ * Valid options:
+ *
+ * <pre>
+ * ENCODE or DECODE: Encode or Decode as data is read.
+ * DONT_BREAK_LINES: don't break lines at 76 characters
+ * (only meaningful when encoding)
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
+ *
+ * @param out the <tt>java.io.OutputStream</tt> to which data will be
+ * written.
+ * @param options Specified options.
+ * @see Base64#ENCODE
+ * @see Base64#DECODE
+ * @see Base64#DONT_BREAK_LINES
+ * @since 1.3
+ */
+ public OutputStream(java.io.OutputStream out, int options)
+ {
+ super(out);
+ this.breakLines = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
+ this.encode = (options & ENCODE) == ENCODE;
+ this.bufferLength = encode ? 3 : 4;
+ this.buffer = new byte[bufferLength];
+ this.position = 0;
+ this.lineLength = 0;
+ this.suspendEncoding = false;
+ this.b4 = new byte[4];
+ this.options = options;
+ // this.alphabet = getAlphabet(options);
+ this.decodabet = getDecodabet(options);
+ } // end constructor
+
+ /**
+ * Writes the byte to the output stream after converting to/from Base64
+ * notation. When encoding, bytes are buffered three at a time before the
+ * output stream actually gets a write() call. When decoding, bytes are
+ * buffered four at a time.
+ *
+ * @param theByte the byte to write
+ * @since 1.3
+ */
+ @Override
+ public void write(int theByte) throws java.io.IOException
+ {
+ // Encoding suspended?
+ if (suspendEncoding)
+ {
+ super.out.write(theByte);
+ return;
+ } // end if: supsended
+
+ // Encode?
+ if (encode)
+ {
+ buffer[position++] = (byte) theByte;
+ if (position >= bufferLength) // Enough to encode.
+ {
+ out.write(encode3to4(b4, buffer, bufferLength, options));
+
+ lineLength += 4;
+ if (breakLines && lineLength >= MAX_LINE_LENGTH)
+ {
+ out.write(NEW_LINE);
+ lineLength = 0;
+ } // end if: end of line
+
+ position = 0;
+ } // end if: enough to output
+ } // end if: encoding
+
+ // Else, Decoding
+ else
+ {
+ // Meaningful Base64 character?
+ if (decodabet[theByte & 0x7f] > WHITE_SPACE_ENC)
+ {
+ buffer[position++] = (byte) theByte;
+ if (position >= bufferLength) // Enough to output.
+ {
+ int len = Base64.decode4to3(buffer, 0, b4, 0, options);
+ out.write(b4, 0, len);
+ // out.write( Base64.decode4to3( buffer ) );
+ position = 0;
+ } // end if: enough to output
+ } // end if: meaningful base64 character
+ else if (decodabet[theByte & 0x7f] != WHITE_SPACE_ENC)
+ {
+ throw new java.io.IOException("Invalid character in Base64 data.");
+ } // end else: not white space either
+ } // end else: decoding
+ } // end write
+
+ /**
+ * Calls {@link #write(int)} repeatedly until <var>len</var> bytes are
+ * written.
+ *
+ * @param theBytes array from which to read bytes
+ * @param off offset for array
+ * @param len max number of bytes to read into array
+ * @since 1.3
+ */
+ @Override
+ public void write(byte[] theBytes, int off, int len) throws java.io.IOException
+ {
+ // Encoding suspended?
+ if (suspendEncoding)
+ {
+ super.out.write(theBytes, off, len);
+ return;
+ } // end if: supsended
+
+ for (int i = 0; i < len; i++)
+ {
+ write(theBytes[off + i]);
+ } // end for: each byte written
+
+ } // end write
+
+ /**
+ * Method added by PHIL. [Thanks, PHIL. -Rob] This pads the buffer without
+ * closing the stream.
+ */
+ public void flushBase64() throws java.io.IOException
+ {
+ if (position > 0)
+ {
+ if (encode)
+ {
+ out.write(encode3to4(b4, buffer, position, options));
+ position = 0;
+ } // end if: encoding
+ else
+ {
+ throw new java.io.IOException("Base64 input not properly padded.");
+ } // end else: decoding
+ } // end if: buffer partially full
+
+ } // end flush
+
+ /**
+ * Flushes and closes (I think, in the superclass) the stream.
+ *
+ * @since 1.3
+ */
+ @Override
+ public void close() throws java.io.IOException
+ {
+ // 1. Ensure that pending characters are written
+ flushBase64();
+
+ // 2. Actually close the stream
+ // Base class both flushes and closes.
+ super.close();
+
+ buffer = null;
+ out = null;
+ } // end close
+
+ /**
+ * Suspends encoding of the stream. May be helpful if you need to embed a
+ * piece of base640-encoded data in a stream.
+ *
+ * @since 1.5.1
+ */
+ public void suspendEncoding() throws java.io.IOException
+ {
+ flushBase64();
+ this.suspendEncoding = true;
+ } // end suspendEncoding
+
+ /**
+ * Resumes encoding of the stream. May be helpful if you need to embed a
+ * piece of base640-encoded data in a stream.
+ *
+ * @since 1.5.1
+ */
+ public void resumeEncoding()
+ {
+ this.suspendEncoding = false;
+ } // end resumeEncoding
+
+ } // end inner class OutputStream
+
+} // end class Base64
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Base64.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/EntityBean.java (from rev 13608, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/EntityBean.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/EntityBean.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public abstract class EntityBean
+{
+
+ protected String hostName;
+ protected String protocol = "https";
+ protected int port = 443;
+
+ public String getProtocol()
+ {
+ return protocol;
+ }
+
+ public void setProtocol(String protocol)
+ {
+ this.protocol = protocol;
+ }
+
+ public String getHostName()
+ {
+ return hostName;
+ }
+
+ public void setHostName(String hostName)
+ {
+ this.hostName = hostName;
+ }
+
+ public int getPort()
+ {
+ return port;
+ }
+
+ public void setPort(int port)
+ {
+ this.port = port;
+ }
+}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,220 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external.configuration.Configuration;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Seam Servlet Filter supporting SAMLv2 authentication. It implements the Web
- * Browser SSO Profile. For outgoing authentication requests it can use either
- * HTTP Post or HTTP Redirect binding. For the responses, it uses HTTP Post
- * binding, with or without signature validation.
- */
- at WebFilter
-public class ExternalAuthenticationFilter implements Filter
-{
- public static final String IDP_ENTITY_ID_PARAMETER = "idpEntityId";
-
- public static final String RETURN_URL_PARAMETER = "returnUrl";
-
- public static final String OPEN_ID_PARAMETER = "openId";
-
- private final Logger log = LoggerFactory.getLogger(ExternalAuthenticationFilter.class);
-
- @Inject
- private Configuration configuration;
-
- @Inject
- private SamlMessageReceiver samlMessageReceiver;
-
- @Inject
- private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
-
- @Inject
- private SamlSingleSignOnSender samlSingleSignOnSender;
-
- @Inject
- private OpenIdSingleLoginSender openIdSingleLoginSender;
-
- @Inject
- private SamlSingleLogoutSender samlSingleLogoutSender;
-
- @Inject
- private SamlMetaDataProvider samlMetaDataProvider;
-
- @Inject
- private OpenIdXrdsProvider openIdXrdsProvider;
-
- @Inject
- private Instance<Identity> identity;
-
- public void init(FilterConfig filterConfig) throws ServletException
- {
- configuration.setContextRoot(filterConfig.getServletContext().getContextPath());
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException
- {
- if (!(request instanceof HttpServletRequest))
- {
- throw new ServletException("This filter can only process HttpServletRequest requests");
- }
-
- final HttpServletRequest httpRequest = (HttpServletRequest) request;
- final HttpServletResponse httpResponse = (HttpServletResponse) response;
-
- final ExternalAuthenticationService service = determineService(httpRequest);
-
- if (service != null)
- {
- try
- {
- doFilter(httpRequest, httpResponse, service);
- }
- catch (InvalidRequestException e)
- {
- httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- if (log.isInfoEnabled())
- {
- log.info("Bad request received from {0} ({1})", new Object[] { e.getCause(), httpRequest.getRemoteHost(), e.getDescription() });
- }
- }
- }
- else
- {
- // Request is not related to external authentication. Pass the request
- // on to
- // the next filter in the chain.
- chain.doFilter(httpRequest, httpResponse);
- }
- }
-
- private void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, ExternalAuthenticationService service) throws InvalidRequestException, IOException, ServletException
- {
- switch (service)
- {
- case OPEN_ID_SERVICE:
- openIdSingleLoginReceiver.handleIncomingMessage(httpRequest, httpResponse);
- break;
- case SAML_SINGLE_LOGOUT_SERVICE:
- samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_LOGOUT, httpRequest, httpResponse);
- break;
- case SAML_ASSERTION_CONSUMER_SERVICE:
- samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_SIGN_ON, httpRequest, httpResponse);
- break;
- case AUTHENTICATION_SERVICE:
- String returnUrl = httpRequest.getParameter(RETURN_URL_PARAMETER);
-
- String providerName = httpRequest.getParameter(IDP_ENTITY_ID_PARAMETER);
- if (providerName != null)
- {
- SamlIdentityProvider identityProvider = configuration.getServiceProvider().getSamlConfiguration().getSamlIdentityProviderByEntityId(providerName);
-
- // User requested a page for which login is required. Return a page
- // that instructs the browser to post an authentication request to
- // the IDP.
- if (identityProvider instanceof SamlIdentityProvider)
- {
- samlSingleSignOnSender.sendAuthenticationRequestToIDP(httpRequest, httpResponse, (SamlIdentityProvider) identityProvider, returnUrl);
- }
- else
- {
- throw new RuntimeException("Only SAML identity providers are supported in this version");
- }
- }
- else
- {
- String openId = httpRequest.getParameter(OPEN_ID_PARAMETER);
- openIdSingleLoginSender.sendAuthRequest(openId, returnUrl, httpResponse);
- }
- break;
- case LOGOUT_SERVICE:
- if (!identity.get().isLoggedIn())
- {
- throw new RuntimeException("User not logged in.");
- }
- // FIXME SeamSamlPrincipal principal = (SeamSamlPrincipal)
- // identity.getPrincipal();
- SeamSamlPrincipal principal = (SeamSamlPrincipal) httpRequest.getUserPrincipal();
- SamlIdentityProvider idp = principal.getIdentityProvider();
- if (!(idp instanceof SamlIdentityProvider))
- {
- throw new RuntimeException("Only SAML identity providers are supported in this version");
- }
-
- samlSingleLogoutSender.sendSingleLogoutRequestToIDP(httpRequest, httpResponse, identity.get());
- break;
- case SAML_META_DATA_SERVICE:
-
- samlMetaDataProvider.writeMetaData(httpResponse.getOutputStream());
- httpResponse.setCharacterEncoding("UTF-8");
- httpResponse.setContentType("application/xml");
- httpResponse.flushBuffer();
- break;
- case OPEN_ID_XRDS_SERVICE:
-
- openIdXrdsProvider.writeMetaData(httpResponse.getOutputStream());
- httpResponse.setCharacterEncoding("UTF-8");
- httpResponse.setContentType("application/xrds+xml");
- httpResponse.flushBuffer();
- break;
- default:
- throw new RuntimeException("Unsupported service " + service);
- }
- }
-
- private ExternalAuthenticationService determineService(HttpServletRequest httpRequest)
- {
- String path = ((HttpServletRequest) httpRequest).getRequestURI().replace(".seam", "");
-
- for (ExternalAuthenticationService service : ExternalAuthenticationService.values())
- {
- if (path.endsWith("/" + service.getName()))
- {
- return service;
- }
- }
- return null;
- }
-
- public void destroy()
- {
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-public enum ExternalAuthenticationService
-{
-
- AUTHENTICATION_SERVICE("AuthenticationService"),
-
- LOGOUT_SERVICE("LogoutService"),
-
- SAML_ASSERTION_CONSUMER_SERVICE("AssertionConsumerService"),
-
- SAML_SINGLE_LOGOUT_SERVICE("SingleLogoutService"),
-
- SAML_META_DATA_SERVICE("MetaDataService"),
-
- OPEN_ID_SERVICE("OpenIdService"),
-
- OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
-
- private String name;
-
- private ExternalAuthenticationService(String name)
- {
- this.name = name;
- }
-
- public String getName()
- {
- return name;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,174 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.faces.context.FacesContext;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.annotation.WebFilter;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-
-/**
- * Filter that manages the external authentication of users (using, for example,
- * SAML or OpenID).
- */
- at Named("externalAuthenticator")
- at WebFilter
-// FIXME: page scope
-public class ExternalAuthenticator
-{
- private String returnUrl;
-
- private String openId;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private Identity identity;
-
- public void samlSignOn(String idpEntityId)
- {
- if (serviceProvider.getSamlConfiguration() == null)
- {
- throw new RuntimeException("SAML is not configured.");
- }
-
- SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(idpEntityId);
- if (idp == null)
- {
- throw new RuntimeException("Identity provider " + idpEntityId + " not found");
- }
-
- String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
- Map<String, String> params = new HashMap<String, String>();
- params.put(ExternalAuthenticationFilter.IDP_ENTITY_ID_PARAMETER, idpEntityId);
- params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
- redirect(authenticationServiceURL, params);
- }
-
- public void openIdSignOn()
- {
- openIdSignOn(openId);
- }
-
- public void openIdSignOn(String openId)
- {
- if (serviceProvider.getOpenIdConfiguration() == null)
- {
- throw new RuntimeException("OpenID is not configured.");
- }
- String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
- Map<String, String> params = new HashMap<String, String>();
- params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
- params.put(ExternalAuthenticationFilter.OPEN_ID_PARAMETER, openId);
- redirect(authenticationServiceURL, params);
- }
-
- public void singleLogout()
- {
- if (!identity.isLoggedIn())
- {
- throw new RuntimeException("Not logged in");
- }
- if (false /* FIXME !(identity.getPrincipal() instanceof SeamSamlPrincipal) */)
- {
- throw new RuntimeException("Single logout is only supported for SAML");
- }
- String logoutServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.LOGOUT_SERVICE);
- redirect(logoutServiceURL, null);
- }
-
- private void redirect(String urlBase, Map<String, String> params)
- {
- StringBuilder url = new StringBuilder();
- url.append(urlBase);
- if (params != null && params.size() > 0)
- {
- url.append("?");
- boolean first = true;
- for (Map.Entry<String, String> paramEntry : params.entrySet())
- {
- if (first)
- {
- first = false;
- }
- else
- {
- url.append("&");
- }
- url.append(paramEntry.getKey());
- url.append("=");
- try
- {
- String paramValue = paramEntry.getValue();
- if (paramValue == null || paramValue == "")
- throw new RuntimeException("Param Key:" + paramEntry.getKey() + " has value that is null");
- url.append(URLEncoder.encode(paramValue, "UTF-8"));
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
- }
- }
-
- try
- {
- FacesContext.getCurrentInstance().getExternalContext().redirect(url.toString());
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
-
- }
- }
-
- public String getReturnUrl()
- {
- return returnUrl;
- }
-
- public void setReturnUrl(String returnUrl)
- {
- this.returnUrl = returnUrl;
- }
-
- public String getOpenId()
- {
- return openId;
- }
-
- public void setOpenId(String openId)
- {
- this.openId = openId;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,78 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.security.Principal;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-
- at Named("internalAuthenticator")
-public class InternalAuthenticator
-{
- @Inject
- private Identity identity;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager beanManager;
-
- public boolean authenticate(Principal principal, HttpServletRequest httpRequest)
- {
- List<String> roles = new LinkedList<String>();
- Boolean internallyAuthenticated = null; // FIXME =
- // serviceProvider.getInternalAuthenticationMethod().invoke(principal,
- // roles);
-
- beanManager.fireEvent(new PostAuthenticateEvent());
-
- if (internallyAuthenticated)
- {
- // FIXME identity.acceptExternallyAuthenticatedPrincipal(principal);
-
- for (String role : roles)
- {
- // FIXME identity.addRole(role);
- }
-
- beanManager.fireEvent(new LoggedInEvent(null) /* FIXME: no user */);
- }
- else
- {
- beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
- }
-
- return internallyAuthenticated;
- }
-}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -22,7 +22,8 @@
package org.jboss.seam.security.external;
/**
- * Exception thrown to indicate that the request is invalid.
+ * @author Marcel Kolsteren
+ *
*/
public class InvalidRequestException extends Exception
{
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContext.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContext.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.enterprise.util.Nonbinding;
+import javax.inject.Qualifier;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Qualifier
+ at Target( { TYPE, METHOD, FIELD, PARAMETER })
+ at Retention(RUNTIME)
+public @interface JaxbContext
+{
+ @Nonbinding
+ Class<?>[] value();
+}
\ No newline at end of file
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContext.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContextProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContextProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContextProducer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.enterprise.inject.Produces;
+import javax.enterprise.inject.spi.InjectionPoint;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class JaxbContextProducer
+{
+ @Produces
+ @JaxbContext(Object.class)
+ public JAXBContext getContext(InjectionPoint ip)
+ {
+ JAXBContext jaxbContext;
+ try
+ {
+ Class<?>[] classes = ip.getAnnotated().getAnnotation(JaxbContext.class).value();
+ jaxbContext = JAXBContext.newInstance(classes);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ return jaxbContext;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/JaxbContextProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,32 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-public class LoggedInEvent
-{
-
- public LoggedInEvent(Object object)
- {
- // TODO Auto-generated constructor stub
- }
-
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,48 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.inject.Produces;
-import javax.inject.Inject;
-import javax.inject.Named;
-
-import org.openid4java.consumer.ConsumerManager;
-
- at Named("openIdConsumerManager")
- at ApplicationScoped
-public class OpenIdConsumerManagerFactory
-{
- private ConsumerManager consumerManager;
-
- @Produces
- public ConsumerManager getConsumerManager()
- {
- return consumerManager;
- }
-
- @Inject
- public void startup() throws Exception
- {
- consumerManager = new ConsumerManager();
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.net.URL;
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
-
-public class OpenIdPrincipal implements Principal
-{
- private String identifier;
-
- private URL openIdProvider;
-
- private Map<String, List<String>> attributes;
-
- public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
- {
- super();
- this.identifier = identifier;
- this.openIdProvider = openIdProvider;
- this.attributes = attributes;
- }
-
- public String getName()
- {
- return identifier;
- }
-
- public String getIdentifier()
- {
- return identifier;
- }
-
- public URL getOpenIdProvider()
- {
- return openIdProvider;
- }
-
- public Map<String, List<String>> getAttributes()
- {
- return attributes;
- }
-
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,56 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import javax.enterprise.context.SessionScoped;
-import javax.inject.Named;
-
-import org.openid4java.discovery.DiscoveryInformation;
-
- at Named("openIdRequest")
- at SessionScoped
-public class OpenIdRequest
-{
- private DiscoveryInformation discoveryInformation;
-
- private String returnUrl;
-
- public DiscoveryInformation getDiscoveryInformation()
- {
- return discoveryInformation;
- }
-
- public void setDiscoveryInformation(DiscoveryInformation discoveryInformation)
- {
- this.discoveryInformation = discoveryInformation;
- }
-
- public String getReturnUrl()
- {
- return returnUrl;
- }
-
- public void setReturnUrl(String returnUrl)
- {
- this.returnUrl = returnUrl;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,139 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.List;
-import java.util.Map;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.consumer.VerificationResult;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.discovery.Identifier;
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.ParameterList;
-import org.openid4java.message.ax.AxMessage;
-import org.openid4java.message.ax.FetchResponse;
-
- at Named("openIdSingleLoginReceiver")
-public class OpenIdSingleLoginReceiver
-{
- @Inject
- private OpenIdRequest openIdRequest;
-
- @Inject
- private ConsumerManager openIdConsumerManager;
-
- @Inject
- private InternalAuthenticator internalAuthenticator;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager manager;
-
- @SuppressWarnings("unchecked")
- public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
- {
- try
- {
- // extract the parameters from the authentication response
- // (which comes in as a HTTP request from the OpenID provider)
- ParameterList response = new ParameterList(httpRequest.getParameterMap());
-
- // retrieve the previously stored discovery information
- DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
-
- // extract the receiving URL from the HTTP request
- StringBuffer receivingURL = httpRequest.getRequestURL();
- String queryString = httpRequest.getQueryString();
- if (queryString != null && queryString.length() > 0)
- receivingURL.append("?").append(httpRequest.getQueryString());
-
- // verify the response; ConsumerManager needs to be the same
- // (static) instance used to place the authentication request
- VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
-
- boolean authenticated = true;
-
- // examine the verification result and extract the verified identifier
- Identifier identifier = verification.getVerifiedId();
-
- if (identifier != null)
- {
- AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
-
- Map<String, List<String>> attributes = null;
- if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
- {
- FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
-
- attributes = fetchResp.getAttributes();
- }
-
- OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
-
- authenticated = internalAuthenticator.authenticate(principal, httpRequest);
- }
- else
- {
- manager.fireEvent(new LoginFailedEvent(new LoginException()));
- authenticated = false;
- }
-
- if (authenticated)
- {
- httpResponse.sendRedirect(openIdRequest.getReturnUrl());
- }
- else
- {
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- }
- catch (OpenIDException e)
- {
- throw new RuntimeException(e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
-
- }
-
- private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
- {
- return new OpenIdPrincipal(identifier, openIdProvider, attributes);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,113 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PreAuthenticateEvent;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.config.OpenIdAttributeType;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.message.AuthRequest;
-import org.openid4java.message.ax.FetchRequest;
-
- at Named("org.jboss.seam.security.external.openIdSingleLoginSender")
-public class OpenIdSingleLoginSender
-{
- @Inject
- private OpenIdRequest openIdRequest;
-
- @Inject
- private ConsumerManager openIdConsumerManager;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager manager;
-
- public String sendAuthRequest(String openId, String returnUrl, HttpServletResponse httpResponse)
- {
- try
- {
- @SuppressWarnings("unchecked")
- List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
-
- DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
-
- openIdRequest.setDiscoveryInformation(discovered);
- openIdRequest.setReturnUrl(returnUrl);
-
- String openIdServiceUrl = serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE);
- String realm = serviceProvider.getOpenIdRealm();
- AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
-
- // Request attributes
- List<OpenIdAttributeType> attributes = serviceProvider.getOpenIdConfiguration().getAttributes();
- if (attributes.size() > 0)
- {
- FetchRequest fetch = FetchRequest.createFetchRequest();
- for (OpenIdAttributeType attribute : attributes)
- {
- fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
- }
- // attach the extension to the authentication request
- authReq.addExtension(fetch);
- }
-
- String url = authReq.getDestinationUrl(true);
-
- manager.fireEvent(new PreAuthenticateEvent());
-
- httpResponse.sendRedirect(url);
- }
- catch (OpenIDException e)
- {
- try
- {
- manager.fireEvent(new LoginFailedEvent(new LoginException()));
-
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- catch (IOException e1)
- {
- throw new RuntimeException(e);
- }
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
-
- return null;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,79 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.OutputStream;
-
-import javax.inject.Inject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.xrds.ObjectFactory;
-import org.jboss.seam.security.external.jaxb.xrds.Service;
-import org.jboss.seam.security.external.jaxb.xrds.Type;
-import org.jboss.seam.security.external.jaxb.xrds.URIPriorityAppendPattern;
-import org.jboss.seam.security.external.jaxb.xrds.XRD;
-import org.jboss.seam.security.external.jaxb.xrds.XRDS;
-import org.openid4java.discovery.DiscoveryInformation;
-
-public class OpenIdXrdsProvider
-{
- @Inject
- private ServiceProvider serviceProvider;
-
- public void writeMetaData(OutputStream stream)
- {
- try
- {
- ObjectFactory objectFactory = new ObjectFactory();
-
- XRDS xrds = objectFactory.createXRDS();
-
- XRD xrd = objectFactory.createXRD();
-
- Type type = objectFactory.createType();
- type.setValue(DiscoveryInformation.OPENID2_RP);
- URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
- uri.setValue(serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE));
-
- Service service = objectFactory.createService();
- service.getType().add(type);
- service.getURI().add(uri);
-
- xrd.getService().add(service);
-
- xrds.getOtherelement().add(xrd);
-
- JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external.jaxb.xrds");
- Marshaller marshaller = jaxbContext.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(xrds, stream);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-/**
- * Override of Seam's Pages component. It replaces the login page redirection method with a version
- * that redirects to an URL that is filtered by the SamlAuthenticationFilter.
- */
-
-// FIXME
-
-//@ApplicationScoped
-//@BypassInterceptors
-//@Name("org.jboss.seam.navigation.pages")
-//@Injectstall(precedence = Install.FRAMEWORK, classDependencies = "javax.faces.context.FacesContext")
-//@Startup
-//public class PagesSupportingExternalAuthentication extends Pages
-//{
-// @Override
-// public void redirectToLoginView()
-// {
-// notLoggedIn();
-//
-// HttpServletRequest httpRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
-// .getRequest();
-//
-// StringBuffer returnUrl = httpRequest.getRequestURL();
-//
-// ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component
-// .getInstance(ExternalAuthenticator.class);
-// externalAuthenticator.setReturnUrl(returnUrl.toString());
-//
-// ServiceProvider serviceProvider = Configuration.instance().getServiceProvider();
-//
-// // Use default SAML identity provider, if configured
-// SamlConfiguration samlConfiguration = serviceProvider.getSamlConfiguration();
-// if (samlConfiguration != null && samlConfiguration.getDefaultIdentityProvider() != null)
-// {
-// externalAuthenticator.samlSignOn(samlConfiguration.getDefaultIdentityProvider().getEntityId());
-// }
-// else
-// {
-// // Otherwise, use default OpenId identity provider, if configured
-// OpenIdConfiguration openIdConfiguration = serviceProvider.getOpenIdConfiguration();
-// if (openIdConfiguration != null && openIdConfiguration.getDefaultOpenIdProvider() != null)
-// {
-// externalAuthenticator.openIdSignOn(openIdConfiguration.getDefaultOpenIdProvider());
-// }
-// else
-// {
-// // Otherwise, redirect to the login view, so that the user can choose an IDP
-// if (getLoginViewId() == null)
-// {
-// throw new RuntimeException("Login view id not specified in pages.xml.");
-// }
-// Map<String, Object> parameters = new HashMap<String, Object>();
-// parameters.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
-// FacesManager.instance().redirect(getLoginViewId(), parameters, false);
-// }
-// }
-// }
-// }
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,75 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-
-/**
- * Context of an authentication request.
- *
- */
-public class RequestContext
-{
- private String id;
-
- private SamlIdentityProvider identityProvider;
-
- private String urlToRedirectToAfterLogin;
-
- public RequestContext(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
- {
- super();
- this.id = id;
- this.identityProvider = identityProvider;
- this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
- }
-
- public String getId()
- {
- return id;
- }
-
- public void setId(String id)
- {
- this.id = id;
- }
-
- public SamlIdentityProvider getIdentityProvider()
- {
- return identityProvider;
- }
-
- public void setIdentityProvider(SamlIdentityProvider identityProvider)
- {
- this.identityProvider = identityProvider;
- }
-
- public String getUrlToRedirectToAfterLogin()
- {
- return urlToRedirectToAfterLogin;
- }
-
- public void setUrlToRedirectToAfterLogin(String urlToRedirectToAfterLogin)
- {
- this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,37 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-public enum RequestOrResponse
-{
- REQUEST, RESPONSE;
-
- public boolean isRequest()
- {
- return this == REQUEST;
- }
-
- public boolean isResponse()
- {
- return this == RESPONSE;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.enterprise.context.SessionScoped;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Session scoped component that stores requests that have been sent to the
- * identity provider.
- */
- at SessionScoped
-public class Requests
-{
- private Map<String, RequestContext> requests = new HashMap<String, RequestContext>();
-
- private Logger log = LoggerFactory.getLogger(Requests.class);
-
- public void addRequest(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
- {
- requests.put(id, new RequestContext(id, identityProvider, urlToRedirectToAfterLogin));
- }
-
- public RequestContext getRequest(String id)
- {
- return requests.get(id);
- }
-
- public void removeRequest(String id)
- {
- requests.remove(id);
- }
-
- public void redirect(String id, HttpServletResponse response)
- {
- String requestURL = requests.get(id).getUrlToRedirectToAfterLogin();
- if (requestURL == null)
- {
- throw new RuntimeException("Couldn't find URL to redirect to for request " + id);
- }
- try
- {
- if (log.isDebugEnabled())
- {
- log.debug("Redirecting to " + requestURL);
- }
- response.sendRedirect(requestURL);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,97 @@
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.Writer;
+
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.saml.SamlPostMessage;
+import org.jboss.seam.security.external.saml.SamlRedirectMessage;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class ResponseHandler
+{
+ @Inject
+ private ResponseHolder responseHolder;
+
+ public void sendFormToUserAgent(String destination, SamlPostMessage message)
+ {
+ String key = message.getRequestOrResponse().isRequest() ? SamlRedirectMessage.QSP_SAML_REQUEST : SamlRedirectMessage.QSP_SAML_RESPONSE;
+
+ if (destination == null)
+ throw new IllegalStateException("Destination is null");
+
+ StringBuilder builder = new StringBuilder();
+
+ builder.append("<HTML>");
+ builder.append("<HEAD>");
+ if (message.getRequestOrResponse().isRequest())
+ builder.append("<TITLE>HTTP Post SamlBinding (Request)</TITLE>");
+ else
+ builder.append("<TITLE>HTTP Post SamlBinding Response (Response)</TITLE>");
+
+ builder.append("</HEAD>");
+ builder.append("<BODY Onload=\"document.forms[0].submit()\">");
+
+ builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + message.getSamlMessage() + "\"/>");
+ builder.append("</FORM></BODY></HTML>");
+
+ PrintWriter writer = getWriter();
+ writer.print(builder.toString());
+ writer.flush();
+ }
+
+ public void sendHttpRedirectToUserAgent(String url)
+ {
+ try
+ {
+ responseHolder.getResponse().sendRedirect(url);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void sendHttpRedirectToUserAgent(String location, SamlRedirectMessage redirectMessage)
+ {
+ String url = location + "?" + redirectMessage.createQueryString();
+ sendHttpRedirectToUserAgent(url);
+ }
+
+ public void sendError(int statusCode, String message)
+ {
+ try
+ {
+ responseHolder.getResponse().sendError(statusCode, message);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private PrintWriter getWriter()
+ {
+ try
+ {
+ return responseHolder.getResponse().getWriter();
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public Writer getWriter(String mimeType)
+ {
+ responseHolder.getResponse().setContentType(mimeType);
+ return getWriter();
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.enterprise.context.RequestScoped;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at RequestScoped
+public class ResponseHolderImpl implements ResponseHolder
+{
+ private HttpServletResponse httpServletResponse;
+
+ public HttpServletResponse getResponse()
+ {
+ return httpServletResponse;
+ }
+
+ public void setResponse(HttpServletResponse response)
+ {
+ httpServletResponse = response;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,59 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-public class SamlConstants
-{
- // Query string parameters used by the HTTP_Redirect binding
- public static final String QSP_SAML_REQUEST = "SAMLRequest";
-
- public static final String QSP_SAML_RESPONSE = "SAMLResponse";
-
- public static final String QSP_SIGNATURE = "Signature";
-
- public static final String QSP_SIG_ALG = "SigAlg";
-
- public static final String QSP_RELAY_STATE = "RelayState";
-
- public static final String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
-
- public static final String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
-
- public static final String CONFIRMATION_METHOD_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
-
- public static final String VERSION_2_0 = "2.0";
-
- public static final String PROTOCOL_NSURI = "urn:oasis:names:tc:SAML:2.0:protocol";
-
- public static final String STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
-
- public static final String XMLDSIG_NSURI = "http://www.w3.org/2000/09/xmldsig#";
-
- public static final String SIGNATURE_SHA1_WITH_DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
-
- public static final String SIGNATURE_SHA1_WITH_RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-
- public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
-
- public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
-
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,128 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.util.UUID;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusCodeType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
-
-public class SamlMessageFactory
-{
- @Inject
- private ServiceProvider serviceProvider;
-
- public StatusResponseType createStatusResponse(RequestAbstractType request, String statusCode, String statusMessage)
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
-
- StatusResponseType response = objectFactory.createStatusResponseType();
-
- response.setID(generateId());
- response.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
- issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
- response.setIssuer(issuer);
-
- response.setVersion(SamlConstants.VERSION_2_0);
- response.setInResponseTo(request.getID());
-
- StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
- statusCodeJaxb.setValue(statusCode);
-
- StatusType statusType = objectFactory.createStatusType();
- statusType.setStatusCode(statusCodeJaxb);
- if (statusMessage != null)
- {
- statusType.setStatusMessage(statusMessage);
- }
-
- response.setStatus(statusType);
-
- return response;
- }
-
- public AuthnRequestType createAuthnRequest()
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
-
- AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
-
- authnRequest.setID(generateId());
- authnRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
- issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
- authnRequest.setIssuer(issuer);
-
- authnRequest.setVersion(SamlConstants.VERSION_2_0);
-
- // Fill in the optional fields that indicate where and how the response
- // should be delivered.
- authnRequest.setAssertionConsumerServiceURL(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
- authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-
- return authnRequest;
- }
-
- public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException
- {
- ObjectFactory objectFactory = new ObjectFactory();
- org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
-
- LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
-
- logoutRequest.setID(generateId());
- logoutRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
- NameIDType issuer = assertionObjectFactory.createNameIDType();
- issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
- logoutRequest.setIssuer(issuer);
-
- NameIDType nameID = assertionObjectFactory.createNameIDType();
- nameID.setValue(principal.getNameId().getValue());
- logoutRequest.setNameID(nameID);
-
- logoutRequest.setVersion(SamlConstants.VERSION_2_0);
- logoutRequest.getSessionIndex().add(principal.getSessionIndex());
-
- return logoutRequest;
- }
-
- private String generateId()
- {
- return "ID_" + UUID.randomUUID();
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,279 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.util.zip.Inflater;
-import java.util.zip.InflaterInputStream;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.util.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-public class SamlMessageReceiver
-{
- private static final Logger log = LoggerFactory.getLogger(SamlMessageReceiver.class);
-
- @Inject
- private Requests requests;
-
- @Inject
- private SamlSingleLogoutReceiver samlSingleLogoutReceiver;
-
- @Inject
- private SamlSingleSignOnReceiver samlSingleSignOnReceiver;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
-
- @Inject
- private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
-
- private JAXBContext jaxbContext;
-
- @Inject
- public void init()
- {
- try
- {
- jaxbContext = JAXBContext.newInstance(StatusResponseType.class);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void handleIncomingSamlMessage(SamlProfile samlProfile, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
- {
- String samlRequestParam = httpRequest.getParameter(SamlConstants.QSP_SAML_REQUEST);
- String samlResponseParam = httpRequest.getParameter(SamlConstants.QSP_SAML_RESPONSE);
-
- RequestOrResponse requestOrResponse;
- String samlMessage;
-
- if (samlRequestParam != null && samlResponseParam == null)
- {
- samlMessage = samlRequestParam;
- requestOrResponse = RequestOrResponse.REQUEST;
- }
- else if (samlRequestParam == null && samlResponseParam != null)
- {
- samlMessage = samlResponseParam;
- requestOrResponse = RequestOrResponse.RESPONSE;
- }
- else
- {
- throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
- }
-
- InputStream is;
- if (httpRequest.getMethod().equals("POST"))
- {
- byte[] decodedMessage = Base64.decode(samlMessage);
- is = new ByteArrayInputStream(decodedMessage);
- }
- else
- {
- String urlDecoded;
- try
- {
- urlDecoded = URLDecoder.decode(samlMessage, "UTF-8");
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
- byte[] base64Decoded = Base64.decode(urlDecoded);
- ByteArrayInputStream bais = new ByteArrayInputStream(base64Decoded);
- is = new InflaterInputStream(bais, new Inflater(true));
- }
-
- Document document = getDocument(is);
- String issuerEntityId;
- RequestAbstractType samlRequest = null;
- StatusResponseType samlResponse = null;
- if (requestOrResponse.isRequest())
- {
- samlRequest = getSamlRequest(document);
- issuerEntityId = samlRequest.getIssuer().getValue();
- }
- else
- {
- samlResponse = getSamlResponse(document);
- issuerEntityId = samlResponse.getIssuer().getValue();
- }
- if (log.isDebugEnabled())
- {
- log.debug("Received from IDP: " + SamlUtils.getDocumentAsString(document));
- }
-
- SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(issuerEntityId);
- if (idp == null)
- {
- throw new InvalidRequestException("Received message from unknown idp " + issuerEntityId);
- }
-
- boolean validate;
- if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
- {
- validate = serviceProvider.getSamlConfiguration().isWantAssertionsSigned();
- }
- else
- {
- validate = idp.isSingleLogoutMessagesSigned();
- }
-
- if (validate)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Validating the signature");
- }
- if (httpRequest.getMethod().equals("POST"))
- {
- signatureUtilForPostBinding.validateSignature(idp, document);
- }
- else
- {
- signatureUtilForRedirectBinding.validateSignature(idp, httpRequest, requestOrResponse);
- }
- }
-
- RequestContext requestContext = null;
- if (requestOrResponse.isResponse() && samlResponse.getInResponseTo() != null)
- {
- requestContext = requests.getRequest(samlResponse.getInResponseTo());
- if (requestContext == null)
- {
- throw new InvalidRequestException("No request that corresponds with the received response");
- }
- else if (!(requestContext.getIdentityProvider().equals(idp)))
- {
- throw new InvalidRequestException("Identity provider of request and response do not match");
- }
- }
-
- if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
- {
- if (requestOrResponse.isRequest())
- {
- throw new InvalidRequestException("Assertion consumer service can only process SAML responses");
- }
- else
- {
- samlSingleSignOnReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
- }
- }
- else
- {
- if (requestOrResponse.isRequest())
- {
- samlSingleLogoutReceiver.processIDPRequest(httpRequest, httpResponse, samlRequest, idp);
- }
- else
- {
- samlSingleLogoutReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
- }
- }
- }
-
- private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
- {
- try
- {
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- @SuppressWarnings("unchecked")
- JAXBElement<RequestAbstractType> jaxbRequest = (JAXBElement<RequestAbstractType>) unmarshaller.unmarshal(document);
- RequestAbstractType request = jaxbRequest.getValue();
- return request;
- }
- catch (JAXBException e)
- {
- throw new InvalidRequestException("SAML message could not be parsed", e);
- }
- }
-
- private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
- {
- try
- {
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- @SuppressWarnings("unchecked")
- JAXBElement<StatusResponseType> jaxbResponseType = (JAXBElement<StatusResponseType>) unmarshaller.unmarshal(document);
- StatusResponseType statusResponse = jaxbResponseType.getValue();
- return statusResponse;
- }
- catch (JAXBException e)
- {
- throw new InvalidRequestException("SAML message could not be parsed", e);
- }
- }
-
- private Document getDocument(InputStream is) throws InvalidRequestException
- {
- try
- {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(is);
- }
- catch (ParserConfigurationException e)
- {
- throw new RuntimeException(e);
- }
- catch (SAXException e)
- {
- throw new InvalidRequestException("SAML request could not be parsed", e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,366 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.zip.Deflater;
-import java.util.zip.DeflaterOutputStream;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.seam.security.external.configuration.Binding;
-import org.jboss.seam.security.external.configuration.SamlEndpoint;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.configuration.SamlService;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.util.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-
- at Named("org.picketlink.identity.seam.federation.samlMessageSender")
-public class SamlMessageSender
-{
- private Logger log = LoggerFactory.getLogger(SamlMessageSender.class);
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
-
- @Inject
- private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
-
- private JAXBContext jaxbContextRequestAbstractType;
-
- private JAXBContext jaxbContextStatusResponseType;
-
- @Inject
- public void init()
- {
- try
- {
- jaxbContextRequestAbstractType = JAXBContext.newInstance(RequestAbstractType.class);
- jaxbContextStatusResponseType = JAXBContext.newInstance(StatusResponseType.class);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void sendRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlProfile profile, RequestAbstractType samlRequest)
- {
- Document message = null;
- SamlEndpoint endpoint = null;
- try
- {
- SamlService service = samlIdentityProvider.getService(profile);
- endpoint = service.getEndpointForBinding(Binding.HTTP_Post);
- if (endpoint == null)
- {
- endpoint = service.getEndpointForBinding(Binding.HTTP_Redirect);
- }
- if (endpoint == null)
- {
- throw new RuntimeException("Idp " + samlIdentityProvider.getEntityId() + " has no endpoint found for profile " + profile);
- }
- samlRequest.setDestination(endpoint.getLocation());
-
- JAXBElement<?> requestElement;
- if (samlRequest instanceof AuthnRequestType)
- {
- AuthnRequestType authnRequest = (AuthnRequestType) samlRequest;
- requestElement = new ObjectFactory().createAuthnRequest(authnRequest);
- }
- else if (samlRequest instanceof LogoutRequestType)
- {
- LogoutRequestType logoutRequest = (LogoutRequestType) samlRequest;
- requestElement = new ObjectFactory().createLogoutRequest(logoutRequest);
- }
- else
- {
- throw new RuntimeException("Currently only authentication and logout requests can be sent");
- }
-
- Binder<Node> binder = jaxbContextRequestAbstractType.createBinder();
-
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- DocumentBuilder builder;
- builder = factory.newDocumentBuilder();
- message = builder.newDocument();
-
- binder.marshal(requestElement, message);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new RuntimeException(e);
- }
-
- sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.REQUEST, endpoint);
- }
-
- public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint, StatusResponseType samlResponse)
- {
- Document message = null;
- try
- {
- samlResponse.setDestination(endpoint.getResponseLocation());
-
- JAXBElement<StatusResponseType> responseElement;
- if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
- {
- responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
- }
- else
- {
- throw new RuntimeException("Responses can currently only be created for the single logout service");
- }
-
- Binder<Node> binder = jaxbContextStatusResponseType.createBinder();
-
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- DocumentBuilder builder;
- builder = factory.newDocumentBuilder();
- message = builder.newDocument();
-
- binder.marshal(responseElement, message);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new RuntimeException(e);
- }
-
- sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.RESPONSE, endpoint);
- }
-
- private void sendMessageToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, Document message, RequestOrResponse requestOrResponse, SamlEndpoint endpoint)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Sending over to IDP: " + SamlUtils.getDocumentAsString(message));
- }
-
- try
- {
- boolean signMessage;
- if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_SIGN_ON))
- {
- signMessage = samlIdentityProvider.isWantAuthnRequestsSigned();
- }
- else
- {
- signMessage = samlIdentityProvider.isWantSingleLogoutMessagesSigned();
- }
-
- PrivateKey privateKey = serviceProvider.getSamlConfiguration().getPrivateKey();
-
- if (endpoint.getBinding() == Binding.HTTP_Redirect)
- {
- byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- Deflater deflater = new Deflater(Deflater.DEFLATED, true);
- DeflaterOutputStream deflaterStream = new DeflaterOutputStream(baos, deflater);
- deflaterStream.write(responseBytes);
- deflaterStream.finish();
-
- byte[] deflatedMsg = baos.toByteArray();
- String urlEncodedResponse = Base64.encodeBytes(deflatedMsg);
-
- String finalDest = endpoint.getLocation() + getQueryString(urlEncodedResponse, signMessage, requestOrResponse, privateKey);
- SamlUtils.sendRedirect(finalDest, response);
- }
- else
- {
- if (signMessage)
- {
- PublicKey publicKey = serviceProvider.getSamlConfiguration().getCertificate().getPublicKey();
- signSAMLDocument(message, new KeyPair(publicKey, privateKey));
- }
- byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
-
- String samlResponse = Base64.encodeBytes(responseBytes, Base64.DONT_BREAK_LINES);
-
- sendPost(endpoint.getLocation(), samlResponse, response, requestOrResponse.isRequest());
-
- }
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void signSAMLDocument(Document samlDocument, KeyPair keypair)
- {
- // Get the ID from the root
- String id = samlDocument.getDocumentElement().getAttribute("ID");
-
- String referenceURI = "#" + id;
-
- signatureUtilForPostBinding.sign(samlDocument, keypair, DigestMethod.SHA1, SignatureMethod.RSA_SHA1, referenceURI);
- }
-
- private String getQueryString(String urlEncodedSamlMessage, boolean supportSignature, RequestOrResponse requestOrResponse, PrivateKey signingKey)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?");
-
- if (supportSignature)
- {
- try
- {
- sb.append(getURLWithSignature(requestOrResponse, urlEncodedSamlMessage, signingKey));
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new RuntimeException(e);
- }
- }
- else
- {
- if (requestOrResponse == RequestOrResponse.REQUEST)
- {
- sb.append(SamlConstants.QSP_SAML_REQUEST);
- }
- else
- {
- sb.append(SamlConstants.QSP_SAML_RESPONSE);
- }
- sb.append("=").append(urlEncodedSamlMessage);
- }
- return sb.toString();
- }
-
- private void sendPost(String destination, String samlMessage, HttpServletResponse response, boolean request) throws IOException
- {
- String key = request ? SamlConstants.QSP_SAML_REQUEST : SamlConstants.QSP_SAML_RESPONSE;
-
- if (destination == null)
- throw new IllegalStateException("Destination is null");
-
- response.setContentType("text/html");
- PrintWriter out = response.getWriter();
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-Control", "no-cache, no-store");
- StringBuilder builder = new StringBuilder();
-
- builder.append("<HTML>");
- builder.append("<HEAD>");
- if (request)
- builder.append("<TITLE>HTTP Post Binding (Request)</TITLE>");
- else
- builder.append("<TITLE>HTTP Post Binding Response (Response)</TITLE>");
-
- builder.append("</HEAD>");
- builder.append("<BODY Onload=\"document.forms[0].submit()\">");
-
- builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
- builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + samlMessage + "\"/>");
- builder.append("</FORM></BODY></HTML>");
-
- String str = builder.toString();
- out.println(str);
- out.close();
- }
-
- private String getURLWithSignature(RequestOrResponse requestOrResponse, String urlEncodedResponse, PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- String messageParameter;
- if (requestOrResponse == RequestOrResponse.REQUEST)
- {
- messageParameter = SamlConstants.QSP_SAML_REQUEST;
- }
- else
- {
- messageParameter = SamlConstants.QSP_SAML_RESPONSE;
- }
-
- byte[] signature = signatureUtilForRedirectBinding.computeSignature(messageParameter + "=" + urlEncodedResponse, signingKey);
- String sigAlgo = signingKey.getAlgorithm();
-
- StringBuilder sb = new StringBuilder();
- sb.append(messageParameter + "=").append(urlEncodedResponse);
-
- try
- {
- sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=");
- String sigAlg = signatureUtilForRedirectBinding.getXMLSignatureAlgorithmURI(sigAlgo);
- sb.append(URLEncoder.encode(sigAlg, "UTF-8"));
-
- sb.append("&").append(SamlConstants.QSP_SIGNATURE).append("=");
- String base64encodedSignature = Base64.encodeBytes(signature, Base64.DONT_BREAK_LINES);
- sb.append(URLEncoder.encode(base64encodedSignature, "UTF-8"));
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
-
- return sb.toString();
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,130 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import javax.inject.Inject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.ObjectFactory;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.SPSSODescriptorType;
-import org.jboss.seam.security.external.jaxb.xmldsig.KeyInfoType;
-import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
-
-public class SamlMetaDataProvider
-{
- @Inject
- private ServiceProvider serviceProvider;
-
- public void writeMetaData(OutputStream stream)
- {
- try
- {
- ObjectFactory metaDataFactory = new ObjectFactory();
-
- IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
- acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- acsRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
- IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
- acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- acsPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
- IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
- sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
- sloRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
- IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
- sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
- sloPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
- SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
- spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
- spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
-
- spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
- spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
- spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
-
- spSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
-
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
- spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
-
- org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory signatureFactory = new org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory();
-
- X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
- if (certificate == null)
- throw new RuntimeException("Certificate obtained from configuration is null");
-
- JAXBElement<byte[]> X509Certificate;
- try
- {
- X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
- }
- catch (CertificateEncodingException e)
- {
- throw new RuntimeException(e);
- }
-
- X509DataType X509Data = signatureFactory.createX509DataType();
- X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
-
- KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
- keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
-
- KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
- keyDescriptor.setUse(KeyTypes.SIGNING);
- keyDescriptor.setKeyInfo(keyInfo);
-
- spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
-
- EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
- entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
- entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
-
- JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
- Marshaller marshaller = jaxbContext.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
- marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,27 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-public enum SamlProfile
-{
- SINGLE_SIGN_ON, SINGLE_LOGOUT
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,199 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.security.AccessController;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
-import java.security.KeyException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PrivilegedAction;
-import java.security.PublicKey;
-import java.security.Security;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.KeyValue;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
-
-public class SamlSignatureUtilForPostBinding
-{
- private Logger log = LoggerFactory.getLogger(SamlSignatureUtilForPostBinding.class);
-
- private XMLSignatureFactory fac = getXMLSignatureFactory();
-
- private XMLSignatureFactory getXMLSignatureFactory()
- {
- if (Security.getProvider("DOM") != null)
- {
- return XMLSignatureFactory.getInstance("DOM");
- }
- else
- {
- // No security provider found for the XML Digital Signature API (JSR
- // 105). Probably we have to do with JDK 1.5 or lower.
- // See
- // http://weblogs.java.net/blog/2008/02/27/using-jsr-105-jdk-14-or-15.
- // We assume that the reference implementation of JSR 105 is available
- // at runtime.
- return XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
- }
- }
-
- static
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>()
- {
- public Object run()
- {
- System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
- return null;
- }
- });
- };
-
- public Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
- {
- if (log.isTraceEnabled())
- {
- log.trace("Document to be signed={0}", new Object[] { SamlUtils.getDocumentAsString(doc) });
- }
- PrivateKey signingKey = keyPair.getPrivate();
- PublicKey publicKey = keyPair.getPublic();
-
- DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
- dsc.setDefaultNamespacePrefix("dsig");
-
- try
- {
- DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
- Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
-
- List<Transform> transformList = Collections.singletonList(transform);
- Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
-
- String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
- CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
-
- List<Reference> referenceList = Collections.singletonList(ref);
- SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
- SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
-
- KeyInfoFactory kif = fac.getKeyInfoFactory();
- KeyValue kv = kif.newKeyValue(publicKey);
- KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
-
- XMLSignature signature = fac.newXMLSignature(si, ki);
-
- signature.sign(dsc);
- }
- catch (XMLSignatureException e)
- {
- throw new RuntimeException(e);
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new RuntimeException(e);
- }
- catch (InvalidAlgorithmParameterException e)
- {
- throw new RuntimeException(e);
- }
- catch (KeyException e)
- {
- throw new RuntimeException(e);
- }
- catch (MarshalException e)
- {
- throw new RuntimeException(e);
-
- }
- return doc;
- }
-
- public void validateSignature(SamlIdentityProvider idp, Document signedDoc) throws InvalidRequestException
- {
- Key publicKey = idp.getPublicKey();
-
- NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
- if (nl == null || nl.getLength() == 0)
- {
- throw new InvalidRequestException("Signature element is not present or has zero length.");
- }
-
- try
- {
- DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
- XMLSignature signature = fac.unmarshalXMLSignature(valContext);
- boolean signatureValid = signature.validate(valContext);
-
- if (log.isTraceEnabled() && !signatureValid)
- {
- boolean sv = signature.getSignatureValue().validate(valContext);
- log.trace("Signature validation status: " + sv);
-
- @SuppressWarnings("unchecked")
- List<Reference> references = signature.getSignedInfo().getReferences();
- for (Reference ref : references)
- {
- log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
- }
- }
-
- if (!signatureValid)
- {
- throw new InvalidRequestException("Invalid signature.");
- }
- }
- catch (XMLSignatureException e)
- {
- throw new RuntimeException(e);
- }
- catch (MarshalException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,174 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.util.Base64;
-
-public class SamlSignatureUtilForRedirectBinding
-{
- byte[] computeSignature(String requestOrResponseKeyValuePair, PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- StringBuilder sb = new StringBuilder();
- sb.append(requestOrResponseKeyValuePair);
- String algo = signingKey.getAlgorithm();
-
- String sigAlg = getXMLSignatureAlgorithmURI(algo);
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
- sb.append("&SigAlg=").append(sigAlg);
-
- byte[] sigValue = sign(sb.toString(), signingKey);
-
- return sigValue;
- }
-
- private byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
- {
- String algo = signingKey.getAlgorithm();
- Signature sig = getSignature(algo);
- sig.initSign(signingKey);
- sig.update(stringToBeSigned.getBytes());
- return sig.sign();
- }
-
- public void validateSignature(SamlIdentityProvider idp, HttpServletRequest httpRequest, RequestOrResponse requestOrResponse) throws InvalidRequestException
- {
- String sigValueParam = httpRequest.getParameter(SamlConstants.QSP_SIGNATURE);
- if (sigValueParam == null)
- {
- throw new InvalidRequestException("Signature parameter is not present.");
- }
-
- String decodedString;
- try
- {
- decodedString = URLDecoder.decode(sigValueParam, "UTF-8");
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
-
- byte[] sigValue = Base64.decode(decodedString);
-
- String samlMessageParameter;
- if (requestOrResponse == RequestOrResponse.REQUEST)
- {
- samlMessageParameter = SamlConstants.QSP_SAML_REQUEST;
- }
- else
- {
- samlMessageParameter = SamlConstants.QSP_SAML_RESPONSE;
- }
-
- // Construct the url again
- String reqFromURL = httpRequest.getParameter(samlMessageParameter);
- String relayStateFromURL = httpRequest.getParameter(SamlConstants.QSP_RELAY_STATE);
- String sigAlgFromURL = httpRequest.getParameter(SamlConstants.QSP_SIG_ALG);
-
- StringBuilder sb = new StringBuilder();
- sb.append(samlMessageParameter).append("=").append(reqFromURL);
-
- if (relayStateFromURL != null && relayStateFromURL.length() != 0)
- {
- sb.append("&").append(SamlConstants.QSP_RELAY_STATE).append("=").append(relayStateFromURL);
- }
- sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=").append(sigAlgFromURL);
-
- PublicKey validatingKey = idp.getPublicKey();
-
- boolean isValid;
- try
- {
- isValid = validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
- }
- catch (UnsupportedEncodingException e)
- {
- throw new RuntimeException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new RuntimeException(e);
- }
-
- if (!isValid)
- {
- throw new InvalidRequestException("Invalid signature.");
- }
- }
-
- private boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
- {
- // We assume that the sigatureValue has the same algorithm as the public
- // key
- // If not, there will be an exception anyway
- String algo = validatingKey.getAlgorithm();
- Signature sig = getSignature(algo);
-
- sig.initVerify(validatingKey);
- sig.update(signedContent);
- return sig.verify(signatureValue);
- }
-
- private Signature getSignature(String algo) throws GeneralSecurityException
- {
- Signature sig = null;
-
- if ("DSA".equalsIgnoreCase(algo))
- {
- sig = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
- }
- else if ("RSA".equalsIgnoreCase(algo))
- {
- sig = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
- }
- else
- throw new RuntimeException("Unknown signature algorithm:" + algo);
- return sig;
- }
-
- public String getXMLSignatureAlgorithmURI(String algo)
- {
- String xmlSignatureAlgo = null;
-
- if ("DSA".equalsIgnoreCase(algo))
- {
- xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_DSA;
- }
- else if ("RSA".equalsIgnoreCase(algo))
- {
- xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_RSA;
- }
- return xmlSignatureAlgo;
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,94 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external.configuration.Binding;
-import org.jboss.seam.security.external.configuration.SamlEndpoint;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
-
-public class SamlSingleLogoutReceiver
-{
- @Inject
- private SamlMessageFactory samlMessageFactory;
-
- @Inject
- private SamlMessageSender samlMessageSender;
-
- @Inject
- private Identity identity;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- public void processIDPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request, SamlIdentityProvider idp) throws InvalidRequestException
- {
- if (!(request instanceof LogoutRequestType))
- {
- throw new InvalidRequestException("Request should be a single logout request.");
- }
-
- if (!identity.isLoggedIn())
- {
- throw new InvalidRequestException("No active session to logout.");
- }
-
- // FIXME: Identity.instance().logout();
-
- StatusResponseType response = samlMessageFactory.createStatusResponse(request, SamlConstants.STATUS_SUCCESS, null);
-
- Binding binding = httpRequest.getMethod().equals("POST") ? Binding.HTTP_Post : Binding.HTTP_Redirect;
- SamlEndpoint endpoint = idp.getService(SamlProfile.SINGLE_LOGOUT).getEndpointForBinding(binding);
-
- samlMessageSender.sendResponseToIDP(httpRequest, httpResponse, idp, endpoint, response);
- }
-
- public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType response, RequestContext requestContext, SamlIdentityProvider idp)
- {
- if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
- {
- // FIXME Identity.instance().logout();
- }
- else
- {
- throw new RuntimeException("Single logout failed. Status code: " + (response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue()));
- }
- try
- {
- httpResponse.sendRedirect(serviceProvider.getLoggedOutUrl());
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
-
-public class SamlSingleLogoutSender
-{
- @Inject
- private Requests requests;
-
- @Inject
- private SamlMessageSender samlMessageSender;
-
- @Inject
- private SamlMessageFactory samlMessageFactory;
-
- public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity)
- {
- SeamSamlPrincipal principal = (SeamSamlPrincipal) null; // FIXME:
- // identity.getPrincipal()
- // is not
- // available any
- // more
- SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider();
- LogoutRequestType logoutRequest;
- try
- {
- logoutRequest = samlMessageFactory.createLogoutRequest(principal);
- requests.addRequest(logoutRequest.getID(), idp, null);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
-
- samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,314 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
-import javax.xml.datatype.DatatypeConstants;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.configuration.ServiceProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeStatementType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnStatementType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.StatementAbstractType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationDataType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SamlSingleSignOnReceiver
-{
- private Logger log = LoggerFactory.getLogger(SamlSingleSignOnReceiver.class);
-
- @Inject
- private Requests requests;
-
- @Inject
- private Identity identity;
-
- @Inject
- private InternalAuthenticator internalAuthenticator;
-
- @Inject
- private ServiceProvider serviceProvider;
-
- @Inject
- private BeanManager beanManager;
-
- public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse, RequestContext requestContext, SamlIdentityProvider idp) throws InvalidRequestException
- {
- StatusType status = statusResponse.getStatus();
- if (status == null)
- {
- throw new InvalidRequestException("Response does not contain a status");
- }
-
- String statusValue = status.getStatusCode().getValue();
- if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
- {
- throw new RuntimeException("IDP returned status " + statusValue);
- }
-
- if (!(statusResponse instanceof ResponseType))
- {
- throw new InvalidRequestException("Response does not have type ResponseType");
- }
-
- ResponseType response = (ResponseType) statusResponse;
-
- List<Object> assertions = response.getAssertionOrEncryptedAssertion();
- if (assertions.size() == 0)
- {
- throw new RuntimeException("IDP response does not contain assertions");
- }
-
- SeamSamlPrincipal principal = getAuthenticatedUser(response, requestContext);
- if (principal == null)
- {
- try
- {
- beanManager.fireEvent(new PostAuthenticateEvent());
- beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
-
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
- else
- {
- // Login the user, and redirect to the requested page.
- principal.setIdentityProvider(idp);
- loginUser(httpRequest, httpResponse, principal, requestContext);
- }
- }
-
- private SeamSamlPrincipal getAuthenticatedUser(ResponseType responseType, RequestContext requestContext)
- {
- SeamSamlPrincipal principal = null;
-
- for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
- {
- if (assertion instanceof AssertionType)
- {
- SeamSamlPrincipal assertionSubject = handleAssertion((AssertionType) assertion, requestContext);
- if (principal == null)
- {
- principal = assertionSubject;
- }
- else
- {
- log.warn("Multiple authenticated users found in assertions. Using the first one.");
- }
- }
- else
- {
- /* assertion instanceof EncryptedElementType */
- log.warn("Encountered encrypted assertion. Skipping it because decryption is not yet supported.");
- }
- }
- return principal;
- }
-
- private SeamSamlPrincipal handleAssertion(AssertionType assertion, RequestContext requestContext)
- {
- if (SamlUtils.hasAssertionExpired(assertion))
- {
- log.warn("Received assertion not processed because it has expired.");
- return null;
- }
-
- AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
- if (authnStatement == null)
- {
- log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
- return null;
- }
-
- NameIDType nameId = validateSubjectAndExtractNameID(assertion, requestContext);
- if (nameId == null)
- {
- log.warn("Received assertion not processed because it doesn't contain a valid subject.");
- return null;
- }
-
- SeamSamlPrincipal principal = new SeamSamlPrincipal();
- principal.setAssertion(assertion);
- principal.setSessionIndex(authnStatement.getSessionIndex());
- principal.setNameId(nameId);
-
- for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
- {
- if (statement instanceof AttributeStatementType)
- {
- AttributeStatementType attributeStatement = (AttributeStatementType) statement;
- List<AttributeType> attributes = new LinkedList<AttributeType>();
- for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
- {
- if (object instanceof AttributeType)
- {
- attributes.add((AttributeType) object);
- }
- else
- {
- log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
- }
- }
- principal.setAttributes(attributes);
- }
- }
-
- return principal;
- }
-
- private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
- {
- for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
- {
- if (statement instanceof AuthnStatementType)
- {
- AuthnStatementType authnStatement = (AuthnStatementType) statement;
- return authnStatement;
- }
- }
-
- return null;
- }
-
- private NameIDType validateSubjectAndExtractNameID(AssertionType assertion, RequestContext requestContext)
- {
- NameIDType nameId = null;
- boolean validConfirmationFound = false;
-
- for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
- {
- if (contentElement.getValue() instanceof NameIDType)
- {
- nameId = (NameIDType) contentElement.getValue();
- }
- if (contentElement.getValue() instanceof SubjectConfirmationType)
- {
- SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
- if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
- {
- SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
-
- boolean validRecipient = confirmationData.getRecipient().equals(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
- boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendar()) == DatatypeConstants.GREATER;
-
- boolean validInResponseTo = requestContext == null || confirmationData.getInResponseTo().equals(requestContext.getId());
-
- if (validRecipient && notTooLate && validInResponseTo)
- {
- validConfirmationFound = true;
- }
- }
- }
- }
-
- if (validConfirmationFound)
- {
- return nameId;
- }
- else
- {
- return null;
- }
- }
-
- private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SeamSamlPrincipal principal, RequestContext requestContext)
- {
- if (identity.isLoggedIn())
- {
- throw new RuntimeException("User is already logged in.");
- }
-
- boolean internallyAuthenticated = internalAuthenticator.authenticate(principal, httpRequest);
-
- try
- {
- if (internallyAuthenticated)
- {
- if (requestContext == null)
- {
- redirectForUnsolicitedAuthentication(httpRequest, httpResponse);
- }
- else
- {
- requests.redirect(requestContext.getId(), httpResponse);
- }
- }
- else
- {
- httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
- }
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void redirectForUnsolicitedAuthentication(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException
- {
- String relayState = httpRequest.getParameter("RelayState");
-
- /* Unsolicited authentication. */
-
- if (relayState != null)
- {
- httpResponse.sendRedirect(relayState);
- }
- else
- {
- String unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
- if (unsolicitedAuthenticationUrl != null)
- {
- httpResponse.sendRedirect(unsolicitedAuthenticationUrl);
- }
- else
- {
- throw new RuntimeException("Unsolicited login could not be handled because the unsolicitedAuthenticationViewId property has not been configured");
- }
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,35 +0,0 @@
-package org.jboss.seam.security.external;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.PreAuthenticateEvent;
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
-
-public class SamlSingleSignOnSender
-{
- @Inject
- private Requests requests;
-
- @Inject
- private SamlMessageFactory samlMessageFactory;
-
- @Inject
- private SamlMessageSender samlMessageSender;
-
- @Inject
- private BeanManager beanManager;
-
- public void sendAuthenticationRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, String returnUrl)
- {
- AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
- requests.addRequest(authnRequest.getID(), samlIdentityProvider, returnUrl);
-
- beanManager.fireEvent(new PreAuthenticateEvent());
-
- samlMessageSender.sendRequestToIDP(request, response, samlIdentityProvider, SamlProfile.SINGLE_SIGN_ON, authnRequest);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,128 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.GregorianCalendar;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeConstants;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.ConditionsType;
-import org.w3c.dom.Document;
-
-public class SamlUtils
-{
-
- public static XMLGregorianCalendar getXMLGregorianCalendar()
- {
- try
- {
- DatatypeFactory dtf = DatatypeFactory.newInstance();
- return dtf.newXMLGregorianCalendar(new GregorianCalendar());
- }
- catch (DatatypeConfigurationException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public static boolean hasAssertionExpired(AssertionType assertion)
- {
- ConditionsType conditionsType = assertion.getConditions();
- if (conditionsType != null)
- {
- XMLGregorianCalendar now = getXMLGregorianCalendar();
- XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
- XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
-
- int val = notBefore.compare(now);
- if (val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
- {
- return true;
- }
-
- val = notOnOrAfter.compare(now);
- if (val != DatatypeConstants.GREATER)
- {
- return true;
- }
-
- return false;
- }
- else
- {
- return false;
- }
- }
-
- public static String getDocumentAsString(Document document)
- {
- Source source = new DOMSource(document);
- StringWriter sw = new StringWriter();
-
- Result streamResult = new StreamResult(sw);
- try
- {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- transformer.setOutputProperty(OutputKeys.INDENT, "no");
- transformer.transform(source, streamResult);
- }
- catch (TransformerException e)
- {
- throw new RuntimeException(e);
- }
-
- return sw.toString();
- }
-
- public static void sendRedirect(String destination, HttpServletResponse response)
- {
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Location", destination);
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
- response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
- try
- {
- response.sendRedirect(destination);
- }
- catch (IOException e)
- {
- throw new RuntimeException();
- }
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,99 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.security.Principal;
-import java.util.LinkedList;
-import java.util.List;
-
-import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
-
-public class SeamSamlPrincipal implements Principal
-{
- private NameIDType nameId;
-
- private SamlIdentityProvider identityProvider;
-
- private List<AttributeType> attributes = new LinkedList<AttributeType>();
-
- private String sessionIndex;
-
- private AssertionType assertion;
-
- public NameIDType getNameId()
- {
- return nameId;
- }
-
- public void setNameId(NameIDType nameId)
- {
- this.nameId = nameId;
- }
-
- public SamlIdentityProvider getIdentityProvider()
- {
- return identityProvider;
- }
-
- public void setIdentityProvider(SamlIdentityProvider identityProvider)
- {
- this.identityProvider = identityProvider;
- }
-
- public List<AttributeType> getAttributes()
- {
- return attributes;
- }
-
- public void setAttributes(List<AttributeType> attributes)
- {
- this.attributes = attributes;
- }
-
- public String getSessionIndex()
- {
- return sessionIndex;
- }
-
- public void setSessionIndex(String sessionIndex)
- {
- this.sessionIndex = sessionIndex;
- }
-
- public AssertionType getAssertion()
- {
- return assertion;
- }
-
- public void setAssertion(AssertionType assertion)
- {
- this.assertion = assertion;
- }
-
- public String getName()
- {
- return nameId.getValue();
- }
-}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdAttribute
+{
+ private String alias;
+ private String typeUri;
+ private boolean required;
+
+ public String getAlias()
+ {
+ return alias;
+ }
+
+ public void setAlias(String alias)
+ {
+ this.alias = alias;
+ }
+
+ public String getTypeUri()
+ {
+ return typeUri;
+ }
+
+ public void setTypeUri(String typeUri)
+ {
+ this.typeUri = typeUri;
+ }
+
+ public boolean isRequired()
+ {
+ return required;
+ }
+
+ public void setRequired(boolean required)
+ {
+ this.required = required;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,70 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.net.URL;
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+// TODO: create hash code and equals method
+public class OpenIdPrincipal implements Principal
+{
+ private String identifier;
+
+ private URL openIdProvider;
+
+ private Map<String, List<String>> attributes;
+
+ public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+ {
+ super();
+ this.identifier = identifier;
+ this.openIdProvider = openIdProvider;
+ this.attributes = attributes;
+ }
+
+ public String getName()
+ {
+ return identifier;
+ }
+
+ public String getIdentifier()
+ {
+ return identifier;
+ }
+
+ public URL getOpenIdProvider()
+ {
+ return openIdProvider;
+ }
+
+ public Map<String, List<String>> getAttributes()
+ {
+ return attributes;
+ }
+
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,33 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface OpenIdRelyingPartyApi
+{
+ public void signOn(String openId);
+
+ public void logout(OpenIdPrincipal principal);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,35 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface ResponseHolder
+{
+ void setResponse(HttpServletResponse response);
+
+ HttpServletResponse getResponse();
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlBinding.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/Binding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlBinding.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlBinding.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public enum SamlBinding
+{
+ HTTP_Redirect, HTTP_Post
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.io.Reader;
+import java.io.Writer;
+import java.util.List;
+
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlEntityApi
+{
+ String getProtocol();
+
+ void setProtocol(String protocol);
+
+ void setEntityId(String entityId);
+
+ String getEntityId();
+
+ String getHostName();
+
+ void setHostName(String hostName);
+
+ int getPort();
+
+ void setPort(int port);
+
+ SamlBinding getPreferredBinding();
+
+ void setPreferredBinding(SamlBinding preferredBinding);
+
+ void setSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass);
+
+ SamlExternalEntity getExternalSamlEntityByEntityId(String entityId);
+
+ SamlExternalEntity addExternalSamlEntity(Reader reader);
+
+ List<SamlExternalEntity> getExternalSamlEntities();
+
+ void writeMetaData(Writer writer);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,60 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.List;
+import java.util.Set;
+
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.saml.idp.SamlExternalServiceProvider;
+import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlIdentityProviderApi extends SamlEntityApi
+{
+ void authenticationSucceeded(SamlNameId nameId, List<AttributeType> attributes);
+
+ void authenticationSucceeded(SamlIdpSession sessionToJoin);
+
+ void authenticationFailed();
+
+ Set<SamlIdpSession> getSessions();
+
+ List<SamlExternalServiceProvider> getServiceProviders();
+
+ void logout(SamlPrincipal principal, List<String> indexes);
+
+ boolean isWantAuthnRequestsSigned();
+
+ void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned);
+
+ boolean isSingleLogoutMessagesSigned();
+
+ void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned);
+
+ boolean isWantSingleLogoutMessagesSigned();
+
+ void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlNameId.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlNameId.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlNameId.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,119 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlNameId
+{
+ private String value;
+
+ private String format;
+
+ private String qualifier;
+
+ public SamlNameId(String value, String format, String qualifier)
+ {
+ super();
+ this.value = value;
+ this.format = format;
+ this.qualifier = qualifier;
+ }
+
+ public String getValue()
+ {
+ return value;
+ }
+
+ public void setValue(String value)
+ {
+ this.value = value;
+ }
+
+ public String getFormat()
+ {
+ return format;
+ }
+
+ public void setFormat(String format)
+ {
+ this.format = format;
+ }
+
+ public String getQualifier()
+ {
+ return qualifier;
+ }
+
+ public void setQualifier(String qualifier)
+ {
+ this.qualifier = qualifier;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((format == null) ? 0 : format.hashCode());
+ result = prime * result + ((qualifier == null) ? 0 : qualifier.hashCode());
+ result = prime * result + ((value == null) ? 0 : value.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ SamlNameId other = (SamlNameId) obj;
+ if (format == null)
+ {
+ if (other.format != null)
+ return false;
+ }
+ else if (!format.equals(other.format))
+ return false;
+ if (qualifier == null)
+ {
+ if (other.qualifier != null)
+ return false;
+ }
+ else if (!qualifier.equals(other.qualifier))
+ return false;
+ if (value == null)
+ {
+ if (other.value != null)
+ return false;
+ }
+ else if (!value.equals(other.value))
+ return false;
+ return true;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlNameId.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlPrincipal.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlPrincipal.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlPrincipal.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,100 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlPrincipal
+{
+ private SamlNameId nameId;
+
+ private List<AttributeType> attributes = new LinkedList<AttributeType>();
+
+ private AssertionType assertion;
+
+ public SamlNameId getNameId()
+ {
+ return nameId;
+ }
+
+ public void setNameId(SamlNameId nameId)
+ {
+ this.nameId = nameId;
+ }
+
+ public List<AttributeType> getAttributes()
+ {
+ return attributes;
+ }
+
+ public void setAttributes(List<AttributeType> attributes)
+ {
+ this.attributes = attributes;
+ }
+
+ public AssertionType getAssertion()
+ {
+ return assertion;
+ }
+
+ public void setAssertion(AssertionType assertion)
+ {
+ this.assertion = assertion;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((nameId == null) ? 0 : nameId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ SamlPrincipal other = (SamlPrincipal) obj;
+ if (nameId == null)
+ {
+ if (other.nameId != null)
+ return false;
+ }
+ else if (!nameId.equals(other.nameId))
+ return false;
+ return true;
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.List;
+import java.util.Set;
+
+import org.jboss.seam.security.external.saml.sp.SamlExternalIdentityProvider;
+import org.jboss.seam.security.external.saml.sp.SamlSpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlServiceProviderApi extends SamlEntityApi
+{
+ public void signOn(String idpEntityId);
+
+ public void logout(SamlSpSession session);
+
+ public void singleLogout(SamlSpSession session);
+
+ public Set<SamlSpSession> getSessions();
+
+ List<SamlExternalIdentityProvider> getIdentityProviders();
+
+ boolean isAuthnRequestsSigned();
+
+ void setAuthnRequestsSigned(boolean authnRequestsSigned);
+
+ boolean isWantAssertionsSigned();
+
+ void setWantAssertionsSigned(boolean wantAssertionsSigned);
+
+ boolean isSingleLogoutMessagesSigned();
+
+ void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned);
+
+ boolean isWantSingleLogoutMessagesSigned();
+
+ void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,27 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-public enum Binding
-{
- HTTP_Redirect, HTTP_Post
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,129 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-import java.net.URL;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-
-import org.jboss.seam.security.external.jaxb.config.ExternalAuthenticationConfigType;
-import org.jboss.seam.security.external.jaxb.config.ServiceProviderType;
-import org.xml.sax.SAXException;
-
- at Named("configuration")
- at ApplicationScoped
-// FIXME @Startup
-public class Configuration
-{
- private final static String CONFIGURATION_FILE = "/external-authentication-config.xml";
-
- private String contextRoot;
-
- private Map<String, ServiceProvider> serviceProviderMap = new HashMap<String, ServiceProvider>();
-
- @Inject
- public void init()
- {
- List<ServiceProvider> serviceProviders = new LinkedList<ServiceProvider>();
- ExternalAuthenticationConfigType externalAuthenticationConfig = readConfigurationFile();
- for (ServiceProviderType serviceProvider : externalAuthenticationConfig.getServiceProvider())
- {
- serviceProviders.add(new ServiceProvider(this, serviceProvider));
- }
-
- for (ServiceProvider sp : serviceProviders)
- {
- if (serviceProviderMap.containsKey(sp.getHostname()))
- {
- throw new RuntimeException("Two service providers have the same hostname");
- }
- serviceProviderMap.put(sp.getHostname(), sp);
- }
- }
-
- private ExternalAuthenticationConfigType readConfigurationFile()
- {
- ExternalAuthenticationConfigType externalAuthenticationConfig;
- try
- {
- JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external.jaxb.config");
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- URL schemaURL = getClass().getResource("/schema/config/external-authentication-config.xsd");
- Schema schema;
- try
- {
- schema = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI).newSchema(schemaURL);
- }
- catch (SAXException e)
- {
- throw new RuntimeException(e);
- }
- unmarshaller.setSchema(schema);
-
- JAXBElement<?> o = (JAXBElement<?>) unmarshaller.unmarshal(getClass().getResource(CONFIGURATION_FILE));
- externalAuthenticationConfig = (ExternalAuthenticationConfigType) o.getValue();
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- return externalAuthenticationConfig;
- }
-
- public void setContextRoot(String contextRoot)
- {
- this.contextRoot = contextRoot;
- }
-
- public String getContextRoot()
- {
- return contextRoot;
- }
-
- // FIXME @Factory(scope = ScopeType.EVENT, autoCreate = true, value =
- // "org.jboss.seam.security.external_authentication.serviceProvider")
- public ServiceProvider getServiceProvider()
- {
- String hostname = null; // FIXME =
- // ServletContexts.instance().getRequest().getServerName();
- ;
- return serviceProviderMap.get(hostname);
- }
-
- public ServiceProvider getServiceProvider(String hostname)
- {
- return serviceProviderMap.get(hostname);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,50 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-import java.util.List;
-
-import org.jboss.seam.security.external.jaxb.config.OpenIdAttributeType;
-import org.jboss.seam.security.external.jaxb.config.OpenIdConfigType;
-
-public class OpenIdConfiguration
-{
- private List<OpenIdAttributeType> attributes;
-
- private String defaultOpenIdProvider;
-
- public OpenIdConfiguration(OpenIdConfigType openIdConfig)
- {
- attributes = openIdConfig.getAttribute();
- defaultOpenIdProvider = openIdConfig.getDefaultOpenIdProvider();
- }
-
- public List<OpenIdAttributeType> getAttributes()
- {
- return attributes;
- }
-
- public String getDefaultOpenIdProvider()
- {
- return defaultOpenIdProvider;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,271 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-
-import org.jboss.seam.security.external.jaxb.config.SamlConfigType;
-import org.jboss.seam.security.external.jaxb.config.SamlIdentityProviderType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntitiesDescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.RoleDescriptorType;
-
-public class SamlConfiguration
-{
- private static final String SAML_ENTITIES_FILE = "/saml-entities.xml";
-
- private Map<String, IDPSSODescriptorType> idpMetaInfo = new HashMap<String, IDPSSODescriptorType>();
-
- private String entityId;
-
- private SamlIdentityProvider defaultIdentityProvider;
-
- private List<SamlIdentityProvider> identityProviders = new LinkedList<SamlIdentityProvider>();
-
- private boolean authnRequestsSigned = false;
-
- private boolean wantAssertionsSigned = false;
-
- private PrivateKey privateKey;
-
- private X509Certificate certificate;
-
- public SamlConfiguration(SamlConfigType samlConfig)
- {
- readSamlMetaInformation();
-
- this.entityId = samlConfig.getServiceProviderEntityId();
- this.authnRequestsSigned = samlConfig.isAuthnRequestsSigned();
- this.wantAssertionsSigned = samlConfig.isWantAssertionsSigned();
-
- for (SamlIdentityProviderType samlIdp : samlConfig.getSamlIdentityProvider())
- {
- IDPSSODescriptorType idpSsoDescriptor = idpMetaInfo.get(samlIdp.getEntityId());
- if (idpSsoDescriptor == null)
- {
- throw new RuntimeException("Saml identity provider with entity id \"" + samlIdp.getEntityId() + "\" not found in metadata.");
- }
- SamlIdentityProvider samlIdentityProvider = new SamlIdentityProvider(samlIdp.getEntityId(), idpSsoDescriptor);
- identityProviders.add(samlIdentityProvider);
-
- samlIdentityProvider.setWantSingleLogoutMessagesSigned(samlIdp.isWantSingleLogoutMessagesSigned());
- samlIdentityProvider.setSingleLogoutMessagesSigned(samlIdp.isSingleLogoutMessagesSigned());
- }
-
- boolean wantAuthnRequestsSigned = false;
-
- for (SamlIdentityProvider identityProvider : identityProviders)
- {
- if (identityProvider instanceof SamlIdentityProvider)
- {
- if (((SamlIdentityProvider) identityProvider).isWantAuthnRequestsSigned())
- {
- wantAuthnRequestsSigned = true;
- }
- }
- if (identityProvider.getEntityId().equals(samlConfig.getDefaultIdentityProvider()))
- {
- defaultIdentityProvider = identityProvider;
- }
- }
-
- if (wantAuthnRequestsSigned && !samlConfig.isAuthnRequestsSigned())
- {
- throw new RuntimeException("Configuration error: at least one identity provider wants the authentication requests signed, but the service provider doesn't sign authentication requests.");
- }
-
- String keyStoreUrl = samlConfig.getKeyStoreUrl();
- String keyStorePass = samlConfig.getKeyStorePass();
- String signingKeyAlias = samlConfig.getSigningKeyAlias();
- String signingKeyPass = samlConfig.getSigningKeyPass();
- if (signingKeyPass == null)
- {
- signingKeyPass = keyStorePass;
- }
-
- getSigningKeyPair(keyStoreUrl, keyStorePass, signingKeyAlias, signingKeyPass);
- }
-
- private void readSamlMetaInformation()
- {
- try
- {
- JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- JAXBElement<?> o = (JAXBElement<?>) unmarshaller.unmarshal(getClass().getResource(SAML_ENTITIES_FILE));
- EntitiesDescriptorType entitiesDescriptor = (EntitiesDescriptorType) o.getValue();
- readEntitiesDescriptor(entitiesDescriptor);
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void readEntitiesDescriptor(EntitiesDescriptorType entitiesDescriptor)
- {
- for (Object object : entitiesDescriptor.getEntityDescriptorOrEntitiesDescriptor())
- {
- if (object instanceof EntityDescriptorType)
- {
- EntityDescriptorType entityDescriptor = (EntityDescriptorType) object;
- String entityId = entityDescriptor.getEntityID();
-
- for (RoleDescriptorType roleDescriptor : entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor())
- {
- if (roleDescriptor instanceof IDPSSODescriptorType)
- {
- IDPSSODescriptorType IDPSSODescriptor = (IDPSSODescriptorType) roleDescriptor;
- idpMetaInfo.put(entityId, IDPSSODescriptor);
- }
- }
- }
- else
- {
- EntitiesDescriptorType descriptor = (EntitiesDescriptorType) object;
- readEntitiesDescriptor(descriptor);
- }
- }
- }
-
- private void getSigningKeyPair(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass)
- {
- final String classPathPrefix = "classpath:";
-
- try
- {
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- InputStream keyStoreStream;
- if (keyStoreUrl.startsWith(classPathPrefix))
- {
- keyStoreStream = getClass().getClassLoader().getResourceAsStream(keyStoreUrl.substring(classPathPrefix.length()));
- }
- else
- {
- keyStoreStream = new URL(keyStoreUrl).openStream();
- }
- char[] keyStorePwd = keyStorePass != null ? keyStorePass.toCharArray() : null;
- keyStore.load(keyStoreStream, keyStorePwd);
-
- certificate = (X509Certificate) keyStore.getCertificate(signingKeyAlias);
-
- char[] signingKeyPwd = signingKeyPass != null ? signingKeyPass.toCharArray() : null;
-
- privateKey = (PrivateKey) keyStore.getKey(signingKeyAlias, signingKeyPwd);
- }
- catch (KeyStoreException e)
- {
- throw new RuntimeException(e);
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new RuntimeException(e);
- }
- catch (CertificateException e)
- {
- throw new RuntimeException(e);
- }
- catch (MalformedURLException e)
- {
- throw new RuntimeException(e);
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- catch (UnrecoverableKeyException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public String getEntityId()
- {
- return entityId;
- }
-
- public SamlIdentityProvider getDefaultIdentityProvider()
- {
- return defaultIdentityProvider;
- }
-
- public List<SamlIdentityProvider> getIdentityProviders()
- {
- return identityProviders;
- }
-
- public boolean isAuthnRequestsSigned()
- {
- return authnRequestsSigned;
- }
-
- public boolean isWantAssertionsSigned()
- {
- return wantAssertionsSigned;
- }
-
- public PrivateKey getPrivateKey()
- {
- return privateKey;
- }
-
- public X509Certificate getCertificate()
- {
- return certificate;
- }
-
- public SamlIdentityProvider getSamlIdentityProviderByEntityId(String entityId)
- {
- for (SamlIdentityProvider identityProvider : identityProviders)
- {
- if (identityProvider instanceof SamlIdentityProvider)
- {
- SamlIdentityProvider samlIdentityProvider = (SamlIdentityProvider) identityProvider;
- if (samlIdentityProvider.getEntityId().equals(entityId))
- {
- return samlIdentityProvider;
- }
- }
- }
- return null;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,62 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-public class SamlEndpoint
-{
- private Binding binding;
-
- private String location;
-
- private String responseLocation;
-
- private SamlService service;
-
- public SamlEndpoint(SamlService service, Binding binding, String location, String responseLocation)
- {
- super();
- this.service = service;
- this.binding = binding;
- this.location = location;
- this.responseLocation = responseLocation;
- }
-
- public SamlService getService()
- {
- return service;
- }
-
- public Binding getBinding()
- {
- return binding;
- }
-
- public String getLocation()
- {
- return location;
- }
-
- public String getResponseLocation()
- {
- return responseLocation != null ? responseLocation : location;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,149 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-import java.security.PublicKey;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.cert.X509Certificate;
-import javax.xml.bind.JAXBElement;
-
-import org.jboss.seam.security.external.SamlProfile;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
-import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
-
-public class SamlIdentityProvider
-{
- private String entityId;
-
- private Map<SamlProfile, SamlService> services = new HashMap<SamlProfile, SamlService>();
-
- private PublicKey publicKey;
-
- private boolean wantAuthnRequestsSigned;
-
- private boolean wantSingleLogoutMessagesSigned;
-
- private boolean singleLogoutMessagesSigned;
-
- public SamlIdentityProvider(String entityId, IDPSSODescriptorType IDPSSODescriptor)
- {
- this.entityId = entityId;
-
- wantAuthnRequestsSigned = IDPSSODescriptor.isWantAuthnRequestsSigned();
-
- services.put(SamlProfile.SINGLE_SIGN_ON, new SamlService(SamlProfile.SINGLE_SIGN_ON, IDPSSODescriptor.getSingleSignOnService()));
- services.put(SamlProfile.SINGLE_LOGOUT, new SamlService(SamlProfile.SINGLE_LOGOUT, IDPSSODescriptor.getSingleLogoutService()));
-
- for (KeyDescriptorType keyDescriptor : IDPSSODescriptor.getKeyDescriptor())
- {
- if (keyDescriptor.getUse().equals(KeyTypes.SIGNING))
- {
- for (Object content : keyDescriptor.getKeyInfo().getContent())
- {
- if (content instanceof JAXBElement<?> && ((JAXBElement<?>) content).getValue() instanceof X509DataType)
- {
- X509DataType X509Data = (X509DataType) ((JAXBElement<?>) content).getValue();
- for (Object object : X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName())
- {
- if (object instanceof JAXBElement<?>)
- {
- JAXBElement<?> el = (JAXBElement<?>) object;
- if (el.getName().getLocalPart().equals("X509Certificate"))
- {
- byte[] certificate = (byte[]) el.getValue();
- try
- {
- X509Certificate cert = X509Certificate.getInstance(certificate);
- publicKey = cert.getPublicKey();
- }
- catch (javax.security.cert.CertificateException e)
- {
- throw new RuntimeException(e);
- }
- }
- }
- }
- }
- }
- }
- }
- }
-
- public String getEntityId()
- {
- return entityId;
- }
-
- public void setEntityId(String entityId)
- {
- this.entityId = entityId;
- }
-
- public SamlService getService(SamlProfile service)
- {
- return services.get(service);
- }
-
- public PublicKey getPublicKey()
- {
- return publicKey;
- }
-
- public void setPublicKey(PublicKey publicKey)
- {
- this.publicKey = publicKey;
- }
-
- public boolean isWantAuthnRequestsSigned()
- {
- return wantAuthnRequestsSigned;
- }
-
- public void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)
- {
- this.wantAuthnRequestsSigned = wantAuthnRequestsSigned;
- }
-
- public boolean isWantSingleLogoutMessagesSigned()
- {
- return wantSingleLogoutMessagesSigned;
- }
-
- public void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned)
- {
- this.wantSingleLogoutMessagesSigned = wantSingleLogoutMessagesSigned;
- }
-
- public boolean isSingleLogoutMessagesSigned()
- {
- return singleLogoutMessagesSigned;
- }
-
- public void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned)
- {
- this.singleLogoutMessagesSigned = singleLogoutMessagesSigned;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,85 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-import java.util.LinkedList;
-import java.util.List;
-
-import org.jboss.seam.security.external.SamlProfile;
-import org.jboss.seam.security.external.jaxb.samlv2.metadata.EndpointType;
-
-public class SamlService
-{
- private SamlProfile profile;
-
- private List<SamlEndpoint> serviceEndpoints = new LinkedList<SamlEndpoint>();
-
- public SamlService(SamlProfile profile, List<EndpointType> endpoints)
- {
- this.profile = profile;
-
- for (EndpointType endpoint : endpoints)
- {
- Binding binding = null;
- if (endpoint.getBinding().endsWith("HTTP-Redirect"))
- {
- binding = Binding.HTTP_Redirect;
- }
- else if (endpoint.getBinding().endsWith("HTTP-POST"))
- {
- binding = Binding.HTTP_Post;
- }
- else
- {
- // ignore other bindings
- }
- if (binding != null)
- {
- SamlEndpoint samlEndpoint = new SamlEndpoint(this, binding, endpoint.getLocation(), endpoint.getResponseLocation());
- serviceEndpoints.add(samlEndpoint);
- }
- }
- }
-
- public SamlProfile getProfile()
- {
- return profile;
- }
-
- public List<SamlEndpoint> getServiceEndpoints()
- {
- return serviceEndpoints;
- }
-
- public SamlEndpoint getEndpointForBinding(Binding binding)
- {
- for (SamlEndpoint endpoint : serviceEndpoints)
- {
- if (endpoint.getBinding() == binding)
- {
- return endpoint;
- }
- }
-
- return null;
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,171 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.configuration;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-
-import javax.el.MethodExpression;
-
-import org.jboss.seam.security.external.ExternalAuthenticationService;
-import org.jboss.seam.security.external.jaxb.config.ServiceProviderType;
-
-public class ServiceProvider
-{
- private Configuration configuration;
-
- private SamlConfiguration samlConfiguration;
-
- private OpenIdConfiguration openIdConfiguration;
-
- private String hostname;
-
- private String protocol;
-
- private int port;
-
- private String loggedOutUrl;
-
- private String unsolicitedAuthenticationUrl;
-
- private String failedAuthenticationUrl;
-
- private MethodExpression internalAuthenticationMethod;
-
- public ServiceProvider(Configuration configuration, ServiceProviderType serviceProvider)
- {
- this.configuration = configuration;
-
- hostname = serviceProvider.getHostname();
- protocol = serviceProvider.getProtocol().value();
-
- loggedOutUrl = serviceProvider.getLoggedOutUrl();
- unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
- failedAuthenticationUrl = serviceProvider.getFailedAuthenticationUrl();
-
- internalAuthenticationMethod = null; // FIXME =
- // Expressions.instance().createMethodExpression(serviceProvider.getInternalAuthenticationMethod(),
- // Boolean.class, Principal.class,
- // List.class);
-
- if (serviceProvider.getPort() == null)
- {
- if (protocol.equals("http"))
- {
- port = 8080;
- }
- else
- {
- port = 8443;
- }
- }
- else
- {
- port = serviceProvider.getPort().intValue();
- }
-
- if (serviceProvider.getSamlConfig() != null)
- {
- samlConfiguration = new SamlConfiguration(serviceProvider.getSamlConfig());
- }
-
- if (serviceProvider.getOpenIdConfig() != null)
- {
- openIdConfiguration = new OpenIdConfiguration(serviceProvider.getOpenIdConfig());
- }
- }
-
- public String getServiceURL(ExternalAuthenticationService service)
- {
- String path = configuration.getContextRoot() + "/" + service.getName() + ".seam";
- return createURL(path);
- }
-
- public String getOpenIdRealm()
- {
- return createURL("");
- }
-
- private String createURL(String path)
- {
- try
- {
- if (protocol.equals("http") && port == 80 || protocol.equals("https") && port == 443)
- {
- return new URL(protocol, hostname, path).toExternalForm();
- }
- else
- {
- return new URL(protocol, hostname, port, path).toExternalForm();
- }
- }
- catch (MalformedURLException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public SamlConfiguration getSamlConfiguration()
- {
- return samlConfiguration;
- }
-
- public OpenIdConfiguration getOpenIdConfiguration()
- {
- return openIdConfiguration;
- }
-
- public String getHostname()
- {
- return hostname;
- }
-
- public String getProtocol()
- {
- return protocol;
- }
-
- public int getPort()
- {
- return port;
- }
-
- public String getLoggedOutUrl()
- {
- return loggedOutUrl;
- }
-
- public String getUnsolicitedAuthenticationUrl()
- {
- return unsolicitedAuthenticationUrl;
- }
-
- public String getFailedAuthenticationUrl()
- {
- return failedAuthenticationUrl;
- }
-
- public MethodExpression getInternalAuthenticationMethod()
- {
- return internalAuthenticationMethod;
- }
-}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,158 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+import java.util.UUID;
+
+import javax.servlet.ServletContext;
+
+import org.jboss.seam.security.external.dialogues.api.DialogueScoped;
+import org.jboss.weld.context.AbstractMapContext;
+import org.jboss.weld.context.api.BeanStore;
+import org.jboss.weld.context.beanstore.HashMapBeanStore;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class DialogueContext extends AbstractMapContext
+{
+ private static final String BEAN_STORE_ATTRIBUTE_NAME_PREFIX = "DialogueContextBeanStore";
+ private ServletContext servletContext;
+ private final ThreadLocal<String> dialogueIdThreadLocal;
+
+ public DialogueContext()
+ {
+ super(DialogueScoped.class);
+ dialogueIdThreadLocal = new ThreadLocal<String>();
+ }
+
+ @Override
+ protected BeanStore getBeanStore()
+ {
+ return getBeanStore(dialogueIdThreadLocal.get());
+ }
+
+ private BeanStore getBeanStore(String dialogueId)
+ {
+ BeanStore beanStore = (BeanStore) servletContext.getAttribute(getAttributeName(dialogueId));
+ return beanStore;
+ }
+
+ private void createBeanStore(String dialogueId)
+ {
+ BeanStore beanStore = new HashMapBeanStore();
+ servletContext.setAttribute(getAttributeName(dialogueId), beanStore);
+ }
+
+ private void removeBeanStore(String dialogueId)
+ {
+ servletContext.removeAttribute(getAttributeName(dialogueId));
+ }
+
+ private String getAttributeName(String dialogueId)
+ {
+ return BEAN_STORE_ATTRIBUTE_NAME_PREFIX + "_" + dialogueId;
+ }
+
+ @Override
+ protected boolean isCreationLockRequired()
+ {
+ // TODO: find out whether the creation lock is required
+ return false;
+ }
+
+ public void initialize(ServletContext servletContext)
+ {
+ this.servletContext = servletContext;
+ }
+
+ public void destroy()
+ {
+ this.servletContext = null;
+ }
+
+ public String create()
+ {
+ if (this.dialogueIdThreadLocal.get() != null)
+ {
+ throw new RuntimeException("Already attached to a dialogue");
+ }
+
+ String dialogueId;
+ do
+ {
+ dialogueId = UUID.randomUUID().toString();
+ }
+ while (getBeanStore(dialogueId) != null);
+
+ this.dialogueIdThreadLocal.set(dialogueId);
+ createBeanStore(dialogueId);
+ setActive(true);
+ return dialogueId;
+ }
+
+ public void remove()
+ {
+ removeBeanStore(this.dialogueIdThreadLocal.get());
+ this.dialogueIdThreadLocal.set(null);
+ setActive(false);
+ }
+
+ public boolean isExistingDialogue(String dialogueId)
+ {
+ return getBeanStore(dialogueId) != null;
+ }
+
+ /**
+ * Attaches an existing request to the current thread
+ *
+ * @param dialogueIdThreadLocal
+ */
+ public void attach(String dialogueId)
+ {
+ if (this.dialogueIdThreadLocal.get() != null)
+ {
+ throw new RuntimeException("Already attached to a dialogue");
+ }
+ if (!isExistingDialogue(dialogueId))
+ {
+ throw new RuntimeException("There is no active context with request id " + dialogueId);
+ }
+ this.dialogueIdThreadLocal.set(dialogueId);
+ setActive(true);
+ }
+
+ /**
+ * Detaches the request from the current thread
+ */
+ public void detach()
+ {
+ this.dialogueIdThreadLocal.set(null);
+ setActive(false);
+ }
+
+ public boolean isAttached()
+ {
+ return dialogueIdThreadLocal.get() != null;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextExtension.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextExtension.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextExtension.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.spi.AfterBeanDiscovery;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.Extension;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class DialogueContextExtension implements Extension
+{
+ private DialogueContext dialogueContext;
+
+ public void afterBeanDiscovery(@Observes AfterBeanDiscovery event, BeanManager manager)
+ {
+ dialogueContext = new DialogueContext();
+ event.addContext(dialogueContext);
+ }
+
+ public DialogueContext getDialogueContext()
+ {
+ return dialogueContext;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextExtension.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.ServletContextEvent;
+
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.servlet.event.qualifier.Destroyed;
+import org.jboss.seam.servlet.event.qualifier.Initialized;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class DialogueContextManagerImpl implements DialogueManager
+{
+ @Inject
+ private DialogueContextExtension dialogueContextExtension;
+
+ @Inject
+ private Instance<Dialogue> dialogue;
+
+ protected void servletInitialized(@Observes @Initialized final ServletContextEvent e)
+ {
+ dialogueContextExtension.getDialogueContext().initialize(e.getServletContext());
+ }
+
+ protected void servletDestroyed(@Observes @Destroyed final ServletContextEvent e)
+ {
+ dialogueContextExtension.getDialogueContext().destroy();
+ }
+
+ public void beginDialogue()
+ {
+ String dialogueId = dialogueContextExtension.getDialogueContext().create();
+ dialogue.get().setDialogueId(dialogueId);
+ }
+
+ public void endDialogue()
+ {
+ dialogueContextExtension.getDialogueContext().remove();
+ }
+
+ public void attachDialogue(String requestId)
+ {
+ dialogueContextExtension.getDialogueContext().attach(requestId);
+ }
+
+ public void detachDialogue()
+ {
+ dialogueContextExtension.getDialogueContext().detach();
+ }
+
+ public boolean isExistingDialogue(String dialogueId)
+ {
+ return dialogueContextExtension.getDialogueContext().isExistingDialogue(dialogueId);
+ }
+
+ public boolean isAttached()
+ {
+ return dialogueContextExtension.getDialogueContext().isAttached();
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManager.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManager.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManager.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface DialogueManager
+{
+ void beginDialogue();
+
+ void endDialogue();
+
+ boolean isExistingDialogue(String dialogueId);
+
+ boolean isAttached();
+
+ void attachDialogue(String dialogueId);
+
+ void detachDialogue();
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManager.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.interceptor.AroundInvoke;
+import javax.interceptor.Interceptor;
+import javax.interceptor.InvocationContext;
+
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Dialogued
+ at Interceptor
+public class DialoguedInterceptor
+{
+ @Inject
+ private DialogueManager manager;
+
+ @Inject
+ private Instance<Dialogue> dialogue;
+
+ @AroundInvoke
+ public Object intercept(InvocationContext ctx) throws Exception
+ {
+ boolean joined = false;
+ Object result;
+ boolean join = ctx.getMethod().getAnnotation(Dialogued.class).join();
+
+ if (!join || !manager.isAttached())
+ {
+ manager.beginDialogue();
+ joined = true;
+ }
+
+ try
+ {
+ result = ctx.proceed();
+ }
+ catch (Exception e)
+ {
+ if (!joined)
+ {
+ endOrDetachDialogue();
+ }
+ throw (e);
+ }
+
+ if (!joined)
+ {
+ endOrDetachDialogue();
+ }
+
+ return result;
+ }
+
+ private void endOrDetachDialogue()
+ {
+ if (dialogue.get().isFinished())
+ {
+ manager.endDialogue();
+ }
+ else
+ {
+ manager.detachDialogue();
+ }
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogue.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogue.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogue.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at DialogueScoped
+public class Dialogue
+{
+ private String dialogueId;
+
+ private boolean finished;
+
+ public String getDialogueId()
+ {
+ return dialogueId;
+ }
+
+ public void setDialogueId(String requestId)
+ {
+ this.dialogueId = requestId;
+ }
+
+ public boolean isFinished()
+ {
+ return finished;
+ }
+
+ public void setFinished(boolean finished)
+ {
+ this.finished = finished;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogue.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/DialogueScoped.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/DialogueScoped.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/DialogueScoped.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,46 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues.api;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.enterprise.context.NormalScope;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Documented
+ at Retention(RUNTIME)
+ at Target( { TYPE, METHOD, FIELD })
+ at NormalScope(passivating = false)
+public @interface DialogueScoped
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/DialogueScoped.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogued.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogued.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogued.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues.api;
+
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.enterprise.util.Nonbinding;
+import javax.interceptor.InterceptorBinding;
+
+ at InterceptorBinding
+ at Target( { METHOD, TYPE })
+ at Retention(RUNTIME)
+public @interface Dialogued
+{
+ @Nonbinding
+ boolean join() default false;
+}
\ No newline at end of file
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/Dialogued.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.EntityBean;
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+import org.jboss.seam.security.external.api.OpenIdRelyingPartyApi;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdBean extends EntityBean implements OpenIdRelyingPartyApi
+{
+ @Inject
+ private OpenIdSingleLoginSender openIdSingleLoginSender;
+
+ @Inject
+ private OpenIdSessions openIdSessions;
+
+ @Dialogued
+ public void signOn(String openId)
+ {
+ openIdSingleLoginSender.sendAuthRequest(openId);
+ }
+
+ @Dialogued
+ public void logout(OpenIdPrincipal openIdPrincipal)
+ {
+ if (!openIdSessions.isLoggedIn(openIdPrincipal))
+ {
+ throw new RuntimeException("Not logged in");
+ }
+ openIdSessions.logout(openIdPrincipal);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdConsumerManagerFactory.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdConsumerManagerFactory.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdConsumerManagerFactory.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+
+import org.openid4java.consumer.ConsumerManager;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class OpenIdConsumerManagerFactory
+{
+ private ConsumerManager consumerManager;
+
+ @Produces
+ public ConsumerManager getConsumerManager()
+ {
+ return consumerManager;
+ }
+
+ @Inject
+ public void startup() throws Exception
+ {
+ consumerManager = new ConsumerManager();
+ }
+}
\ No newline at end of file
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Observes;
+import javax.servlet.FilterRegistration;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+
+import org.jboss.seam.servlet.event.qualifier.Initialized;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class OpenIdFilterInstaller
+{
+ public static final String FILTER_PATH = "/openid";
+
+ protected void contextInitialized(@Observes @Initialized ServletContextEvent event)
+ {
+ ServletContext servletContext = event.getServletContext();
+ FilterRegistration filterRegistration = servletContext.addFilter("OpenIdFilter", new OpenIdServletFilter());
+ filterRegistration.addMappingForUrlPatterns(null, true, FILTER_PATH + "/*");
+ }
+}
\ No newline at end of file
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdMessageHandler
+{
+ @Inject
+ private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
+
+ @Inject
+ private OpenIdXrdsProvider openIdXrdsProvider;
+
+ @Inject
+ private ResponseHandler responseHolder;
+
+ public void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ {
+ OpenIdService service = determineService(httpRequest);
+
+ switch (service)
+ {
+ case OPEN_ID_SERVICE:
+ openIdSingleLoginReceiver.handleIncomingMessage(httpRequest);
+ break;
+ case OPEN_ID_XRDS_SERVICE:
+ openIdXrdsProvider.writeMetaData(responseHolder.getWriter("application/xrds+xml"));
+ break;
+ default:
+ throw new RuntimeException("Unsupported service " + service);
+ }
+ }
+
+ private OpenIdService determineService(HttpServletRequest httpRequest)
+ {
+ String path = httpRequest.getRequestURI();
+
+ for (OpenIdService service : OpenIdService.values())
+ {
+ if (path.contains(service.getName()))
+ {
+ return service;
+ }
+ }
+ return null;
+ }
+
+ public void destroy()
+ {
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRequest.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRequest.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRequest.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.io.Serializable;
+
+import javax.enterprise.context.SessionScoped;
+
+import org.openid4java.discovery.DiscoveryInformation;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at SessionScoped
+public class OpenIdRequest implements Serializable
+{
+ private static final long serialVersionUID = -6701058408595984106L;
+
+ private DiscoveryInformation discoveryInformation;
+
+ public DiscoveryInformation getDiscoveryInformation()
+ {
+ return discoveryInformation;
+ }
+
+ public void setDiscoveryInformation(DiscoveryInformation discoveryInformation)
+ {
+ this.discoveryInformation = discoveryInformation;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,45 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public enum OpenIdService
+{
+ OPEN_ID_SERVICE("OpenIdService"),
+
+ OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
+
+ private String name;
+
+ private OpenIdService(String name)
+ {
+ this.name = name;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/OpenIdConfiguration.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.util.List;
+
+import javax.inject.Inject;
+import javax.servlet.ServletContext;
+
+import org.jboss.seam.security.external.EntityBean;
+import org.jboss.seam.security.external.api.OpenIdAttribute;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at VirtualApplicationScoped
+public class OpenIdServiceProvider extends EntityBean
+{
+ private List<OpenIdAttribute> attributes;
+
+ private String realm;
+
+ @Inject
+ private ServletContext servletContext;
+
+ public String getServiceURL(OpenIdService service)
+ {
+ String portString;
+ if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443)
+ {
+ portString = ":" + port;
+ }
+ else
+ {
+ portString = "";
+ }
+ return protocol + "://" + hostName + portString + servletContext.getContextPath() + OpenIdFilterInstaller.FILTER_PATH + "/" + service.getName();
+ }
+
+ public List<OpenIdAttribute> getAttributes()
+ {
+ return attributes;
+ }
+
+ public void setAttributes(List<OpenIdAttribute> attributes)
+ {
+ this.attributes = attributes;
+ }
+
+ public String getRealm()
+ {
+ return realm;
+ }
+
+ public void setRealm(String realm)
+ {
+ this.realm = realm;
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.io.IOException;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.slf4j.Logger;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdServletFilter implements Filter
+{
+ @Inject
+ private Logger log;
+
+ @Inject
+ private Instance<OpenIdMessageHandler> openIdMessageHandler;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+ {
+ try
+ {
+ responseHolder.setResponse((HttpServletResponse) response);
+ openIdMessageHandler.get().handleMessage((HttpServletRequest) request);
+ }
+ catch (InvalidRequestException e)
+ {
+ ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, e.getDescription());
+ if (log.isInfoEnabled())
+ {
+ log.info("Bad request received from {}: {}", request.getRemoteHost(), e.getDescription());
+ }
+ }
+ }
+
+ public void destroy()
+ {
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.io.Serializable;
+import java.util.Set;
+
+import javax.enterprise.context.SessionScoped;
+
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at SessionScoped
+public class OpenIdSessions implements Serializable
+{
+ private static final long serialVersionUID = -6167224737841053169L;
+
+ private Set<OpenIdPrincipal> loggedInPrincipals;
+
+ public boolean isLoggedIn(OpenIdPrincipal principal)
+ {
+ return loggedInPrincipals.contains(principal);
+ }
+
+ public void login(OpenIdPrincipal principal)
+ {
+ loggedInPrincipals.add(principal);
+ }
+
+ public void logout(OpenIdPrincipal principal)
+ {
+ loggedInPrincipals.remove(principal);
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.net.URL;
+import java.util.List;
+import java.util.Map;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+import org.jboss.seam.security.external.spi.OpenIdServiceProviderSpi;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.Identifier;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.ParameterList;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchResponse;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdSingleLoginReceiver
+{
+ @Inject
+ private OpenIdRequest openIdRequest;
+
+ @Inject
+ private ConsumerManager openIdConsumerManager;
+
+ @Inject
+ private Instance<OpenIdServiceProviderSpi> openIdServiceProviderSpi;
+
+ @Inject
+ private OpenIdSessions openIdSessions;
+
+ @SuppressWarnings("unchecked")
+ public void handleIncomingMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ {
+ try
+ {
+ // extract the parameters from the authentication response
+ // (which comes in as a HTTP request from the OpenID provider)
+ ParameterList response = new ParameterList(httpRequest.getParameterMap());
+
+ // retrieve the previously stored discovery information
+ DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
+
+ // extract the receiving URL from the HTTP request
+ StringBuffer receivingURL = httpRequest.getRequestURL();
+ String queryString = httpRequest.getQueryString();
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(httpRequest.getQueryString());
+
+ // verify the response; ConsumerManager needs to be the same
+ // (static) instance used to place the authentication request
+ VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
+
+ // examine the verification result and extract the verified identifier
+ Identifier identifier = verification.getVerifiedId();
+
+ if (identifier != null)
+ {
+ AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
+
+ Map<String, List<String>> attributes = null;
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
+ {
+ FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
+
+ attributes = fetchResp.getAttributes();
+ }
+
+ OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
+ openIdSessions.login(principal);
+
+ openIdServiceProviderSpi.get().loginSucceeded(principal);
+ }
+ else
+ {
+ openIdServiceProviderSpi.get().loginFailed();
+ }
+ }
+ catch (OpenIDException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+ {
+ return new OpenIdPrincipal(identifier, openIdProvider, attributes);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,98 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.util.List;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.api.OpenIdAttribute;
+import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.ax.FetchRequest;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class OpenIdSingleLoginSender
+{
+ @Inject
+ private OpenIdRequest openIdRequest;
+
+ @Inject
+ private ConsumerManager openIdConsumerManager;
+
+ @Inject
+ private OpenIdServiceProvider serviceProvider;
+
+ @Inject
+ private ResponseHandler responseHandler;
+
+ @Inject
+ private Instance<SamlServiceProviderSpi> samlServiceProviderSpi;
+
+ public void sendAuthRequest(String openId)
+ {
+ try
+ {
+ @SuppressWarnings("unchecked")
+ List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
+
+ DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
+
+ openIdRequest.setDiscoveryInformation(discovered);
+
+ String openIdServiceUrl = serviceProvider.getServiceURL(OpenIdService.OPEN_ID_SERVICE);
+ String realm = serviceProvider.getRealm();
+ AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
+
+ // Request attributes
+ List<OpenIdAttribute> attributes = serviceProvider.getAttributes();
+ if (attributes.size() > 0)
+ {
+ FetchRequest fetch = FetchRequest.createFetchRequest();
+ for (OpenIdAttribute attribute : attributes)
+ {
+ fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
+ }
+ // attach the extension to the authentication request
+ authReq.addExtension(fetch);
+ }
+
+ String url = authReq.getDestinationUrl(true);
+
+ responseHandler.sendHttpRedirectToUserAgent(url);
+ }
+ catch (OpenIDException e)
+ {
+ samlServiceProviderSpi.get().loginFailed();
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.io.Writer;
+
+import javax.inject.Inject;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.JaxbContext;
+import org.jboss.seam.security.external.jaxb.xrds.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.xrds.Service;
+import org.jboss.seam.security.external.jaxb.xrds.Type;
+import org.jboss.seam.security.external.jaxb.xrds.URIPriorityAppendPattern;
+import org.jboss.seam.security.external.jaxb.xrds.XRD;
+import org.jboss.seam.security.external.jaxb.xrds.XRDS;
+import org.openid4java.discovery.DiscoveryInformation;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdXrdsProvider
+{
+ @Inject
+ private OpenIdServiceProvider serviceProvider;
+
+ @Inject
+ @JaxbContext(ObjectFactory.class)
+ private JAXBContext jaxbContext;
+
+ public void writeMetaData(Writer writer)
+ {
+ try
+ {
+ ObjectFactory objectFactory = new ObjectFactory();
+
+ XRDS xrds = objectFactory.createXRDS();
+
+ XRD xrd = objectFactory.createXRD();
+
+ Type type = objectFactory.createType();
+ type.setValue(DiscoveryInformation.OPENID2_RP);
+ URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
+ uri.setValue(serviceProvider.getServiceURL(OpenIdService.OPEN_ID_SERVICE));
+
+ Service service = objectFactory.createService();
+ service.getType().add(type);
+ service.getURI().add(uri);
+
+ xrd.getService().add(service);
+
+ xrds.getOtherelement().add(xrd);
+
+ Marshaller marshaller = jaxbContext.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(xrds, writer);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlConstants.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlConstants.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlConstants.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlConstants
+{
+ public static final String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+
+ public static final String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
+
+ public static final String AC_PASSWORD_PROTECTED_TRANSPORT = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
+
+ public static final String CONFIRMATION_METHOD_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+ public static final String VERSION_2_0 = "2.0";
+
+ public static final String PROTOCOL_NSURI = "urn:oasis:names:tc:SAML:2.0:protocol";
+
+ public static final String STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
+
+ public static final String STATUS_REQUESTER = "urn:oasis:names:tc:SAML:2.0:status:Requester";
+
+ public static final String STATUS_RESPONDER = "urn:oasis:names:tc:SAML:2.0:status:Responder";
+
+ public static final String XMLDSIG_NSURI = "http://www.w3.org/2000/09/xmldsig#";
+
+ public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
+
+ public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import org.jboss.seam.security.external.dialogues.api.DialogueScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at DialogueScoped
+public class SamlDialogue
+{
+ private SamlExternalEntity externalProvider;
+
+ private String externalProviderMessageId;
+
+ public void setExternalProvider(SamlExternalEntity externalProvider)
+ {
+ this.externalProvider = externalProvider;
+ }
+
+ public SamlExternalEntity getExternalProvider()
+ {
+ return externalProvider;
+ }
+
+ public String getExternalProviderMessageId()
+ {
+ return externalProviderMessageId;
+ }
+
+ public void setExternalProviderMessageId(String externalProviderRequestId)
+ {
+ this.externalProviderMessageId = externalProviderRequestId;
+ }
+
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEndpoint.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlEndpoint.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEndpoint.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEndpoint.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,68 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import org.jboss.seam.security.external.api.SamlBinding;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlEndpoint
+{
+ private SamlBinding samlBinding;
+
+ private String location;
+
+ private String responseLocation;
+
+ private SamlService service;
+
+ public SamlEndpoint(SamlService service, SamlBinding samlBinding, String location, String responseLocation)
+ {
+ super();
+ this.service = service;
+ this.samlBinding = samlBinding;
+ this.location = location;
+ this.responseLocation = responseLocation;
+ }
+
+ public SamlService getService()
+ {
+ return service;
+ }
+
+ public SamlBinding getBinding()
+ {
+ return samlBinding;
+ }
+
+ public String getLocation()
+ {
+ return location;
+ }
+
+ public String getResponseLocation()
+ {
+ return responseLocation != null ? responseLocation : location;
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,274 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.Reader;
+import java.io.Writer;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.inject.Inject;
+import javax.servlet.ServletContext;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.jboss.seam.security.external.EntityBean;
+import org.jboss.seam.security.external.JaxbContext;
+import org.jboss.seam.security.external.api.SamlBinding;
+import org.jboss.seam.security.external.api.SamlEntityApi;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntitiesDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.RoleDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.SSODescriptorType;
+import org.jboss.seam.security.external.jaxb.xmldsig.KeyInfoType;
+import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public abstract class SamlEntityBean extends EntityBean implements SamlEntityApi
+{
+ private Map<String, SSODescriptorType> metaInfo = new HashMap<String, SSODescriptorType>();
+
+ private String entityId;
+
+ private SamlSigningKey samlSigningKey;
+
+ private SamlBinding preferredBinding = SamlBinding.HTTP_Post;
+
+ @Inject
+ private ServletContext servletContext;
+
+ @Inject
+ @JaxbContext(ObjectFactory.class)
+ protected JAXBContext metaDataJaxbContext;
+
+ private boolean singleLogoutMessagesSigned = false;
+
+ private boolean wantSingleLogoutMessagesSigned = false;
+
+ public String getServiceURL(SamlServiceType service)
+ {
+ String portString;
+ if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443)
+ {
+ portString = ":" + port;
+ }
+ else
+ {
+ portString = "";
+ }
+ return protocol + "://" + hostName + portString + servletContext.getContextPath() + SamlFilterInstaller.FILTER_PATH + "/" + getIdpOrSp() + "/" + service.getName();
+ }
+
+ public void setEntityId(String entityId)
+ {
+ this.entityId = entityId;
+ }
+
+ public String getEntityId()
+ {
+ return entityId;
+ }
+
+ protected SamlSigningKey getSigningKey()
+ {
+ return samlSigningKey;
+ }
+
+ public void setSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass)
+ {
+ if (signingKeyPass == null)
+ {
+ signingKeyPass = keyStorePass;
+ }
+ samlSigningKey = new SamlSigningKey(keyStoreUrl, keyStorePass, signingKeyAlias, signingKeyPass);
+ }
+
+ public boolean isSingleLogoutMessagesSigned()
+ {
+ return singleLogoutMessagesSigned;
+ }
+
+ public void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned)
+ {
+ this.singleLogoutMessagesSigned = singleLogoutMessagesSigned;
+ }
+
+ public boolean isWantSingleLogoutMessagesSigned()
+ {
+ return wantSingleLogoutMessagesSigned;
+ }
+
+ public void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned)
+ {
+ this.wantSingleLogoutMessagesSigned = wantSingleLogoutMessagesSigned;
+ }
+
+ public abstract SamlIdpOrSp getIdpOrSp();
+
+ public abstract SamlExternalEntity getExternalSamlEntityByEntityId(String entityId);
+
+ public abstract SamlExternalEntity addExternalSamlEntity(Reader reader);
+
+ public abstract List<SamlExternalEntity> getExternalSamlEntities();
+
+ protected void readEntitiesDescriptor(Reader reader)
+ {
+ try
+ {
+ Unmarshaller unmarshaller = metaDataJaxbContext.createUnmarshaller();
+ JAXBElement<?> o = (JAXBElement<?>) unmarshaller.unmarshal(reader);
+ EntitiesDescriptorType entitiesDescriptor = (EntitiesDescriptorType) o.getValue();
+ readEntitiesDescriptor(entitiesDescriptor);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private void readEntitiesDescriptor(EntitiesDescriptorType entitiesDescriptor)
+ {
+ for (Object object : entitiesDescriptor.getEntityDescriptorOrEntitiesDescriptor())
+ {
+ if (object instanceof EntityDescriptorType)
+ {
+ EntityDescriptorType entityDescriptor = (EntityDescriptorType) object;
+ readEntityDescriptor(entityDescriptor);
+ }
+ else
+ {
+ EntitiesDescriptorType descriptor = (EntitiesDescriptorType) object;
+ readEntitiesDescriptor(descriptor);
+ }
+ }
+ }
+
+ private void readEntityDescriptor(EntityDescriptorType entityDescriptor)
+ {
+ String entityId = entityDescriptor.getEntityID();
+
+ for (RoleDescriptorType roleDescriptor : entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor())
+ {
+ metaInfo.put(entityId, (SSODescriptorType) roleDescriptor);
+ }
+ }
+
+ public Map<String, SSODescriptorType> getMetaInfo()
+ {
+ return metaInfo;
+ }
+
+ protected EntityDescriptorType readEntityDescriptor(Reader metaInfoReader)
+ {
+ try
+ {
+ Unmarshaller unmarshaller = metaDataJaxbContext.createUnmarshaller();
+ JAXBElement<?> o = (JAXBElement<?>) unmarshaller.unmarshal(metaInfoReader);
+ EntityDescriptorType entityDescriptor = (EntityDescriptorType) o.getValue();
+ return entityDescriptor;
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public abstract void writeMetaData(Writer writer);
+
+ protected void addKeyDescriptorToMetaData(SSODescriptorType ssoDescriptor)
+ {
+ ObjectFactory metaDataFactory = new ObjectFactory();
+ org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory signatureFactory = new org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory();
+
+ X509Certificate certificate = getSigningKey().getCertificate();
+ if (certificate == null)
+ throw new RuntimeException("Certificate obtained from configuration is null");
+
+ JAXBElement<byte[]> X509Certificate;
+ try
+ {
+ X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ X509DataType X509Data = signatureFactory.createX509DataType();
+ X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
+
+ KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
+ keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
+
+ KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
+ keyDescriptor.setUse(KeyTypes.SIGNING);
+ keyDescriptor.setKeyInfo(keyInfo);
+
+ ssoDescriptor.getKeyDescriptor().add(keyDescriptor);
+ }
+
+ protected void addSloEndpointsToMetaData(SSODescriptorType ssoDescriptor)
+ {
+ ObjectFactory metaDataFactory = new ObjectFactory();
+
+ IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+ sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+ sloRedirectEndpoint.setLocation(getServiceURL(SamlServiceType.SAML_SINGLE_LOGOUT_SERVICE));
+
+ IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
+ sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+ sloPostEndpoint.setLocation(getServiceURL(SamlServiceType.SAML_SINGLE_LOGOUT_SERVICE));
+
+ ssoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
+ ssoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
+ }
+
+ protected void addNameIDFormatsToMetaData(SSODescriptorType idpSsoDescriptor)
+ {
+ idpSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+ idpSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
+ idpSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+ idpSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+ }
+
+ public SamlBinding getPreferredBinding()
+ {
+ return preferredBinding;
+ }
+
+ public void setPreferredBinding(SamlBinding preferredBinding)
+ {
+ this.preferredBinding = preferredBinding;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlExternalEntity.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlExternalEntity.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlExternalEntity.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,108 @@
+package org.jboss.seam.security.external.saml;
+
+import java.security.PublicKey;
+import java.util.List;
+
+import javax.security.cert.X509Certificate;
+import javax.xml.bind.JAXBElement;
+
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
+import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public abstract class SamlExternalEntity
+{
+
+ private String entityId;
+
+ private PublicKey publicKey;
+
+ public SamlExternalEntity(String entityId, List<KeyDescriptorType> keyDescriptors)
+ {
+ super();
+ this.entityId = entityId;
+ setPublicKey(keyDescriptors);
+ }
+
+ public String getEntityId()
+ {
+ return entityId;
+ }
+
+ public PublicKey getPublicKey()
+ {
+ return publicKey;
+ }
+
+ private void setPublicKey(List<KeyDescriptorType> keyDescriptors)
+ {
+ for (KeyDescriptorType keyDescriptor : keyDescriptors)
+ {
+ if (keyDescriptor.getUse().equals(KeyTypes.SIGNING))
+ {
+ for (Object content : keyDescriptor.getKeyInfo().getContent())
+ {
+ if (content instanceof JAXBElement<?> && ((JAXBElement<?>) content).getValue() instanceof X509DataType)
+ {
+ X509DataType X509Data = (X509DataType) ((JAXBElement<?>) content).getValue();
+ for (Object object : X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName())
+ {
+ if (object instanceof JAXBElement<?>)
+ {
+ JAXBElement<?> el = (JAXBElement<?>) object;
+ if (el.getName().getLocalPart().equals("X509Certificate"))
+ {
+ byte[] certificate = (byte[]) el.getValue();
+ try
+ {
+ X509Certificate cert = X509Certificate.getInstance(certificate);
+ publicKey = cert.getPublicKey();
+ }
+ catch (javax.security.cert.CertificateException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public abstract SamlService getService(SamlProfile service);
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((entityId == null) ? 0 : entityId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ SamlExternalEntity other = (SamlExternalEntity) obj;
+ if (entityId == null)
+ {
+ if (other.entityId != null)
+ return false;
+ }
+ else if (!entityId.equals(other.entityId))
+ return false;
+ return true;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlExternalEntity.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Observes;
+import javax.servlet.FilterRegistration;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+
+import org.jboss.seam.servlet.event.qualifier.Initialized;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class SamlFilterInstaller
+{
+ public static final String FILTER_PATH = "/saml";
+
+ protected void contextInitialized(@Observes @Initialized ServletContextEvent event)
+ {
+ ServletContext servletContext = event.getServletContext();
+ FilterRegistration filterRegistration = servletContext.addFilter("SamlFilter", new SamlServletFilter());
+ filterRegistration.addMappingForUrlPatterns(null, true, FILTER_PATH + "/*");
+ }
+}
\ No newline at end of file
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlIdpOrSp.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlIdpOrSp.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlIdpOrSp.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public enum SamlIdpOrSp
+{
+ SP, IDP
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlIdpOrSp.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlMessage
+{
+ public static final String QSP_SAML_REQUEST = "SAMLRequest";
+ public static final String QSP_SAML_RESPONSE = "SAMLResponse";
+
+ protected SamlRequestOrResponse samlRequestOrResponse;
+
+ protected String samlMessage;
+
+ public SamlRequestOrResponse getRequestOrResponse()
+ {
+ return samlRequestOrResponse;
+ }
+
+ public void setRequestOrResponse(SamlRequestOrResponse samlRequestOrResponse)
+ {
+ this.samlRequestOrResponse = samlRequestOrResponse;
+ }
+
+ public String getSamlMessage()
+ {
+ return samlMessage;
+ }
+
+ public void setSamlMessage(String samlMessage)
+ {
+ this.samlMessage = samlMessage;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageFactory.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageFactory.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageFactory.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,197 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.util.GregorianCalendar;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AudienceRestrictionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnContextType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.ConditionsType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationDataType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusCodeType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
+import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class SamlMessageFactory
+{
+ private static final int ASSERTION_VALIDITY_IN_MINUTES = 5;
+
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
+ @Inject
+ private Dialogue dialogue;
+
+ @Inject
+ private Instance<SamlDialogue> samlDialogue;
+
+ private ObjectFactory objectFactory = new ObjectFactory();
+
+ private org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+ public StatusResponseType createStatusResponse(String statusCode, String statusMessage)
+ {
+ StatusResponseType response = objectFactory.createStatusResponseType();
+
+ fillStatusResponseFields(response, statusCode, statusMessage);
+
+ return response;
+ }
+
+ public AuthnRequestType createAuthnRequest()
+ {
+ AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
+
+ fillRequestAbstractTypeFields(authnRequest);
+
+ // Fill in the optional fields that indicate where and how the response
+ // should be delivered.
+ authnRequest.setAssertionConsumerServiceURL(samlEntityBean.get().getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));
+ authnRequest.setProtocolBinding(SamlConstants.HTTP_POST_BINDING);
+
+ return authnRequest;
+ }
+
+ public ResponseType createResponse(SamlIdpSession session, SamlEndpoint externalSamlEndpoint)
+ {
+ ResponseType response = objectFactory.createResponseType();
+
+ fillStatusResponseFields(response, SamlConstants.STATUS_SUCCESS, null);
+
+ AssertionType assertion = assertionObjectFactory.createAssertionType();
+ response.getAssertionOrEncryptedAssertion().add(assertion);
+
+ SubjectType subject = assertionObjectFactory.createSubjectType();
+ assertion.setSubject(subject);
+
+ NameIDType nameID = assertionObjectFactory.createNameIDType();
+ subject.getContent().add(assertionObjectFactory.createNameID(nameID));
+ nameID.setValue(session.getPrincipal().getNameId().getValue());
+ nameID.setFormat(session.getPrincipal().getNameId().getFormat());
+ nameID.setNameQualifier(session.getPrincipal().getNameId().getQualifier());
+
+ SubjectConfirmationType subjectConfirmation = assertionObjectFactory.createSubjectConfirmationType();
+ subject.getContent().add(assertionObjectFactory.createSubjectConfirmation(subjectConfirmation));
+ subjectConfirmation.setMethod(SamlConstants.CONFIRMATION_METHOD_BEARER);
+ subjectConfirmation.setNameID(nameID);
+
+ SubjectConfirmationDataType subjectConfirmationData = assertionObjectFactory.createSubjectConfirmationDataType();
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subjectConfirmationData.setRecipient(externalSamlEndpoint.getLocation());
+ subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
+ subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());
+
+ ConditionsType conditions = assertionObjectFactory.createConditionsType();
+ assertion.setConditions(conditions);
+ AudienceRestrictionType audienceRestriction = assertionObjectFactory.createAudienceRestrictionType();
+ conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestriction);
+ audienceRestriction.getAudience().add(samlDialogue.get().getExternalProvider().getEntityId());
+
+ AuthnStatementType authnStatement = assertionObjectFactory.createAuthnStatementType();
+ assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
+ authnStatement.setAuthnInstant(SamlUtils.getXMLGregorianCalendarNow());
+ authnStatement.setSessionIndex(session.getSessionIndex());
+
+ AuthnContextType authnContext = assertionObjectFactory.createAuthnContextType();
+ authnStatement.setAuthnContext(authnContext);
+ authnContext.getContent().add(assertionObjectFactory.createAuthnContextDeclRef(SamlConstants.AC_PASSWORD_PROTECTED_TRANSPORT));
+
+ return response;
+ }
+
+ public LogoutRequestType createLogoutRequest(SamlNameId samlNameId, String sessionIndex)
+ {
+ LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
+
+ fillRequestAbstractTypeFields(logoutRequest);
+
+ NameIDType nameID = assertionObjectFactory.createNameIDType();
+ nameID.setValue(samlNameId.getValue());
+ nameID.setFormat(samlNameId.getFormat());
+ nameID.setNameQualifier(samlNameId.getQualifier());
+ logoutRequest.setNameID(nameID);
+
+ logoutRequest.getSessionIndex().add(sessionIndex);
+
+ return logoutRequest;
+ }
+
+ private void fillRequestAbstractTypeFields(RequestAbstractType request)
+ {
+ request.setID(dialogue.getDialogueId());
+ request.setIssueInstant(SamlUtils.getXMLGregorianCalendarNow());
+
+ NameIDType issuer = assertionObjectFactory.createNameIDType();
+ issuer.setValue(samlEntityBean.get().getEntityId());
+ request.setIssuer(issuer);
+
+ request.setVersion(SamlConstants.VERSION_2_0);
+ }
+
+ private void fillStatusResponseFields(StatusResponseType response, String statusCode, String statusMessage)
+ {
+ response.setID(dialogue.getDialogueId());
+ response.setIssueInstant(SamlUtils.getXMLGregorianCalendarNow());
+
+ NameIDType issuer = assertionObjectFactory.createNameIDType();
+ issuer.setValue(samlEntityBean.get().getEntityId());
+ response.setIssuer(issuer);
+
+ response.setVersion(SamlConstants.VERSION_2_0);
+ response.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());
+
+ StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
+ statusCodeJaxb.setValue(statusCode);
+
+ StatusType statusType = objectFactory.createStatusType();
+ statusType.setStatusCode(statusCodeJaxb);
+ if (statusMessage != null)
+ {
+ statusType.setStatusMessage(statusMessage);
+ }
+
+ response.setStatus(statusType);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,373 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.zip.Inflater;
+import java.util.zip.InflaterInputStream;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.jboss.seam.security.external.Base64;
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.JaxbContext;
+import org.jboss.seam.security.external.dialogues.DialogueManager;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.saml.idp.SamlIdpBean;
+import org.jboss.seam.security.external.saml.idp.SamlIdpSingleLogoutService;
+import org.jboss.seam.security.external.saml.idp.SamlIdpSingleSignOnService;
+import org.jboss.seam.security.external.saml.sp.SamlSpBean;
+import org.jboss.seam.security.external.saml.sp.SamlSpSingleLogoutService;
+import org.jboss.seam.security.external.saml.sp.SamlSpSingleSignOnService;
+import org.slf4j.Logger;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class SamlMessageReceiver
+{
+ @Inject
+ private Logger log;
+
+ @Inject
+ private DialogueManager dialogueManager;
+
+ @Inject
+ private Instance<Dialogue> dialogue;
+
+ @Inject
+ private Instance<SamlDialogue> samlDialogue;
+
+ @Inject
+ private SamlSpSingleLogoutService samlSpSingleLogoutService;
+
+ @Inject
+ private SamlIdpSingleLogoutService samlIdpSingleLogoutService;
+
+ @Inject
+ private SamlSpSingleSignOnService samlSpSingleSignOnService;
+
+ @Inject
+ private SamlIdpSingleSignOnService samlIdpSingleSignOnService;
+
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
+ @Inject
+ private Instance<SamlSpBean> samlSpBean;
+
+ @Inject
+ private Instance<SamlIdpBean> samlIdpBean;
+
+ @Inject
+ private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
+
+ @Inject
+ private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
+
+ @Inject
+ @JaxbContext( { RequestAbstractType.class, StatusResponseType.class })
+ private JAXBContext jaxbContext;
+
+ @Inject
+ private Instance<SamlEntityBean> configuredSamlEntity;
+
+ public void handleIncomingSamlMessage(SamlServiceType service, HttpServletRequest httpRequest, SamlIdpOrSp idpOrSp) throws InvalidRequestException
+ {
+ String samlRequestParam = httpRequest.getParameter(SamlRedirectMessage.QSP_SAML_REQUEST);
+ String samlResponseParam = httpRequest.getParameter(SamlRedirectMessage.QSP_SAML_RESPONSE);
+
+ SamlRequestOrResponse samlRequestOrResponse;
+ String samlMessage;
+
+ if (samlRequestParam != null && samlResponseParam == null)
+ {
+ samlMessage = samlRequestParam;
+ samlRequestOrResponse = SamlRequestOrResponse.REQUEST;
+ }
+ else if (samlRequestParam == null && samlResponseParam != null)
+ {
+ samlMessage = samlResponseParam;
+ samlRequestOrResponse = SamlRequestOrResponse.RESPONSE;
+ }
+ else
+ {
+ throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
+ }
+
+ InputStream is;
+ if (httpRequest.getMethod().equals("POST"))
+ {
+ byte[] decodedMessage = Base64.decode(samlMessage);
+ is = new ByteArrayInputStream(decodedMessage);
+ }
+ else
+ {
+ byte[] base64Decoded = Base64.decode(samlMessage);
+ ByteArrayInputStream bais = new ByteArrayInputStream(base64Decoded);
+ is = new InflaterInputStream(bais, new Inflater(true));
+ }
+
+ Document document = getDocument(is);
+ String issuerEntityId;
+ RequestAbstractType samlRequestMessage = null;
+ StatusResponseType samlResponseMessage = null;
+ if (samlRequestOrResponse.isRequest())
+ {
+ samlRequestMessage = getSamlRequest(document);
+ issuerEntityId = samlRequestMessage.getIssuer().getValue();
+ }
+ else
+ {
+ samlResponseMessage = getSamlResponse(document);
+ issuerEntityId = samlResponseMessage.getIssuer().getValue();
+ }
+ if (log.isDebugEnabled())
+ {
+ log.debug("Received: " + SamlUtils.getDocumentAsString(document));
+ }
+
+ if (samlRequestOrResponse.isRequest() || samlResponseMessage.getInResponseTo() == null)
+ {
+ // Request or unsolicited response
+
+ boolean serviceFound = false;
+ String destination = samlRequestMessage.getDestination();
+ for (SamlEntityBean samlEntityBean : configuredSamlEntity)
+ {
+ for (SamlServiceType samlServiceType : SamlServiceType.values())
+ {
+ if (samlEntityBean.getServiceURL(samlServiceType).equals(destination))
+ {
+ serviceFound = true;
+ }
+ }
+ }
+ if (!serviceFound)
+ {
+ throw new InvalidRequestException("No service found at destination " + destination);
+ }
+
+ dialogueManager.beginDialogue();
+ samlDialogue.get().setExternalProviderMessageId(samlRequestMessage.getID());
+ SamlExternalEntity externalProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(issuerEntityId);
+ if (externalProvider == null)
+ {
+ throw new InvalidRequestException("Received message from unknown entity id " + issuerEntityId);
+ }
+ samlDialogue.get().setExternalProvider(externalProvider);
+ }
+ else
+ {
+ String dialogueId = samlResponseMessage.getInResponseTo();
+ if (!dialogueManager.isExistingDialogue(dialogueId))
+ {
+ throw new InvalidRequestException("No request that corresponds with the received response");
+ }
+
+ dialogueManager.attachDialogue(dialogueId);
+ if (!(samlDialogue.get().getExternalProvider().getEntityId().equals(issuerEntityId)))
+ {
+ throw new InvalidRequestException("Identity samlEntityBean of request and response do not match");
+ }
+ }
+
+ SamlExternalEntity externalProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(issuerEntityId);
+
+ boolean validate;
+ if (samlRequestOrResponse.isRequest())
+ {
+ if (service.getProfile() == SamlProfile.SINGLE_SIGN_ON)
+ {
+ if (idpOrSp == SamlIdpOrSp.IDP)
+ {
+ validate = samlIdpBean.get().isWantAuthnRequestsSigned();
+ }
+ else
+ {
+ validate = samlSpBean.get().isWantAssertionsSigned();
+ }
+ }
+ else
+ {
+ if (idpOrSp == SamlIdpOrSp.IDP)
+ {
+ validate = samlIdpBean.get().isWantSingleLogoutMessagesSigned();
+ }
+ else
+ {
+ validate = samlSpBean.get().isWantSingleLogoutMessagesSigned();
+ }
+ }
+ }
+ else
+ {
+ validate = samlResponseMessage instanceof ResponseType;
+ }
+
+ if (validate)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Validating the signature");
+ }
+ if (httpRequest.getMethod().equals("POST"))
+ {
+ signatureUtilForPostBinding.validateSignature(externalProvider.getPublicKey(), document);
+ }
+ else
+ {
+ SamlRedirectMessage redirectMessage = new SamlRedirectMessage(samlRequestOrResponse, httpRequest);
+ signatureUtilForRedirectBinding.validateSignature(redirectMessage, externalProvider.getPublicKey());
+ }
+ }
+
+ try
+ {
+ if (service.getProfile() == SamlProfile.SINGLE_SIGN_ON)
+ {
+ if (samlRequestOrResponse.isRequest())
+ {
+ samlIdpSingleSignOnService.processSPRequest(httpRequest, samlRequestMessage);
+ }
+ else
+ {
+ samlSpSingleSignOnService.processIDPResponse(httpRequest, samlResponseMessage);
+ }
+ }
+ else
+ {
+ if (samlRequestOrResponse.isRequest())
+ {
+ if (idpOrSp == SamlIdpOrSp.IDP)
+ {
+ samlIdpSingleLogoutService.processSPRequest(httpRequest, samlRequestMessage);
+ }
+ else
+ {
+ samlSpSingleLogoutService.processIDPRequest(httpRequest, samlRequestMessage);
+ }
+ }
+ else
+ {
+ if (idpOrSp == SamlIdpOrSp.IDP)
+ {
+ samlIdpSingleLogoutService.processSPResponse(httpRequest, samlResponseMessage);
+ }
+ else
+ {
+ samlSpSingleLogoutService.processIDPResponse(httpRequest, samlResponseMessage);
+ }
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ dialogueManager.endDialogue();
+ throw new RuntimeException(e);
+ }
+
+ if (dialogue.get().isFinished())
+ {
+ dialogueManager.endDialogue();
+ }
+ else
+ {
+ dialogueManager.detachDialogue();
+ }
+ }
+
+ private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
+ {
+ try
+ {
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ @SuppressWarnings("unchecked")
+ JAXBElement<RequestAbstractType> jaxbRequest = (JAXBElement<RequestAbstractType>) unmarshaller.unmarshal(document);
+ RequestAbstractType request = jaxbRequest.getValue();
+ return request;
+ }
+ catch (JAXBException e)
+ {
+ throw new InvalidRequestException("SAML message could not be parsed", e);
+ }
+ }
+
+ private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
+ {
+ try
+ {
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ @SuppressWarnings("unchecked")
+ JAXBElement<StatusResponseType> jaxbResponseType = (JAXBElement<StatusResponseType>) unmarshaller.unmarshal(document);
+ StatusResponseType statusResponse = jaxbResponseType.getValue();
+ return statusResponse;
+ }
+ catch (JAXBException e)
+ {
+ throw new InvalidRequestException("SAML message could not be parsed", e);
+ }
+ }
+
+ private Document getDocument(InputStream is) throws InvalidRequestException
+ {
+ try
+ {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(is);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new InvalidRequestException("SAML request could not be parsed", e);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,299 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.zip.Deflater;
+import java.util.zip.DeflaterOutputStream;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.xml.bind.Binder;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.jboss.seam.security.external.Base64;
+import org.jboss.seam.security.external.JaxbContext;
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.api.SamlBinding;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.saml.sp.SamlExternalIdentityProvider;
+import org.slf4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class SamlMessageSender
+{
+ @Inject
+ private Logger log;
+
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
+ @Inject
+ private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
+
+ @Inject
+ private SamlSignatureUtilForRedirectBinding samlSignatureUtilForRedirectBinding;
+
+ @Inject
+ private ResponseHandler responseHandler;
+
+ @Inject
+ @JaxbContext( { RequestAbstractType.class, StatusResponseType.class })
+ private JAXBContext jaxbContext;
+
+ @Inject
+ private Instance<SamlDialogue> samlDialogue;
+
+ public void sendRequest(SamlExternalEntity samlProvider, SamlProfile profile, RequestAbstractType samlRequest)
+ {
+ Document message = null;
+
+ SamlService service = samlProvider.getService(profile);
+ SamlEndpoint endpoint = getEndpoint(service);
+
+ try
+ {
+ samlRequest.setDestination(endpoint.getLocation());
+
+ JAXBElement<?> requestElement;
+ if (samlRequest instanceof AuthnRequestType)
+ {
+ AuthnRequestType authnRequest = (AuthnRequestType) samlRequest;
+ requestElement = new ObjectFactory().createAuthnRequest(authnRequest);
+ }
+ else if (samlRequest instanceof LogoutRequestType)
+ {
+ LogoutRequestType logoutRequest = (LogoutRequestType) samlRequest;
+ requestElement = new ObjectFactory().createLogoutRequest(logoutRequest);
+ }
+ else
+ {
+ throw new RuntimeException("Currently only authentication and logout requests can be sent");
+ }
+
+ Binder<Node> binder = jaxbContext.createBinder();
+
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ DocumentBuilder builder;
+ builder = factory.newDocumentBuilder();
+ message = builder.newDocument();
+
+ binder.marshal(requestElement, message);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ sendMessage(samlProvider, message, SamlRequestOrResponse.REQUEST, endpoint);
+ }
+
+ public void sendResponse(SamlExternalEntity samlProvider, StatusResponseType samlResponse, SamlProfile profile)
+ {
+ Document message = null;
+
+ SamlService service = samlProvider.getService(profile);
+ SamlEndpoint endpoint = getEndpoint(service);
+
+ try
+ {
+ samlResponse.setDestination(endpoint.getResponseLocation());
+
+ JAXBElement<? extends StatusResponseType> responseElement;
+ if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
+ {
+ responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
+ }
+ else
+ {
+ responseElement = new ObjectFactory().createResponse((ResponseType) samlResponse);
+ }
+
+ Binder<Node> binder = jaxbContext.createBinder();
+
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ DocumentBuilder builder;
+ builder = factory.newDocumentBuilder();
+ message = builder.newDocument();
+
+ binder.marshal(responseElement, message);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ sendMessage(samlDialogue.get().getExternalProvider(), message, SamlRequestOrResponse.RESPONSE, endpoint);
+ }
+
+ public SamlEndpoint getEndpoint(SamlService service)
+ {
+ SamlEndpoint endpoint = service.getEndpointForBinding(samlEntityBean.get().getPreferredBinding());
+ if (endpoint == null)
+ {
+ // Preferred binding not available. Use the other binding.
+ endpoint = service.getEndpointForBinding(samlEntityBean.get().getPreferredBinding() == SamlBinding.HTTP_Post ? SamlBinding.HTTP_Redirect : SamlBinding.HTTP_Post);
+ }
+ if (endpoint == null)
+ {
+ throw new RuntimeException("No endpoint found for profile " + service.getProfile());
+ }
+ return endpoint;
+ }
+
+ private void sendMessage(SamlExternalEntity samlProvider, Document message, SamlRequestOrResponse samlRequestOrResponse, SamlEndpoint endpoint)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Sending " + samlRequestOrResponse + ": " + SamlUtils.getDocumentAsString(message));
+ }
+
+ try
+ {
+ boolean signMessage;
+
+ if (endpoint.getService().getProfile() == SamlProfile.SINGLE_SIGN_ON)
+ {
+ if (samlEntityBean.get().getIdpOrSp() == SamlIdpOrSp.SP)
+ {
+ signMessage = ((SamlExternalIdentityProvider) samlProvider).isWantAuthnRequestsSigned();
+ }
+ else
+ {
+ signMessage = true;
+ }
+ }
+ else
+ {
+ signMessage = samlEntityBean.get().isSingleLogoutMessagesSigned();
+ }
+
+ if (endpoint.getBinding() == SamlBinding.HTTP_Redirect)
+ {
+ byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ Deflater deflater = new Deflater(Deflater.DEFLATED, true);
+ DeflaterOutputStream deflaterStream = new DeflaterOutputStream(baos, deflater);
+ deflaterStream.write(responseBytes);
+ deflaterStream.finish();
+
+ byte[] deflatedMsg = baos.toByteArray();
+ String base64EncodedResponse = Base64.encodeBytes(deflatedMsg, Base64.DONT_BREAK_LINES);
+
+ PrivateKey privateKey = null;
+ if (signMessage)
+ {
+ privateKey = samlEntityBean.get().getSigningKey().getPrivateKey();
+ }
+ sendSamlRedirect(base64EncodedResponse, signMessage, samlRequestOrResponse, privateKey, endpoint);
+ }
+ else
+ {
+ if (signMessage)
+ {
+ PublicKey publicKey = samlEntityBean.get().getSigningKey().getCertificate().getPublicKey();
+ PrivateKey privateKey = samlEntityBean.get().getSigningKey().getPrivateKey();
+ signatureUtilForPostBinding.sign(message, new KeyPair(publicKey, privateKey));
+ }
+ byte[] messageBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
+
+ String base64EncodedMessage = Base64.encodeBytes(messageBytes, Base64.DONT_BREAK_LINES);
+
+ SamlPostMessage samlPostMessage = new SamlPostMessage();
+ samlPostMessage.setRequestOrResponse(samlRequestOrResponse);
+ samlPostMessage.setSamlMessage(base64EncodedMessage);
+ responseHandler.sendFormToUserAgent(endpoint.getLocation(), samlPostMessage);
+ }
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private void sendSamlRedirect(String base64EncodedSamlMessage, boolean sign, SamlRequestOrResponse samlRequestOrResponse, PrivateKey signingKey, SamlEndpoint endpoint)
+ {
+ SamlRedirectMessage redirectMessage = new SamlRedirectMessage();
+
+ if (sign)
+ {
+ try
+ {
+ redirectMessage.setRequestOrResponse(samlRequestOrResponse);
+ redirectMessage.setSamlMessage(base64EncodedSamlMessage);
+
+ samlSignatureUtilForRedirectBinding.sign(redirectMessage, signingKey);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ else
+ {
+ redirectMessage.setRequestOrResponse(samlRequestOrResponse);
+ redirectMessage.setSamlMessage(base64EncodedSamlMessage);
+ }
+
+ responseHandler.sendHttpRedirectToUserAgent(endpoint.getLocation(), redirectMessage);
+ }
+
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlPostMessage.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlPostMessage.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlPostMessage.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlPostMessage extends SamlMessage
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlPostMessage.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlProfile.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlProfile.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlProfile.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public enum SamlProfile
+{
+ SINGLE_SIGN_ON, SINGLE_LOGOUT
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,203 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+
+import javax.servlet.ServletRequest;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlRedirectMessage extends SamlMessage
+{
+ // Query string parameters used by the HTTP_Redirect binding
+ public static final String QSP_SIGNATURE = "Signature";
+ public static final String QSP_SIG_ALG = "SigAlg";
+ public static final String QSP_RELAY_STATE = "RelayState";
+
+ private String signature;
+
+ private String signatureAlgorithm;
+
+ private String relayState;
+
+ // If this is true, the samlMessage, signature, signatureAlgorithm and
+ // relayState values are in url encoded form
+ private boolean urlEncoded;
+
+ public SamlRedirectMessage()
+ {
+ }
+
+ public SamlRedirectMessage(SamlRequestOrResponse samlRequestOrResponse, ServletRequest request)
+ {
+ this.samlRequestOrResponse = samlRequestOrResponse;
+ if (samlRequestOrResponse.isRequest())
+ {
+ samlMessage = request.getParameter(SamlRedirectMessage.QSP_SAML_REQUEST);
+ }
+ else
+ {
+ samlMessage = request.getParameter(SamlRedirectMessage.QSP_SAML_RESPONSE);
+ }
+ relayState = request.getParameter(SamlRedirectMessage.QSP_RELAY_STATE);
+ signatureAlgorithm = request.getParameter(SamlRedirectMessage.QSP_SIG_ALG);
+ signature = request.getParameter(SamlRedirectMessage.QSP_SIGNATURE);
+ urlEncoded = true;
+ }
+
+ public String createQueryString()
+ {
+ if (!urlEncoded)
+ {
+ encode();
+ }
+ StringBuilder queryString = new StringBuilder();
+ if (samlRequestOrResponse.isRequest())
+ {
+ addParamToQueryString(queryString, SamlRedirectMessage.QSP_SAML_REQUEST, samlMessage);
+ }
+ else
+ {
+ addParamToQueryString(queryString, SamlRedirectMessage.QSP_SAML_RESPONSE, samlMessage);
+ }
+ addParamToQueryString(queryString, SamlRedirectMessage.QSP_RELAY_STATE, relayState);
+ addParamToQueryString(queryString, SamlRedirectMessage.QSP_SIG_ALG, signatureAlgorithm);
+ addParamToQueryString(queryString, SamlRedirectMessage.QSP_SIGNATURE, signature);
+
+ return queryString.toString();
+ }
+
+ private void addParamToQueryString(StringBuilder queryString, String parameterName, String parameterValue)
+ {
+ if (parameterValue != null && parameterValue.length() != 0)
+ {
+ if (queryString.length() != 0)
+ {
+ queryString.append('&');
+ }
+ queryString.append(parameterName);
+ queryString.append('=');
+ queryString.append(parameterValue);
+ }
+ }
+
+ public String getSignature()
+ {
+ return signature;
+ }
+
+ public void setSignature(String signature)
+ {
+ this.signature = signature;
+ }
+
+ public String getSignatureAlgorithm()
+ {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm)
+ {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
+ public String getRelayState()
+ {
+ return relayState;
+ }
+
+ public void setRelayState(String relayState)
+ {
+ this.relayState = relayState;
+ }
+
+ public boolean isUrlEncoded()
+ {
+ return urlEncoded;
+ }
+
+ public void setUrlEncoded(boolean urlEncoded)
+ {
+ this.urlEncoded = urlEncoded;
+ }
+
+ public void encode()
+ {
+ if (!urlEncoded)
+ {
+ samlMessage = urlEncode(samlMessage);
+ signature = urlEncode(signature);
+ signatureAlgorithm = urlEncode(signatureAlgorithm);
+ relayState = urlEncode(relayState);
+ urlEncoded = true;
+ }
+ }
+
+ public void decode()
+ {
+ if (urlEncoded)
+ {
+ samlMessage = urlDecode(samlMessage);
+ signature = urlDecode(signature);
+ signatureAlgorithm = urlDecode(signatureAlgorithm);
+ relayState = urlDecode(relayState);
+ urlEncoded = false;
+ }
+ }
+
+ private String urlEncode(String value)
+ {
+ if (value == null)
+ {
+ return null;
+ }
+ try
+ {
+ return URLEncoder.encode(value, "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private String urlDecode(String value)
+ {
+ if (value == null)
+ {
+ return null;
+ }
+ try
+ {
+ return URLDecoder.decode(value, "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRequestOrResponse.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRequestOrResponse.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRequestOrResponse.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public enum SamlRequestOrResponse
+{
+ REQUEST, RESPONSE;
+
+ public boolean isRequest()
+ {
+ return this == REQUEST;
+ }
+
+ public boolean isResponse()
+ {
+ return this == RESPONSE;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlService.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlService.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import org.jboss.seam.security.external.api.SamlBinding;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EndpointType;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlService
+{
+ private SamlProfile profile;
+
+ private List<SamlEndpoint> serviceEndpoints = new LinkedList<SamlEndpoint>();
+
+ public SamlService(SamlProfile profile, List<? extends EndpointType> endpoints)
+ {
+ this.profile = profile;
+
+ for (EndpointType endpoint : endpoints)
+ {
+ SamlBinding samlBinding = null;
+ if (endpoint.getBinding().endsWith("HTTP-Redirect"))
+ {
+ samlBinding = SamlBinding.HTTP_Redirect;
+ }
+ else if (endpoint.getBinding().endsWith("HTTP-POST"))
+ {
+ samlBinding = SamlBinding.HTTP_Post;
+ }
+ else
+ {
+ // ignore other bindings
+ }
+ if (samlBinding != null)
+ {
+ SamlEndpoint samlEndpoint = new SamlEndpoint(this, samlBinding, endpoint.getLocation(), endpoint.getResponseLocation());
+ serviceEndpoints.add(samlEndpoint);
+ }
+ }
+ }
+
+ public SamlProfile getProfile()
+ {
+ return profile;
+ }
+
+ public List<SamlEndpoint> getServiceEndpoints()
+ {
+ return serviceEndpoints;
+ }
+
+ public SamlEndpoint getEndpointForBinding(SamlBinding samlBinding)
+ {
+ for (SamlEndpoint endpoint : serviceEndpoints)
+ {
+ if (endpoint.getBinding() == samlBinding)
+ {
+ return endpoint;
+ }
+ }
+
+ return null;
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServiceType.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServiceType.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServiceType.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public enum SamlServiceType
+{
+ SAML_SINGLE_SIGN_ON_SERVICE("SingleSignOnService", SamlProfile.SINGLE_SIGN_ON),
+
+ SAML_ASSERTION_CONSUMER_SERVICE("AssertionConsumerService", SamlProfile.SINGLE_SIGN_ON),
+
+ SAML_SINGLE_LOGOUT_SERVICE("SingleLogoutService", SamlProfile.SINGLE_LOGOUT),
+
+ SAML_META_DATA_SERVICE("MetaDataService", null);
+
+ private String name;
+
+ private SamlProfile profile;
+
+ private SamlServiceType(String name, SamlProfile profile)
+ {
+ this.name = name;
+ this.profile = profile;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+
+ public SamlProfile getProfile()
+ {
+ return profile;
+ }
+
+ public static SamlServiceType getByName(String name)
+ {
+ for (SamlServiceType service : values())
+ {
+ if (service.getName().equals(name))
+ {
+ return service;
+ }
+ }
+ return null;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServiceType.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.slf4j.Logger;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlServletFilter implements Filter
+{
+ @Inject
+ private Logger log;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ @Inject
+ private SamlMessageReceiver samlMessageReceiver;
+
+ @Inject
+ private ResponseHandler responseHandler;
+
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+ {
+ try
+ {
+ responseHolder.setResponse((HttpServletResponse) response);
+ handleMessage((HttpServletRequest) request);
+ }
+ catch (InvalidRequestException e)
+ {
+ ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, e.getDescription());
+ if (log.isInfoEnabled())
+ {
+ log.info("Bad request received from {}: {}", request.getRemoteHost(), e.getDescription());
+ }
+ }
+ }
+
+ private void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ {
+ Matcher matcher = Pattern.compile("/(IDP|SP)/(.*?)$").matcher(httpRequest.getRequestURI());
+ boolean found = matcher.find();
+ if (!found)
+ {
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ }
+ SamlIdpOrSp idpOrSp = SamlIdpOrSp.valueOf(matcher.group(1));
+ SamlServiceType service = SamlServiceType.getByName(matcher.group(2));
+
+ switch (service)
+ {
+ case SAML_SINGLE_LOGOUT_SERVICE:
+ case SAML_SINGLE_SIGN_ON_SERVICE:
+ case SAML_ASSERTION_CONSUMER_SERVICE:
+ samlMessageReceiver.handleIncomingSamlMessage(service, httpRequest, idpOrSp);
+ break;
+ case SAML_META_DATA_SERVICE:
+ samlEntityBean.get().writeMetaData(responseHandler.getWriter("application/xml"));
+ break;
+ default:
+ throw new RuntimeException("Unsupported service " + service);
+ }
+ }
+
+ public void destroy()
+ {
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForPostBinding.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForPostBinding.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForPostBinding.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,208 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.Key;
+import java.security.KeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PrivilegedAction;
+import java.security.PublicKey;
+import java.security.Security;
+import java.util.Collections;
+import java.util.List;
+
+import javax.inject.Inject;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSignatureUtilForPostBinding
+{
+ private final static Logger log = LoggerFactory.getLogger(SamlSignatureUtilForPostBinding.class);
+
+ private XMLSignatureFactory fac;
+
+ @Inject
+ public void init()
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
+ return null;
+ }
+ });
+ fac = getXMLSignatureFactory();
+ };
+
+ private XMLSignatureFactory getXMLSignatureFactory()
+ {
+ if (Security.getProvider("DOM") != null)
+ {
+ return XMLSignatureFactory.getInstance("DOM");
+ }
+ else
+ {
+ // No security provider found for the XML Digital Signature API (JSR
+ // 105). Probably we have to do with JDK 1.5 or lower.
+ // See
+ // http://weblogs.java.net/blog/2008/02/27/using-jsr-105-jdk-14-or-15.
+ // We assume that the reference implementation of JSR 105 is available
+ // at runtime.
+ return XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
+ }
+ }
+
+ public Document sign(Document doc, KeyPair keyPair)
+ {
+ if (log.isTraceEnabled())
+ {
+ log.trace("Document to be signed={0}", new Object[] { SamlUtils.getDocumentAsString(doc) });
+ }
+
+ PrivateKey signingKey = keyPair.getPrivate();
+ PublicKey publicKey = keyPair.getPublic();
+
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ dsc.setDefaultNamespacePrefix("dsig");
+
+ try
+ {
+ DigestMethod digestMethodObj = fac.newDigestMethod(DigestMethod.SHA1, null);
+ Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
+
+ List<Transform> transformList = Collections.singletonList(transform);
+ String referenceURI = "#" + doc.getDocumentElement().getAttribute("ID");
+ Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
+
+ String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+ CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
+
+ List<Reference> referenceList = Collections.singletonList(ref);
+
+ String signatureMethodString = publicKey.getAlgorithm().equalsIgnoreCase("RSA") ? SignatureMethod.RSA_SHA1 : SignatureMethod.DSA_SHA1;
+ SignatureMethod signatureMethod = fac.newSignatureMethod(signatureMethodString, null);
+ SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethod, referenceList);
+
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(publicKey);
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ signature.sign(dsc);
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (InvalidAlgorithmParameterException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (KeyException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (MarshalException e)
+ {
+ throw new RuntimeException(e);
+
+ }
+ return doc;
+ }
+
+ public void validateSignature(Key publicKey, Document signedDoc) throws InvalidRequestException
+ {
+ NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+ if (nl == null || nl.getLength() == 0)
+ {
+ throw new InvalidRequestException("Signature element is not present or has zero length.");
+ }
+
+ try
+ {
+ DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+ boolean signatureValid = signature.validate(valContext);
+
+ if (log.isTraceEnabled() && !signatureValid)
+ {
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ log.trace("Signature validation status: " + sv);
+
+ @SuppressWarnings("unchecked")
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for (Reference ref : references)
+ {
+ log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
+ }
+ }
+
+ if (!signatureValid)
+ {
+ throw new InvalidRequestException("Invalid signature.");
+ }
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (MarshalException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForRedirectBinding.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForRedirectBinding.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSignatureUtilForRedirectBinding.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,155 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+
+import javax.xml.crypto.dsig.SignatureMethod;
+
+import org.jboss.seam.security.external.Base64;
+import org.jboss.seam.security.external.InvalidRequestException;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSignatureUtilForRedirectBinding
+{
+ public void sign(SamlRedirectMessage urlEncodedRedirectMessage, PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ urlEncodedRedirectMessage.setSignatureAlgorithm(getXMLSignatureAlgorithmURI(signingKey.getAlgorithm()));
+
+ byte[] signature = computeSignature(urlEncodedRedirectMessage.createQueryString(), signingKey);
+
+ String base64encodedSignature = Base64.encodeBytes(signature, Base64.DONT_BREAK_LINES);
+
+ String urlEncodedSignature = URLEncoder.encode(base64encodedSignature, "UTF-8");
+
+ urlEncodedRedirectMessage.setSignature(urlEncodedSignature);
+ }
+
+ private byte[] computeSignature(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
+ {
+ String algo = signingKey.getAlgorithm();
+ Signature sig = getSignature(algo);
+ sig.initSign(signingKey);
+ sig.update(stringToBeSigned.getBytes());
+ return sig.sign();
+ }
+
+ public void validateSignature(SamlRedirectMessage urlEncodedRedirectMessage, PublicKey publicKey) throws InvalidRequestException
+ {
+ if (urlEncodedRedirectMessage.getSignature() == null)
+ {
+ throw new InvalidRequestException("Signature parameter is not present.");
+ }
+
+ String urlDecodedSignature;
+ try
+ {
+ urlDecodedSignature = URLDecoder.decode(urlEncodedRedirectMessage.getSignature(), "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ byte[] base64DecodedSignature = Base64.decode(urlDecodedSignature);
+
+ // Reconstruct the string that has been signed by the other party
+ SamlRedirectMessage signedRedirectMessage = new SamlRedirectMessage();
+ signedRedirectMessage.setRequestOrResponse(urlEncodedRedirectMessage.getRequestOrResponse());
+ signedRedirectMessage.setSamlMessage(urlEncodedRedirectMessage.getSamlMessage());
+ signedRedirectMessage.setRelayState(urlEncodedRedirectMessage.getRelayState());
+ signedRedirectMessage.setSignatureAlgorithm(urlEncodedRedirectMessage.getSignatureAlgorithm());
+ signedRedirectMessage.setUrlEncoded(true);
+ String signedString = signedRedirectMessage.createQueryString();
+
+ boolean isValid;
+ try
+ {
+ isValid = validate(signedString.getBytes("UTF-8"), base64DecodedSignature, publicKey);
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ if (!isValid)
+ {
+ throw new InvalidRequestException("Invalid signature.");
+ }
+ }
+
+ private boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
+ {
+ String algo = validatingKey.getAlgorithm();
+ Signature sig = getSignature(algo);
+
+ sig.initVerify(validatingKey);
+ sig.update(signedContent);
+ return sig.verify(signatureValue);
+ }
+
+ private Signature getSignature(String algo) throws GeneralSecurityException
+ {
+ Signature sig = null;
+
+ if ("DSA".equalsIgnoreCase(algo))
+ {
+ sig = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
+ }
+ else if ("RSA".equalsIgnoreCase(algo))
+ {
+ sig = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
+ }
+ else
+ throw new RuntimeException("Unknown signature algorithm:" + algo);
+ return sig;
+ }
+
+ private String getXMLSignatureAlgorithmURI(String algo)
+ {
+ String xmlSignatureAlgo = null;
+
+ if ("DSA".equalsIgnoreCase(algo))
+ {
+ xmlSignatureAlgo = SignatureMethod.DSA_SHA1;
+ }
+ else if ("RSA".equalsIgnoreCase(algo))
+ {
+ xmlSignatureAlgo = SignatureMethod.RSA_SHA1;
+ }
+ return xmlSignatureAlgo;
+ }
+}
\ No newline at end of file
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSigningKey.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSigningKey.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSigningKey.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSigningKey
+{
+ private PrivateKey privateKey;
+
+ private X509Certificate certificate;
+
+ public SamlSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass)
+ {
+ if (signingKeyPass == null)
+ {
+ signingKeyPass = keyStorePass;
+ }
+ getSigningKeyPair(keyStoreUrl, keyStorePass, signingKeyAlias, signingKeyPass);
+ }
+
+ private void getSigningKeyPair(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass)
+ {
+ final String classPathPrefix = "classpath:";
+
+ try
+ {
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ InputStream keyStoreStream;
+ if (keyStoreUrl.startsWith(classPathPrefix))
+ {
+ keyStoreStream = getClass().getResourceAsStream(keyStoreUrl.substring(classPathPrefix.length()));
+ if (keyStoreStream == null)
+ {
+ throw new RuntimeException("Keystore " + keyStoreUrl + " could not be loaded from the classpath.");
+ }
+ }
+ else
+ {
+ keyStoreStream = new URL(keyStoreUrl).openStream();
+ }
+ char[] keyStorePwd = keyStorePass != null ? keyStorePass.toCharArray() : null;
+ keyStore.load(keyStoreStream, keyStorePwd);
+
+ certificate = (X509Certificate) keyStore.getCertificate(signingKeyAlias);
+
+ char[] signingKeyPwd = signingKeyPass != null ? signingKeyPass.toCharArray() : null;
+
+ privateKey = (PrivateKey) keyStore.getKey(signingKeyAlias, signingKeyPwd);
+
+ if (privateKey == null)
+ {
+ throw new RuntimeException("Key with alias " + signingKeyAlias + " was not found in keystore " + keyStoreUrl);
+ }
+ }
+ catch (KeyStoreException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (CertificateException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (MalformedURLException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (UnrecoverableKeyException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public PrivateKey getPrivateKey()
+ {
+ return privateKey;
+ }
+
+ public X509Certificate getCertificate()
+ {
+ return certificate;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlSigningKey.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlUtils.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlUtils.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlUtils.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,131 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.StringWriter;
+import java.util.GregorianCalendar;
+
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeConstants;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.ConditionsType;
+import org.w3c.dom.Document;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlUtils
+{
+
+ public static XMLGregorianCalendar getXMLGregorianCalendarNow()
+ {
+ return getXMLGregorianCalendar(new GregorianCalendar());
+ }
+
+ public static XMLGregorianCalendar getXMLGregorianCalendarNowPlusDuration(int field, int amount)
+ {
+ GregorianCalendar gregorianCalendar = new GregorianCalendar();
+ gregorianCalendar.add(field, amount);
+ return getXMLGregorianCalendar(gregorianCalendar);
+ }
+
+ private static XMLGregorianCalendar getXMLGregorianCalendar(GregorianCalendar gregorianCalendar)
+ {
+ try
+ {
+ DatatypeFactory dtf = DatatypeFactory.newInstance();
+ return dtf.newXMLGregorianCalendar(gregorianCalendar);
+ }
+ catch (DatatypeConfigurationException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static boolean hasAssertionExpired(AssertionType assertion)
+ {
+ ConditionsType conditionsType = assertion.getConditions();
+ if (conditionsType != null)
+ {
+ XMLGregorianCalendar now = getXMLGregorianCalendarNow();
+ XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+ XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+
+ if (notBefore != null)
+ {
+ int val = notBefore.compare(now);
+ if (val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
+ {
+ return true;
+ }
+ }
+
+ if (notOnOrAfter != null)
+ {
+ int val = notOnOrAfter.compare(now);
+ if (val != DatatypeConstants.GREATER)
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public static String getDocumentAsString(Document document)
+ {
+ Source source = new DOMSource(document);
+ StringWriter sw = new StringWriter();
+
+ Result streamResult = new StreamResult(sw);
+ try
+ {
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ transformer.setOutputProperty(OutputKeys.INDENT, "no");
+ transformer.transform(source, streamResult);
+ }
+ catch (TransformerException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ return sw.toString();
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlExternalServiceProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlExternalServiceProvider.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlExternalServiceProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.SPSSODescriptorType;
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.saml.SamlService;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlExternalServiceProvider extends SamlExternalEntity
+{
+ private Map<SamlProfile, SamlService> services = new HashMap<SamlProfile, SamlService>();
+
+ private boolean wantAssertionsSigned = true;
+
+ private boolean authnRequestsSigned;
+
+ public SamlExternalServiceProvider(String entityId, SPSSODescriptorType SPSSODescriptor)
+ {
+ super(entityId, SPSSODescriptor.getKeyDescriptor());
+
+ wantAssertionsSigned = SPSSODescriptor.isWantAssertionsSigned();
+ authnRequestsSigned = SPSSODescriptor.isAuthnRequestsSigned();
+
+ services.put(SamlProfile.SINGLE_SIGN_ON, new SamlService(SamlProfile.SINGLE_SIGN_ON, SPSSODescriptor.getAssertionConsumerService()));
+ services.put(SamlProfile.SINGLE_LOGOUT, new SamlService(SamlProfile.SINGLE_LOGOUT, SPSSODescriptor.getSingleLogoutService()));
+ }
+
+ public SamlService getService(SamlProfile service)
+ {
+ return services.get(service);
+ }
+
+ public boolean isWantAssertionsSigned()
+ {
+ return wantAssertionsSigned;
+ }
+
+ public void setWantAssertionsSigned(boolean wantAssertionsSigned)
+ {
+ this.wantAssertionsSigned = wantAssertionsSigned;
+ }
+
+ public boolean isAuthnRequestsSigned()
+ {
+ return authnRequestsSigned;
+ }
+
+ public void setAuthnRequestsSigned(boolean authnRequestsSigned)
+ {
+ this.authnRequestsSigned = authnRequestsSigned;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlExternalServiceProvider.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlIdentityProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,222 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import java.io.Reader;
+import java.io.Writer;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.Typed;
+import javax.inject.Inject;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.api.SamlPrincipal;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.SPSSODescriptorType;
+import org.jboss.seam.security.external.saml.SamlConstants;
+import org.jboss.seam.security.external.saml.SamlDialogue;
+import org.jboss.seam.security.external.saml.SamlEntityBean;
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+import org.jboss.seam.security.external.saml.SamlIdpOrSp;
+import org.jboss.seam.security.external.saml.SamlServiceType;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Typed(SamlIdpBean.class)
+public class SamlIdpBean extends SamlEntityBean implements SamlIdentityProviderApi
+{
+ @Inject
+ private SamlIdpSingleSignOnService samlIdpSingleSignOnService;
+
+ @Inject
+ private SamlIdpSingleLogoutService samlIdpSingleSignLogoutService;
+
+ @Inject
+ private SamlIdpSessions samlIdpSessions;
+
+ private List<SamlExternalServiceProvider> serviceProviders = new LinkedList<SamlExternalServiceProvider>();
+
+ // No boolean assertionsSigned: the identity provider always signs the
+ // assertions.
+
+ private boolean wantAuthnRequestsSigned = false;
+
+ @Inject
+ private Instance<SamlDialogue> samlDialogue;
+
+ public List<SamlExternalServiceProvider> getServiceProviders()
+ {
+ return serviceProviders;
+ }
+
+ public SamlExternalServiceProvider addExternalServiceProvider(String entityId, SPSSODescriptorType spSsoDescriptor)
+ {
+ SamlExternalServiceProvider samlServiceProvider = new SamlExternalServiceProvider(entityId, spSsoDescriptor);
+ serviceProviders.add(samlServiceProvider);
+ return samlServiceProvider;
+ }
+
+ public SamlExternalServiceProvider addExternalSamlEntity(Reader reader)
+ {
+ EntityDescriptorType entityDescriptor = readEntityDescriptor(reader);
+ String entityId = entityDescriptor.getEntityID();
+ SPSSODescriptorType SPSSODescriptor = (SPSSODescriptorType) entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().get(0);
+ return addExternalServiceProvider(entityId, SPSSODescriptor);
+ }
+
+ @Override
+ public List<SamlExternalEntity> getExternalSamlEntities()
+ {
+ List<SamlExternalEntity> samlEntities = new LinkedList<SamlExternalEntity>();
+ for (SamlExternalServiceProvider sp : serviceProviders)
+ {
+ samlEntities.add(sp);
+ }
+ return samlEntities;
+ }
+
+ public boolean isWantAuthnRequestsSigned()
+ {
+ return wantAuthnRequestsSigned;
+ }
+
+ public void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)
+ {
+ this.wantAuthnRequestsSigned = wantAuthnRequestsSigned;
+ }
+
+ public SamlExternalServiceProvider getExternalSamlEntityByEntityId(String entityId)
+ {
+ for (SamlExternalServiceProvider serviceProvider : serviceProviders)
+ {
+ if (serviceProvider.getEntityId().equals(entityId))
+ {
+ return serviceProvider;
+ }
+ }
+ return null;
+ }
+
+ public void writeMetaData(Writer writer)
+ {
+ try
+ {
+ ObjectFactory metaDataFactory = new ObjectFactory();
+
+ IndexedEndpointType ssoRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+ ssoRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+ ssoRedirectEndpoint.setLocation(getServiceURL(SamlServiceType.SAML_SINGLE_SIGN_ON_SERVICE));
+
+ IndexedEndpointType ssoPostEndpoint = metaDataFactory.createIndexedEndpointType();
+ ssoPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+ ssoPostEndpoint.setLocation(getServiceURL(SamlServiceType.SAML_SINGLE_SIGN_ON_SERVICE));
+
+ IDPSSODescriptorType idpSsoDescriptor = metaDataFactory.createIDPSSODescriptorType();
+
+ idpSsoDescriptor.getSingleSignOnService().add(ssoRedirectEndpoint);
+ idpSsoDescriptor.getSingleSignOnService().add(ssoPostEndpoint);
+ addSloEndpointsToMetaData(idpSsoDescriptor);
+
+ idpSsoDescriptor.setWantAuthnRequestsSigned(isWantAuthnRequestsSigned());
+
+ idpSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
+
+ addNameIDFormatsToMetaData(idpSsoDescriptor);
+
+ addKeyDescriptorToMetaData(idpSsoDescriptor);
+
+ EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
+ entityDescriptor.setEntityID(getEntityId());
+ entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(idpSsoDescriptor);
+
+ Marshaller marshaller = metaDataJaxbContext.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), writer);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Dialogued(join = true)
+ public void authenticationSucceeded(SamlNameId nameId, List<AttributeType> attributes)
+ {
+ SamlPrincipal samlPrincipal = new SamlPrincipal();
+ samlPrincipal.setNameId(nameId);
+ if (attributes != null)
+ {
+ samlPrincipal.setAttributes(attributes);
+ }
+ else
+ {
+ samlPrincipal.setAttributes(new LinkedList<AttributeType>());
+ }
+ SamlIdpSession session = samlIdpSessions.addSession(samlPrincipal, (SamlExternalServiceProvider) samlDialogue.get().getExternalProvider());
+
+ samlIdpSingleSignOnService.handleSucceededAuthentication(session);
+ }
+
+ public void authenticationSucceeded(SamlIdpSession sessionToJoin)
+ {
+ sessionToJoin.getServiceProviders().add((SamlExternalServiceProvider) samlDialogue.get().getExternalProvider());
+
+ samlIdpSingleSignOnService.handleSucceededAuthentication(sessionToJoin);
+ }
+
+ @Dialogued(join = true)
+ public void authenticationFailed()
+ {
+ samlIdpSingleSignOnService.handleFailedAuthentication();
+ }
+
+ public Set<SamlIdpSession> getSessions()
+ {
+ return samlIdpSessions.getSessions();
+ }
+
+ @Dialogued(join = true)
+ public void logout(SamlPrincipal principal, List<String> indexes)
+ {
+ samlIdpSingleSignLogoutService.handleIDPInitiatedSingleLogout(principal, indexes);
+ }
+
+ @Override
+ public SamlIdpOrSp getIdpOrSp()
+ {
+ return SamlIdpOrSp.IDP;
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInApplicationScopeProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInApplicationScopeProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInApplicationScopeProducer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.New;
+import javax.enterprise.inject.Produces;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Alternative
+public class SamlIdpInApplicationScopeProducer
+{
+ @Produces
+ @ApplicationScoped
+ public SamlIdpBean produce(@New SamlIdpBean idp)
+ {
+ return idp;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInApplicationScopeProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInVirtualApplicationScopeProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInVirtualApplicationScopeProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInVirtualApplicationScopeProducer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.New;
+import javax.enterprise.inject.Produces;
+
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplication;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Alternative
+public class SamlIdpInVirtualApplicationScopeProducer
+{
+ @Produces
+ @VirtualApplicationScoped
+ public SamlIdpBean produce(@New SamlIdpBean idp, VirtualApplication virtualApplication)
+ {
+ String hostName = virtualApplication.getHostName();
+ idp.setHostName(hostName);
+ idp.setEntityId("https://" + hostName);
+
+ return idp;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpInVirtualApplicationScopeProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpIncomingLogoutDialogue.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpIncomingLogoutDialogue.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpIncomingLogoutDialogue.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,51 @@
+package org.jboss.seam.security.external.saml.idp;
+
+import java.util.List;
+
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.dialogues.api.DialogueScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at DialogueScoped
+public class SamlIdpIncomingLogoutDialogue
+{
+ private SamlNameId nameId;
+
+ private List<String> sessionIndexes;
+
+ private boolean failed;
+
+ public SamlNameId getNameId()
+ {
+ return nameId;
+ }
+
+ public void setNameId(SamlNameId nameId)
+ {
+ this.nameId = nameId;
+ }
+
+ public List<String> getSessionIndexes()
+ {
+ return sessionIndexes;
+ }
+
+ public void setSessionIndexes(List<String> sessionIndexes)
+ {
+ this.sessionIndexes = sessionIndexes;
+ }
+
+ public boolean isFailed()
+ {
+ return failed;
+ }
+
+ public void setFailed(boolean failure)
+ {
+ this.failed = failure;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpIncomingLogoutDialogue.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpOutgoingLogoutDialogue.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpOutgoingLogoutDialogue.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpOutgoingLogoutDialogue.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,36 @@
+package org.jboss.seam.security.external.saml.idp;
+
+import org.jboss.seam.security.external.dialogues.api.DialogueScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at DialogueScoped
+public class SamlIdpOutgoingLogoutDialogue
+{
+ private SamlIdpSession session;
+
+ private String incomingDialogueId;
+
+ public SamlIdpSession getSession()
+ {
+ return session;
+ }
+
+ public void setSession(SamlIdpSession session)
+ {
+ this.session = session;
+ }
+
+ public String getIncomingDialogueId()
+ {
+ return incomingDialogueId;
+ }
+
+ public void setIncomingDialogueId(String incomingDialogueId)
+ {
+ this.incomingDialogueId = incomingDialogueId;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpOutgoingLogoutDialogue.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSession.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSession.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSession.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.jboss.seam.security.external.api.SamlPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlIdpSession
+{
+ private SamlPrincipal principal;
+
+ private String sessionIndex;
+
+ private Set<SamlExternalServiceProvider> serviceProviders = new HashSet<SamlExternalServiceProvider>();
+
+ public SamlPrincipal getPrincipal()
+ {
+ return principal;
+ }
+
+ public void setPrincipal(SamlPrincipal samlPrincipal)
+ {
+ this.principal = samlPrincipal;
+ }
+
+ public String getSessionIndex()
+ {
+ return sessionIndex;
+ }
+
+ public void setSessionIndex(String sessionIndex)
+ {
+ this.sessionIndex = sessionIndex;
+ }
+
+ public Set<SamlExternalServiceProvider> getServiceProviders()
+ {
+ return serviceProviders;
+ }
+
+ public void setServiceProviders(Set<SamlExternalServiceProvider> serviceProviders)
+ {
+ this.serviceProviders = serviceProviders;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((principal == null) ? 0 : principal.hashCode());
+ result = prime * result + ((sessionIndex == null) ? 0 : sessionIndex.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ SamlIdpSession other = (SamlIdpSession) obj;
+ if (principal == null)
+ {
+ if (other.principal != null)
+ return false;
+ }
+ else if (!principal.equals(other.principal))
+ return false;
+ if (sessionIndex == null)
+ {
+ if (other.sessionIndex != null)
+ return false;
+ }
+ else if (!sessionIndex.equals(other.sessionIndex))
+ return false;
+ return true;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSession.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.enterprise.context.SessionScoped;
+
+import org.jboss.seam.security.external.api.SamlPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at SessionScoped
+public class SamlIdpSessions implements Serializable
+{
+ private static final long serialVersionUID = 6297278286428111620L;
+
+ private Set<SamlIdpSession> sessions = new HashSet<SamlIdpSession>();
+
+ public SamlIdpSession addSession(SamlPrincipal principal, SamlExternalServiceProvider serviceProvider)
+ {
+ String sessionIndex;
+ int i = 0;
+ do
+ {
+ sessionIndex = Integer.toString(i);
+ }
+ while (getSession(principal, sessionIndex) != null);
+
+ SamlIdpSession session = new SamlIdpSession();
+ session.setPrincipal(principal);
+ session.getServiceProviders().add(serviceProvider);
+ session.setSessionIndex(sessionIndex);
+ sessions.add(session);
+
+ return session;
+ }
+
+ public SamlIdpSession getSession(SamlPrincipal principal, String sessionIndex)
+ {
+ for (SamlIdpSession session : sessions)
+ {
+ if (session.getPrincipal().equals(principal) && session.getSessionIndex().equals(sessionIndex))
+ {
+ return session;
+ }
+ }
+ return null;
+ }
+
+ public void removeSession(SamlIdpSession session)
+ {
+ sessions.remove(session);
+ }
+
+ public Set<SamlIdpSession> getSessions()
+ {
+ return sessions;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,214 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import java.util.List;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.api.SamlPrincipal;
+import org.jboss.seam.security.external.dialogues.DialogueManager;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.saml.SamlConstants;
+import org.jboss.seam.security.external.saml.SamlDialogue;
+import org.jboss.seam.security.external.saml.SamlMessageFactory;
+import org.jboss.seam.security.external.saml.SamlMessageSender;
+import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.spi.SamlIdentityProviderSpi;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlIdpSingleLogoutService
+{
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private SamlIdpSessions samlIdpSessions;
+
+ @Inject
+ private Instance<SamlIdentityProviderSpi> samlIdentityProviderSpi;
+
+ @Inject
+ private Instance<Dialogue> dialogue;
+
+ @Inject
+ private Instance<SamlDialogue> samlDialogue;
+
+ @Inject
+ private Instance<SamlIdpIncomingLogoutDialogue> samlIdpIncomingLogoutDialogue;
+
+ @Inject
+ private Instance<SamlIdpOutgoingLogoutDialogue> samlIdpOutgoingLogoutDialogue;
+
+ @Inject
+ private DialogueManager dialogueManager;
+
+ public void processSPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
+ {
+ if (!(request instanceof LogoutRequestType))
+ {
+ throw new InvalidRequestException("Request should be a single logout request.");
+ }
+
+ LogoutRequestType logoutRequest = (LogoutRequestType) request;
+
+ NameIDType nameIdJaxb = logoutRequest.getNameID();
+ SamlNameId samlNameId = new SamlNameId(nameIdJaxb.getValue(), nameIdJaxb.getFormat(), nameIdJaxb.getNameQualifier());
+
+ samlIdpIncomingLogoutDialogue.get().setNameId(samlNameId);
+ samlIdpIncomingLogoutDialogue.get().setSessionIndexes(logoutRequest.getSessionIndex());
+
+ removeNextSessionParticipant();
+ }
+
+ public void handleIDPInitiatedSingleLogout(SamlPrincipal principal, List<String> indexes)
+ {
+ samlIdpIncomingLogoutDialogue.get().setNameId(principal.getNameId());
+ samlIdpIncomingLogoutDialogue.get().setSessionIndexes(indexes);
+
+ removeNextSessionParticipant();
+ }
+
+ private void removeNextSessionParticipant()
+ {
+ SamlNameId samlNameId = samlIdpIncomingLogoutDialogue.get().getNameId();
+ List<String> sessionIndexes = samlIdpIncomingLogoutDialogue.get().getSessionIndexes();
+
+ boolean readyForNow = false;
+
+ while (!readyForNow)
+ {
+ // Find the next session that matches with the removal criteria and
+ // that has not been removed yet.
+ SamlIdpSession sessionToRemove = null;
+ for (SamlIdpSession session : samlIdpSessions.getSessions())
+ {
+ if (session.getPrincipal().getNameId().equals(samlNameId))
+ {
+ if (sessionIndexes == null || sessionIndexes.size() == 0 || sessionIndexes.contains(session.getSessionIndex()))
+ {
+ sessionToRemove = session;
+ break;
+ }
+ }
+ }
+
+ if (sessionToRemove != null)
+ {
+ // For the session that is about to be removed, get the first
+ // service provider that participates in the session. Remove it from
+ // the session.
+ SamlExternalServiceProvider sp = sessionToRemove.getServiceProviders().iterator().next();
+ sessionToRemove.getServiceProviders().remove(sp);
+ if (sessionToRemove.getServiceProviders().size() == 0)
+ {
+ samlIdpSessions.removeSession(sessionToRemove);
+ if (samlDialogue.get().getExternalProvider() != null)
+ {
+ samlIdentityProviderSpi.get().loggedOut(sessionToRemove);
+ }
+ }
+
+ // If the session participant is not the party that initiated the
+ // single logout, and it has a single logout service, send a
+ // single logout request. Otherwise, move on to the next session
+ // participant (if available) or to the next session.
+ if (!sp.equals(samlDialogue.get().getExternalProvider()) && sp.getService(SamlProfile.SINGLE_LOGOUT) != null)
+ {
+ String incomingDialogueId = dialogue.get().getDialogueId();
+ dialogueManager.detachDialogue();
+ dialogueManager.beginDialogue();
+ samlIdpOutgoingLogoutDialogue.get().setIncomingDialogueId(incomingDialogueId);
+
+ sendSingleLogoutRequestToSP(sessionToRemove, sp);
+ readyForNow = true;
+ }
+ }
+ else
+ {
+ finishSingleLogoutProcess();
+ readyForNow = true;
+ }
+ }
+ }
+
+ private void finishSingleLogoutProcess()
+ {
+ boolean failed = samlIdpIncomingLogoutDialogue.get().isFailed();
+ if (samlDialogue.get().getExternalProvider() != null)
+ {
+ StatusResponseType response = samlMessageFactory.createStatusResponse(failed ? SamlConstants.STATUS_RESPONDER : SamlConstants.STATUS_SUCCESS, null);
+ samlMessageSender.sendResponse(samlDialogue.get().getExternalProvider(), response, SamlProfile.SINGLE_LOGOUT);
+ }
+ else
+ {
+ if (failed)
+ {
+ samlIdentityProviderSpi.get().singleLogoutFailed();
+ }
+ else
+ {
+ samlIdentityProviderSpi.get().singleLogoutSucceeded();
+ }
+ }
+ dialogue.get().setFinished(true);
+ }
+
+ public void processSPResponse(HttpServletRequest httpRequest, StatusResponseType response)
+ {
+ // End the outgoing samlDialogue and re-attach to the incoming
+ // samlDialogue
+ String incomingDialogueId = samlIdpOutgoingLogoutDialogue.get().getIncomingDialogueId();
+ dialogueManager.endDialogue();
+ dialogueManager.attachDialogue(incomingDialogueId);
+
+ if (response.getStatus() != null && !response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
+ {
+ samlIdpIncomingLogoutDialogue.get().setFailed(true);
+ }
+
+ removeNextSessionParticipant();
+ }
+
+ public void sendSingleLogoutRequestToSP(SamlIdpSession session, SamlExternalServiceProvider sp)
+ {
+ LogoutRequestType logoutRequest;
+ logoutRequest = samlMessageFactory.createLogoutRequest(session.getPrincipal().getNameId(), session.getSessionIndex());
+ samlDialogue.get().setExternalProvider(sp);
+
+ samlMessageSender.sendRequest(sp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.saml.SamlConstants;
+import org.jboss.seam.security.external.saml.SamlDialogue;
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+import org.jboss.seam.security.external.saml.SamlMessageFactory;
+import org.jboss.seam.security.external.saml.SamlMessageSender;
+import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.saml.SamlService;
+import org.jboss.seam.security.external.saml.sp.SamlExternalIdentityProvider;
+import org.jboss.seam.security.external.spi.SamlIdentityProviderSpi;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlIdpSingleSignOnService
+{
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private Instance<SamlIdentityProviderSpi> samlIdentityProviderSpi;
+
+ @Inject
+ private Dialogue dialogue;
+
+ @Inject
+ private SamlDialogue samlDialogue;
+
+ public void processSPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
+ {
+ if (!(request instanceof AuthnRequestType))
+ {
+ throw new InvalidRequestException("Request should be an authentication request.");
+ }
+
+ samlIdentityProviderSpi.get().authenticate();
+ }
+
+ public void handleSucceededAuthentication(SamlIdpSession session)
+ {
+ sendAuthenticationResponse(session, false);
+ }
+
+ private void sendAuthenticationResponse(SamlIdpSession session, boolean failed)
+ {
+ SamlExternalEntity samlServiceProvider = samlDialogue.getExternalProvider();
+
+ StatusResponseType response;
+
+ if (failed)
+ {
+ response = samlMessageFactory.createStatusResponse(SamlConstants.STATUS_RESPONDER, null);
+ }
+ else
+ {
+ SamlService service = samlServiceProvider.getService(SamlProfile.SINGLE_SIGN_ON);
+ response = samlMessageFactory.createResponse(session, samlMessageSender.getEndpoint(service));
+ }
+
+ samlMessageSender.sendResponse(samlServiceProvider, response, SamlProfile.SINGLE_SIGN_ON);
+
+ dialogue.setFinished(true);
+ }
+
+ public void handleFailedAuthentication()
+ {
+ sendAuthenticationResponse(null, true);
+ }
+
+ @Dialogued
+ public void sendAuthenticationResponseToIDP(SamlExternalIdentityProvider idp)
+ {
+ AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
+
+ samlDialogue.setExternalProvider(idp);
+
+ samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest);
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlExternalIdentityProvider.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlIdentityProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlExternalIdentityProvider.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlExternalIdentityProvider.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.saml.SamlService;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlExternalIdentityProvider extends SamlExternalEntity
+{
+ private Map<SamlProfile, SamlService> services = new HashMap<SamlProfile, SamlService>();
+
+ private boolean wantAuthnRequestsSigned;
+
+ public SamlExternalIdentityProvider(String entityId, IDPSSODescriptorType IDPSSODescriptor)
+ {
+ super(entityId, IDPSSODescriptor.getKeyDescriptor());
+
+ wantAuthnRequestsSigned = IDPSSODescriptor.isWantAuthnRequestsSigned();
+
+ services.put(SamlProfile.SINGLE_SIGN_ON, new SamlService(SamlProfile.SINGLE_SIGN_ON, IDPSSODescriptor.getSingleSignOnService()));
+ services.put(SamlProfile.SINGLE_LOGOUT, new SamlService(SamlProfile.SINGLE_LOGOUT, IDPSSODescriptor.getSingleLogoutService()));
+ }
+
+ public SamlService getService(SamlProfile service)
+ {
+ return services.get(service);
+ }
+
+ public boolean isWantAuthnRequestsSigned()
+ {
+ return wantAuthnRequestsSigned;
+ }
+
+ public void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)
+ {
+ this.wantAuthnRequestsSigned = wantAuthnRequestsSigned;
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlConfiguration.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,216 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import java.io.Reader;
+import java.io.Writer;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.enterprise.inject.Typed;
+import javax.inject.Inject;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.SPSSODescriptorType;
+import org.jboss.seam.security.external.saml.SamlConstants;
+import org.jboss.seam.security.external.saml.SamlEntityBean;
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+import org.jboss.seam.security.external.saml.SamlIdpOrSp;
+import org.jboss.seam.security.external.saml.SamlServiceType;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Typed(SamlSpBean.class)
+public class SamlSpBean extends SamlEntityBean implements SamlServiceProviderApi
+{
+ private List<SamlExternalIdentityProvider> identityProviders = new LinkedList<SamlExternalIdentityProvider>();
+
+ @Inject
+ private SamlSpSingleSignOnService samlSpSingleSignOnService;
+
+ @Inject
+ private SamlSpSingleLogoutService samlSpSingleLogoutService;
+
+ @Inject
+ private SamlSpSessions samlSpSessions;
+
+ private boolean authnRequestsSigned = false;
+
+ private boolean wantAssertionsSigned = false;
+
+ public SamlExternalIdentityProvider addExternalIdentityProvider(String entityId, IDPSSODescriptorType idpSsoDescriptor)
+ {
+ SamlExternalIdentityProvider samlIdentityProvider = new SamlExternalIdentityProvider(entityId, idpSsoDescriptor);
+ identityProviders.add(samlIdentityProvider);
+ return samlIdentityProvider;
+ }
+
+ public SamlExternalIdentityProvider addExternalSamlEntity(Reader reader)
+ {
+ EntityDescriptorType entityDescriptor = readEntityDescriptor(reader);
+ String entityId = entityDescriptor.getEntityID();
+ IDPSSODescriptorType IDPSSODescriptor = (IDPSSODescriptorType) entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().get(0);
+ return addExternalIdentityProvider(entityId, IDPSSODescriptor);
+ }
+
+ @Override
+ public List<SamlExternalEntity> getExternalSamlEntities()
+ {
+ List<SamlExternalEntity> samlEntities = new LinkedList<SamlExternalEntity>();
+ for (SamlExternalIdentityProvider idp : identityProviders)
+ {
+ samlEntities.add(idp);
+ }
+ return samlEntities;
+ }
+
+ public List<SamlExternalIdentityProvider> getIdentityProviders()
+ {
+ return identityProviders;
+ }
+
+ public boolean isAuthnRequestsSigned()
+ {
+ return authnRequestsSigned;
+ }
+
+ public void setAuthnRequestsSigned(boolean authnRequestsSigned)
+ {
+ this.authnRequestsSigned = authnRequestsSigned;
+ }
+
+ public boolean isWantAssertionsSigned()
+ {
+ return wantAssertionsSigned;
+ }
+
+ public void setWantAssertionsSigned(boolean wantAssertionsSigned)
+ {
+ this.wantAssertionsSigned = wantAssertionsSigned;
+ }
+
+ public SamlExternalIdentityProvider getExternalSamlEntityByEntityId(String entityId)
+ {
+ for (SamlExternalEntity identityProvider : identityProviders)
+ {
+ SamlExternalIdentityProvider samlIdentityProvider = (SamlExternalIdentityProvider) identityProvider;
+ if (samlIdentityProvider.getEntityId().equals(entityId))
+ {
+ return samlIdentityProvider;
+ }
+ }
+ return null;
+ }
+
+ public void writeMetaData(Writer writer)
+ {
+ try
+ {
+ ObjectFactory metaDataFactory = new ObjectFactory();
+
+ IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+ acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+ acsRedirectEndpoint.setLocation(getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
+ acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+ acsPostEndpoint.setLocation(getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
+
+ spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
+ spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
+ addSloEndpointsToMetaData(spSsoDescriptor);
+
+ spSsoDescriptor.setAuthnRequestsSigned(isAuthnRequestsSigned());
+ spSsoDescriptor.setWantAssertionsSigned(isWantAssertionsSigned());
+
+ spSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
+
+ addNameIDFormatsToMetaData(spSsoDescriptor);
+
+ if (getSigningKey() != null)
+ {
+ addKeyDescriptorToMetaData(spSsoDescriptor);
+ }
+
+ EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
+ entityDescriptor.setEntityID(getEntityId());
+ entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
+
+ Marshaller marshaller = metaDataJaxbContext.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+ marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), writer);
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Dialogued(join = true)
+ public void signOn(String idpEntityId)
+ {
+ SamlExternalIdentityProvider idp = getExternalSamlEntityByEntityId(idpEntityId);
+ if (idp == null)
+ {
+ throw new RuntimeException("Identity provider " + idpEntityId + " not found");
+ }
+
+ samlSpSingleSignOnService.sendAuthenticationRequestToIDP(idp);
+ }
+
+ @Dialogued(join = true)
+ public void logout(SamlSpSession session)
+ {
+ samlSpSessions.removeSession(session);
+ }
+
+ @Dialogued(join = true)
+ public void singleLogout(SamlSpSession session)
+ {
+ logout(session);
+ samlSpSingleLogoutService.sendSingleLogoutRequestToIDP(session);
+ }
+
+ public Set<SamlSpSession> getSessions()
+ {
+ return samlSpSessions.getSessions();
+ }
+
+ @Override
+ public SamlIdpOrSp getIdpOrSp()
+ {
+ return SamlIdpOrSp.SP;
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInApplicationScopeProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInApplicationScopeProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInApplicationScopeProducer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.New;
+import javax.enterprise.inject.Produces;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Alternative
+public class SamlSpInApplicationScopeProducer
+{
+ @Produces
+ @ApplicationScoped
+ public SamlSpBean produceSp(@New SamlSpBean sp)
+ {
+ return sp;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInApplicationScopeProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInVirtualApplicationScopeProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInVirtualApplicationScopeProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInVirtualApplicationScopeProducer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.New;
+import javax.enterprise.inject.Produces;
+
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplication;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Alternative
+public class SamlSpInVirtualApplicationScopeProducer
+{
+ @Produces
+ @VirtualApplicationScoped
+ public SamlSpBean produceSp(@New SamlSpBean sp, VirtualApplication virtualApplication)
+ {
+ String hostName = virtualApplication.getHostName();
+ sp.setHostName(hostName);
+ sp.setEntityId("https://" + hostName);
+
+ return sp;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpInVirtualApplicationScopeProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpLogoutDialogue.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpLogoutDialogue.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpLogoutDialogue.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,24 @@
+package org.jboss.seam.security.external.saml.sp;
+
+import org.jboss.seam.security.external.dialogues.api.DialogueScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at DialogueScoped
+public class SamlSpLogoutDialogue
+{
+ private SamlSpSession session;
+
+ public SamlSpSession getSession()
+ {
+ return session;
+ }
+
+ public void setSession(SamlSpSession session)
+ {
+ this.session = session;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpLogoutDialogue.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSession.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSession.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSession.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,68 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import org.jboss.seam.security.external.api.SamlPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSpSession
+{
+ private SamlPrincipal principal;
+
+ private String sessionIndex;
+
+ private SamlExternalIdentityProvider identityProvider;
+
+ public SamlPrincipal getPrincipal()
+ {
+ return principal;
+ }
+
+ public void setPrincipal(SamlPrincipal samlPrincipal)
+ {
+ this.principal = samlPrincipal;
+ }
+
+ public String getSessionIndex()
+ {
+ return sessionIndex;
+ }
+
+ public void setSessionIndex(String sessionIndex)
+ {
+ this.sessionIndex = sessionIndex;
+ }
+
+ public SamlExternalIdentityProvider getIdentityProvider()
+ {
+ return identityProvider;
+ }
+
+ public void setIdentityProvider(SamlExternalIdentityProvider identityProvider)
+ {
+ this.identityProvider = identityProvider;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSession.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSessions.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSessions.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSessions.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.enterprise.context.SessionScoped;
+
+import org.jboss.seam.security.external.api.SamlPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at SessionScoped
+public class SamlSpSessions implements Serializable
+{
+ private static final long serialVersionUID = 6297278286428111620L;
+
+ private Set<SamlSpSession> sessions = new HashSet<SamlSpSession>();
+
+ public void addSession(SamlSpSession session)
+ {
+ sessions.add(session);
+ }
+
+ public void removeSession(SamlSpSession session)
+ {
+ sessions.remove(session);
+ }
+
+ public Set<SamlSpSession> getSessions()
+ {
+ return sessions;
+ }
+
+ public SamlSpSession getSession(SamlPrincipal samlPrincipal, String idpEntityId, String sessionIndex)
+ {
+ for (SamlSpSession session : sessions)
+ {
+ if (session.getPrincipal().equals(samlPrincipal) && session.getIdentityProvider().getEntityId().equals(idpEntityId) && session.getSessionIndex().equals(sessionIndex))
+ {
+ return session;
+ }
+ }
+ return null;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSessions.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,132 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import java.util.List;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.saml.SamlConstants;
+import org.jboss.seam.security.external.saml.SamlDialogue;
+import org.jboss.seam.security.external.saml.SamlMessageFactory;
+import org.jboss.seam.security.external.saml.SamlMessageSender;
+import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSpSingleLogoutService
+{
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private SamlSpSessions samlSpSessions;
+
+ @Inject
+ private Instance<SamlServiceProviderSpi> samlServiceProviderSpi;
+
+ @Inject
+ private SamlSpLogoutDialogue samlSpLogoutDialogue;
+
+ @Inject
+ private Dialogue dialogue;
+
+ @Inject
+ private SamlDialogue samlDialogue;
+
+ public void processIDPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
+ {
+ if (!(request instanceof LogoutRequestType))
+ {
+ throw new InvalidRequestException("Request should be a single logout request.");
+ }
+
+ LogoutRequestType logoutRequest = (LogoutRequestType) request;
+ SamlExternalIdentityProvider idp = (SamlExternalIdentityProvider) samlDialogue.getExternalProvider();
+
+ NameIDType nameIdJaxb = logoutRequest.getNameID();
+ SamlNameId samlNameId = new SamlNameId(nameIdJaxb.getValue(), nameIdJaxb.getFormat(), nameIdJaxb.getNameQualifier());
+ removeSessions(samlNameId, idp.getEntityId(), logoutRequest.getSessionIndex());
+
+ StatusResponseType response = samlMessageFactory.createStatusResponse(SamlConstants.STATUS_SUCCESS, null);
+
+ samlMessageSender.sendResponse(idp, response, SamlProfile.SINGLE_LOGOUT);
+
+ dialogue.setFinished(true);
+ }
+
+ private void removeSessions(SamlNameId nameId, String idpEntityId, List<String> sessionIndexes)
+ {
+ for (SamlSpSession session : samlSpSessions.getSessions())
+ {
+ if (session.getPrincipal().getNameId().equals(nameId) && session.getIdentityProvider().getEntityId().equals(idpEntityId))
+ {
+ if (sessionIndexes.size() == 0 || sessionIndexes.contains(session.getSessionIndex()))
+ {
+ samlSpSessions.removeSession(session);
+ samlServiceProviderSpi.get().loggedOut(session);
+ }
+ }
+ }
+ }
+
+ public void processIDPResponse(HttpServletRequest httpRequest, StatusResponseType response)
+ {
+ if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
+ {
+ samlServiceProviderSpi.get().singleLogoutSucceeded();
+ }
+ else
+ {
+ String statusCode = response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue();
+ samlServiceProviderSpi.get().singleLogoutFailed(statusCode);
+ }
+ dialogue.setFinished(true);
+ }
+
+ public void sendSingleLogoutRequestToIDP(SamlSpSession session)
+ {
+ SamlExternalIdentityProvider idp = session.getIdentityProvider();
+ LogoutRequestType logoutRequest;
+ logoutRequest = samlMessageFactory.createLogoutRequest(session.getPrincipal().getNameId(), session.getSessionIndex());
+
+ samlDialogue.setExternalProvider(idp);
+ samlSpLogoutDialogue.setSession(session);
+
+ samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java (from rev 13582, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,296 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.JAXBElement;
+import javax.xml.datatype.DatatypeConstants;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.api.SamlPrincipal;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.StatementAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationDataType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
+import org.jboss.seam.security.external.saml.SamlConstants;
+import org.jboss.seam.security.external.saml.SamlDialogue;
+import org.jboss.seam.security.external.saml.SamlEntityBean;
+import org.jboss.seam.security.external.saml.SamlMessageFactory;
+import org.jboss.seam.security.external.saml.SamlMessageSender;
+import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.saml.SamlServiceType;
+import org.jboss.seam.security.external.saml.SamlUtils;
+import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
+import org.slf4j.Logger;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSpSingleSignOnService
+{
+ @Inject
+ private Logger log;
+
+ @Inject
+ private SamlSpSessions samlSpSessions;
+
+ @Inject
+ private Instance<SamlServiceProviderSpi> samlServiceProviderSpi;
+
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
+ @Inject
+ private Dialogue dialogue;
+
+ @Inject
+ private SamlMessageSender samlMessageSender;
+
+ @Inject
+ private SamlDialogue samlDialogue;
+
+ @Inject
+ private SamlMessageFactory samlMessageFactory;
+
+ public void processIDPResponse(HttpServletRequest httpRequest, StatusResponseType statusResponse) throws InvalidRequestException
+ {
+ SamlExternalIdentityProvider idp = (SamlExternalIdentityProvider) samlDialogue.getExternalProvider();
+
+ StatusType status = statusResponse.getStatus();
+ if (status == null)
+ {
+ throw new InvalidRequestException("Response does not contain a status");
+ }
+
+ String statusValue = status.getStatusCode().getValue();
+ if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
+ {
+ throw new RuntimeException("IDP returned status " + statusValue);
+ }
+
+ if (!(statusResponse instanceof ResponseType))
+ {
+ throw new InvalidRequestException("Response does not have type ResponseType");
+ }
+
+ ResponseType response = (ResponseType) statusResponse;
+
+ List<Object> assertions = response.getAssertionOrEncryptedAssertion();
+ if (assertions.size() == 0)
+ {
+ throw new RuntimeException("IDP response does not contain assertions");
+ }
+
+ SamlSpSession session = createSession(response, idp);
+ if (session == null)
+ {
+ samlServiceProviderSpi.get().loginFailed();
+ }
+ else
+ {
+ session.setIdentityProvider(idp);
+ loginUser(httpRequest, session, statusResponse.getInResponseTo() == null);
+ }
+
+ dialogue.setFinished(true);
+ }
+
+ private SamlSpSession createSession(ResponseType responseType, SamlExternalIdentityProvider idp)
+ {
+ SamlSpSession session = null;
+
+ for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
+ {
+ if (assertion instanceof AssertionType)
+ {
+ SamlSpSession sessionExtractedFromAssertion = handleAssertion((AssertionType) assertion, idp);
+ if (session == null)
+ {
+ session = sessionExtractedFromAssertion;
+ }
+ else
+ {
+ log.warn("Multiple authenticated users found in assertions. Using the first one.");
+ }
+ }
+ else
+ {
+ /* assertion instanceof EncryptedElementType */
+ log.warn("Encountered encrypted assertion. Skipping it because decryption is not yet supported.");
+ }
+ }
+ return session;
+ }
+
+ private SamlSpSession handleAssertion(AssertionType assertion, SamlExternalIdentityProvider idp)
+ {
+ if (SamlUtils.hasAssertionExpired(assertion))
+ {
+ log.warn("Received assertion not processed because it has expired.");
+ return null;
+ }
+
+ AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
+ if (authnStatement == null)
+ {
+ log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
+ return null;
+ }
+
+ NameIDType nameId = validateSubjectAndExtractNameID(assertion);
+ if (nameId == null)
+ {
+ log.warn("Received assertion not processed because it doesn't contain a valid subject.");
+ return null;
+ }
+
+ SamlPrincipal principal = new SamlPrincipal();
+ principal.setAssertion(assertion);
+ principal.setNameId(new SamlNameId(nameId.getValue(), nameId.getFormat(), nameId.getNameQualifier()));
+ SamlSpSession session = new SamlSpSession();
+ session.setSessionIndex(authnStatement.getSessionIndex());
+ session.setPrincipal(principal);
+ session.setIdentityProvider(idp);
+
+ for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ {
+ if (statement instanceof AttributeStatementType)
+ {
+ AttributeStatementType attributeStatement = (AttributeStatementType) statement;
+ List<AttributeType> attributes = new LinkedList<AttributeType>();
+ for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
+ {
+ if (object instanceof AttributeType)
+ {
+ attributes.add((AttributeType) object);
+ }
+ else
+ {
+ log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
+ }
+ }
+ principal.setAttributes(attributes);
+ }
+ }
+
+ return session;
+ }
+
+ private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
+ {
+ for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+ {
+ if (statement instanceof AuthnStatementType)
+ {
+ AuthnStatementType authnStatement = (AuthnStatementType) statement;
+ return authnStatement;
+ }
+ }
+
+ return null;
+ }
+
+ private NameIDType validateSubjectAndExtractNameID(AssertionType assertion)
+ {
+ NameIDType nameId = null;
+ boolean validConfirmationFound = false;
+
+ for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+ {
+ if (contentElement.getValue() instanceof NameIDType)
+ {
+ nameId = (NameIDType) contentElement.getValue();
+ }
+ if (contentElement.getValue() instanceof SubjectConfirmationType)
+ {
+ SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
+ if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
+ {
+ SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
+
+ boolean validRecipient = confirmationData.getRecipient().equals(samlEntityBean.get().getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));
+
+ boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendarNow()) == DatatypeConstants.GREATER;
+
+ boolean validInResponseTo = confirmationData.getInResponseTo() == null || confirmationData.getInResponseTo().equals(dialogue.getDialogueId());
+
+ if (validRecipient && notTooLate && validInResponseTo)
+ {
+ validConfirmationFound = true;
+ }
+ else
+ {
+ log.debug("Validation of assertion failed: validRecipient: {}; notTootLate: {}; validInResponseTo: {}", new Object[] { validRecipient, notTooLate, validInResponseTo });
+ }
+ }
+ }
+ }
+
+ if (validConfirmationFound)
+ {
+ return nameId;
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ private void loginUser(HttpServletRequest httpRequest, SamlSpSession session, boolean unsolicited)
+ {
+ samlSpSessions.addSession(session);
+
+ if (unsolicited)
+ {
+ samlServiceProviderSpi.get().unsolicitedLogin(session);
+ }
+ else
+ {
+ samlServiceProviderSpi.get().loginSucceeded(session);
+ }
+ }
+
+ public void sendAuthenticationRequestToIDP(SamlExternalIdentityProvider idp)
+ {
+ AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
+
+ samlDialogue.setExternalProvider(idp);
+
+ samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest);
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface OpenIdServiceProviderSpi
+{
+ public void loginSucceeded(OpenIdPrincipal principal);
+
+ public void loginFailed();
+
+ public void logoutSucceeded(OpenIdPrincipal principal);
+
+ public void logoutFailed(OpenIdPrincipal principal, String statusCode);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import java.io.PrintWriter;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface ResponseSpi
+{
+ void setContentType(String type);
+
+ PrintWriter getWriter();
+
+ void sendRedirect(String url);
+
+ void sendError(int statusCode, String message);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlIdentityProviderSpi
+{
+ public void authenticate();
+
+ public void loggedOut(SamlIdpSession session);
+
+ public void singleLogoutSucceeded();
+
+ public void singleLogoutFailed();
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import org.jboss.seam.security.external.saml.sp.SamlSpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlServiceProviderSpi
+{
+ void loginSucceeded(SamlSpSession session);
+
+ void loginFailed();
+
+ void unsolicitedLogin(SamlSpSession session);
+
+ void singleLogoutSucceeded();
+
+ void singleLogoutFailed(String statusCode);
+
+ void loggedOut(SamlSpSession session);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications;
+
+import javax.servlet.ServletContext;
+
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
+import org.jboss.weld.context.AbstractMapContext;
+import org.jboss.weld.context.api.BeanStore;
+import org.jboss.weld.context.beanstore.HashMapBeanStore;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class VirtualApplicationContext extends AbstractMapContext
+{
+ private static final String BEAN_STORE_ATTRIBUTE_NAME_PREFIX = "virtualApplicationContextBeanStore";
+ private ServletContext servletContext;
+ private final ThreadLocal<String> hostNameThreadLocal;
+
+ public VirtualApplicationContext()
+ {
+ super(VirtualApplicationScoped.class);
+ hostNameThreadLocal = new ThreadLocal<String>();
+ }
+
+ @Override
+ protected BeanStore getBeanStore()
+ {
+ return getBeanStore(hostNameThreadLocal.get());
+ }
+
+ private BeanStore getBeanStore(String hostName)
+ {
+ BeanStore beanStore = (BeanStore) servletContext.getAttribute(getAttributeName(hostName));
+ return beanStore;
+ }
+
+ private BeanStore createBeanStore(String hostName)
+ {
+ BeanStore beanStore = new HashMapBeanStore();
+ servletContext.setAttribute(getAttributeName(hostName), beanStore);
+ return beanStore;
+ }
+
+ private void removeBeanStore(String hostName)
+ {
+ servletContext.removeAttribute(getAttributeName(hostName));
+ }
+
+ private String getAttributeName(String hostName)
+ {
+ return BEAN_STORE_ATTRIBUTE_NAME_PREFIX + "_" + hostName;
+ }
+
+ @Override
+ protected boolean isCreationLockRequired()
+ {
+ // TODO: find out whether the creation lock is required
+ return false;
+ }
+
+ public void initialize(ServletContext servletContext)
+ {
+ this.servletContext = servletContext;
+ }
+
+ public void destroy()
+ {
+ this.servletContext = null;
+ }
+
+ public void create(String hostName)
+ {
+ createBeanStore(hostName);
+ attach(hostName);
+ }
+
+ public void remove()
+ {
+ removeBeanStore(this.hostNameThreadLocal.get());
+ detach();
+ }
+
+ public boolean isExistingVirtualApplication(String hostName)
+ {
+ return servletContext != null && getBeanStore(hostName) != null;
+ }
+
+ public void attach(String hostName)
+ {
+ this.hostNameThreadLocal.set(hostName);
+ setActive(true);
+ }
+
+ public void detach()
+ {
+ this.hostNameThreadLocal.set(null);
+ setActive(false);
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContextExtension.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContextExtension.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContextExtension.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications;
+
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.spi.AfterBeanDiscovery;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.Extension;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class VirtualApplicationContextExtension implements Extension
+{
+ private VirtualApplicationContext virtualApplicationContext;
+
+ public void afterBeanDiscovery(@Observes AfterBeanDiscovery event, BeanManager manager)
+ {
+ virtualApplicationContext = new VirtualApplicationContext();
+ event.addContext(virtualApplicationContext);
+ }
+
+ public VirtualApplicationContext getVirtualApplicationContext()
+ {
+ return virtualApplicationContext;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContextExtension.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletRequestEvent;
+
+import org.jboss.seam.security.external.virtualapplications.api.AfterVirtualApplicationCreation;
+import org.jboss.seam.security.external.virtualapplications.api.AfterVirtualApplicationManagerCreation;
+import org.jboss.seam.security.external.virtualapplications.api.AfterVirtualApplicationsCreation;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplication;
+import org.jboss.seam.servlet.event.qualifier.Destroyed;
+import org.jboss.seam.servlet.event.qualifier.Initialized;
+import org.slf4j.Logger;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at ApplicationScoped
+public class VirtualApplicationManager
+{
+ @Inject
+ private Logger log;
+
+ @Inject
+ private VirtualApplicationContextExtension virtualApplicationContextExtension;
+
+ @Inject
+ private Instance<VirtualApplication> virtualApplication;
+
+ @Inject
+ private BeanManager beanManager;
+
+ private Set<String> hostNames = new HashSet<String>();
+
+ protected void servletInitialized(@Observes @Initialized final ServletContextEvent e)
+ {
+ log.trace("Servlet initialized with event {}", e);
+ virtualApplicationContextExtension.getVirtualApplicationContext().initialize(e.getServletContext());
+
+ AfterVirtualApplicationManagerCreation afterVirtualApplicationManagerCreation = new AfterVirtualApplicationManagerCreation();
+ beanManager.fireEvent(afterVirtualApplicationManagerCreation);
+
+ for (String hostName : afterVirtualApplicationManagerCreation.getHostNames())
+ {
+ hostNames.add(hostName);
+ virtualApplicationContextExtension.getVirtualApplicationContext().create(hostName);
+ virtualApplication.get().setHostName(hostName);
+ beanManager.fireEvent(new AfterVirtualApplicationCreation());
+ virtualApplicationContextExtension.getVirtualApplicationContext().detach();
+ }
+ beanManager.fireEvent(new AfterVirtualApplicationsCreation());
+ }
+
+ protected void servletDestroyed(@Observes @Destroyed final ServletContextEvent e)
+ {
+ log.trace("Servlet destroyed with event {}", e);
+ for (String hostName : hostNames)
+ {
+ if (virtualApplicationContextExtension.getVirtualApplicationContext().isExistingVirtualApplication(hostName))
+ {
+ attach(hostName);
+ virtualApplicationContextExtension.getVirtualApplicationContext().destroy();
+ }
+ }
+ }
+
+ protected void requestInitialized(@Observes @Initialized final ServletRequestEvent e)
+ {
+ log.trace("Servlet request initialized with event {}", e);
+ String hostName = e.getServletRequest().getServerName();
+ attach(hostName);
+ }
+
+ protected void requestDestroyed(@Observes @Destroyed final ServletRequestEvent e)
+ {
+ log.trace("Servlet request destroyed with event {}", e);
+ detach();
+ }
+
+ public void attach(String hostName)
+ {
+ virtualApplicationContextExtension.getVirtualApplicationContext().attach(hostName);
+ virtualApplication.get().setHostName(hostName);
+ }
+
+ public void detach()
+ {
+ virtualApplicationContextExtension.getVirtualApplicationContext().detach();
+ }
+
+ public Set<String> getHostNames()
+ {
+ return hostNames;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationCreation.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationCreation.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationCreation.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class AfterVirtualApplicationCreation
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationCreation.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationManagerCreation.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationManagerCreation.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationManagerCreation.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications.api;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class AfterVirtualApplicationManagerCreation
+{
+ private Set<String> hostNames = new HashSet<String>();
+
+ public void addVirtualApplication(String hostName)
+ {
+ hostNames.add(hostName);
+ }
+
+ public Set<String> getHostNames()
+ {
+ return hostNames;
+ }
+
+ public void setHostNames(Set<String> hostNames)
+ {
+ this.hostNames = hostNames;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationManagerCreation.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationsCreation.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationsCreation.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationsCreation.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class AfterVirtualApplicationsCreation
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/AfterVirtualApplicationsCreation.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplication.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplication.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplication.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at VirtualApplicationScoped
+public class VirtualApplication
+{
+ private String hostName;
+
+ public String getHostName()
+ {
+ return hostName;
+ }
+
+ public void setHostName(String hostName)
+ {
+ this.hostName = hostName;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplication.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplicationScoped.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplicationScoped.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplicationScoped.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.virtualapplications.api;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import javax.enterprise.context.NormalScope;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Documented
+ at Retention(RetentionPolicy.RUNTIME)
+ at Target( { ElementType.TYPE, ElementType.METHOD, ElementType.FIELD })
+ at NormalScope(passivating = false)
+public @interface VirtualApplicationScoped
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/api/VirtualApplicationScoped.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Deleted: modules/security/trunk/external/src/main/resources/META-INF/beans.xml
===================================================================
--- modules/security/trunk/external/src/main/resources/META-INF/beans.xml 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/resources/META-INF/beans.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- The contents of this file is permitted to be empty.
- The schema definition is provided for your convenience.
--->
-<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://java.sun.com/xml/ns/javaee
- http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
-</beans>
Copied: modules/security/trunk/external/src/main/resources/META-INF/beans.xml (from rev 13614, modules/security/trunk/external/src/main/resources/META-INF/beans.xml)
===================================================================
--- modules/security/trunk/external/src/main/resources/META-INF/beans.xml (rev 0)
+++ modules/security/trunk/external/src/main/resources/META-INF/beans.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <!--
+ The contents of this file is permitted to be empty. The schema
+ definition is provided for your convenience.
+ -->
+<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+ <interceptors>
+ <class>org.jboss.seam.security.external.dialogues.DialoguedInterceptor</class>
+ </interceptors>
+</beans>
Added: modules/security/trunk/external/src/main/resources/META-INF/javax.enterprise.inject.spi.Extension
===================================================================
--- modules/security/trunk/external/src/main/resources/META-INF/javax.enterprise.inject.spi.Extension (rev 0)
+++ modules/security/trunk/external/src/main/resources/META-INF/javax.enterprise.inject.spi.Extension 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,2 @@
+org.jboss.seam.security.external.virtualapplications.VirtualApplicationContextExtension
+org.jboss.seam.security.external.dialogues.DialogueContextExtension
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/xjb/config-bindings.xjb
===================================================================
--- modules/security/trunk/external/src/main/xjb/config-bindings.xjb 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/xjb/config-bindings.xjb 2010-08-26 09:27:12 UTC (rev 13645)
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<jaxb:bindings version="2.0" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
- xmlns:xs="http://www.w3.org/2001/XMLSchema">
-
-</jaxb:bindings>
\ No newline at end of file
Modified: modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb
===================================================================
--- modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb 2010-08-26 09:14:14 UTC (rev 13644)
+++ modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb 2010-08-26 09:27:12 UTC (rev 13645)
@@ -32,7 +32,7 @@
<jaxb:bindings schemaLocation="../resources/schema/samlv2/xenc-schema.xsd">
<jaxb:bindings node="/xs:schema">
<jaxb:schemaBindings>
- <jaxb:package name="org.jboss.seam.external.jaxb.xenc" />
+ <jaxb:package name="org.jboss.seam.security.external.jaxb.xenc" />
</jaxb:schemaBindings>
</jaxb:bindings>
</jaxb:bindings>
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.net.URL;
+import java.net.URLConnection;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.SamlEntityApi;
+
+ at ApplicationScoped
+public class MetaDataLoader
+{
+ @Inject
+ private Instance<SamlEntityApi> samlEntityBean;
+
+ public void loadMetaDataOfOtherSamlEntity(String hostName, String idpOrSp)
+ {
+ URLConnection uc;
+ try
+ {
+ URL url = new URL("http://localhost:8080/" + idpOrSp + "/saml/" + idpOrSp.toUpperCase() + "/MetaDataService");
+ uc = url.openConnection();
+ uc.setRequestProperty("Host", hostName);
+ Reader reader = new InputStreamReader(uc.getInputStream());
+ samlEntityBean.get().addExternalSamlEntity(reader);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration;
+
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+import org.jboss.seam.security.external.spi.OpenIdServiceProviderSpi;
+
+public class OpenIdSpiMock implements OpenIdServiceProviderSpi
+{
+
+ public void loginFailed()
+ {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void loginSucceeded(OpenIdPrincipal principal)
+ {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void logoutFailed(OpenIdPrincipal principal, String statusCode)
+ {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void logoutSucceeded(OpenIdPrincipal principal)
+ {
+ // TODO Auto-generated method stub
+
+ }
+
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/AfterDeployEventHandler.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/AfterDeployEventHandler.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/AfterDeployEventHandler.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,37 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.client;
+
+import org.jboss.arquillian.spi.Context;
+import org.jboss.arquillian.spi.DeployableContainer;
+import org.jboss.arquillian.spi.event.container.AfterDeploy;
+import org.jboss.arquillian.spi.event.suite.EventHandler;
+
+public class AfterDeployEventHandler implements EventHandler<AfterDeploy>
+{
+ public void callback(Context context, AfterDeploy event) throws Exception
+ {
+ DeployableContainer container = context.get(DeployableContainer.class);
+ container.deploy(context, ArchiveBuilder.createTestArchive("idp"));
+ }
+
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/AfterDeployEventHandler.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.client;
+
+import javax.enterprise.inject.spi.Extension;
+
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.dialogues.DialogueContextExtension;
+import org.jboss.seam.security.external.virtualapplications.VirtualApplicationContextExtension;
+import org.jboss.seam.security.externaltest.integration.MetaDataLoader;
+import org.jboss.seam.security.externaltest.integration.idp.IdpCustomizer;
+import org.jboss.seam.security.externaltest.integration.sp.SpCustomizer;
+import org.jboss.seam.security.externaltest.util.MavenArtifactResolver;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+
+class ArchiveBuilder
+{
+ static WebArchive idpArchive;
+
+ static WebArchive spArchive;
+
+ static WebArchive getArchive(String idpOrSp)
+ {
+ if (idpOrSp.equals("sp"))
+ {
+ return spArchive;
+ }
+ else
+ {
+ return idpArchive;
+ }
+ }
+
+ static WebArchive createTestArchive(String idpOrSp)
+ {
+ WebArchive war = ShrinkWrap.create(WebArchive.class, idpOrSp + ".war");
+
+ war.addLibraries(MavenArtifactResolver.resolve("org.jboss.seam.servlet:seam-servlet"));
+ war.addLibraries(MavenArtifactResolver.resolve("org.jboss.seam.servlet:seam-servlet-api"));
+ war.addLibraries(MavenArtifactResolver.resolve("org.openid4java", "openid4java"));
+ war.addLibraries(MavenArtifactResolver.resolve("org.jboss.weld:weld-extensions"));
+ war.addLibraries(MavenArtifactResolver.resolve("commons-httpclient:commons-httpclient"));
+
+ war.addWebResource("test_keystore.jks");
+ war.addWebResource("WEB-INF/" + idpOrSp + "-beans.xml", "beans.xml");
+ war.addWebResource("WEB-INF/context.xml", "context.xml");
+
+ war.addPackage(MetaDataLoader.class.getPackage());
+ if (idpOrSp.equals("sp"))
+ {
+ war.addPackage(SpCustomizer.class.getPackage());
+ }
+ else
+ {
+ war.addPackage(IdpCustomizer.class.getPackage());
+ }
+
+ war.addLibrary(createJarModule());
+
+ if (idpOrSp.equals("sp"))
+ {
+ spArchive = war;
+ }
+ else
+ {
+ idpArchive = war;
+ }
+
+ return war;
+ }
+
+ private static JavaArchive createJarModule()
+ {
+ JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "test.jar");
+
+ // Add the package "org.jboss.seam.security.external" and all its
+ // subpackages.
+ jar.addPackages(true, ResponseHandler.class.getPackage());
+
+ jar.addResource("META-INF/beans.xml", "META-INF/beans.xml");
+ jar.addServiceProvider(Extension.class, VirtualApplicationContextExtension.class, DialogueContextExtension.class);
+
+ return jar;
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/BeforeUnDeployEventHandler.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/BeforeUnDeployEventHandler.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/BeforeUnDeployEventHandler.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,36 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.client;
+
+import org.jboss.arquillian.spi.Context;
+import org.jboss.arquillian.spi.DeployableContainer;
+import org.jboss.arquillian.spi.event.container.BeforeUnDeploy;
+import org.jboss.arquillian.spi.event.suite.EventHandler;
+
+public class BeforeUnDeployEventHandler implements EventHandler<BeforeUnDeploy>
+{
+ public void callback(Context context, BeforeUnDeploy event) throws Exception
+ {
+ DeployableContainer container = context.get(DeployableContainer.class);
+ container.undeploy(context, ArchiveBuilder.getArchive("idp"));
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/BeforeUnDeployEventHandler.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ClassContextAppenderImpl.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ClassContextAppenderImpl.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ClassContextAppenderImpl.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,36 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.client;
+
+import org.jboss.arquillian.spi.ClassContextAppender;
+import org.jboss.arquillian.spi.Context;
+import org.jboss.arquillian.spi.event.container.AfterDeploy;
+import org.jboss.arquillian.spi.event.container.BeforeUnDeploy;
+
+public class ClassContextAppenderImpl implements ClassContextAppender
+{
+ public void append(Context context)
+ {
+ context.register(AfterDeploy.class, new AfterDeployEventHandler());
+ context.register(BeforeUnDeploy.class, new BeforeUnDeployEventHandler());
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ClassContextAppenderImpl.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,341 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.client;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import junit.framework.Assert;
+
+import org.apache.commons.httpclient.HttpStatus;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.client.params.ClientPNames;
+import org.apache.http.client.utils.URIUtils;
+import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.message.BasicNameValuePair;
+import org.jboss.arquillian.api.Deployment;
+import org.jboss.arquillian.api.Run;
+import org.jboss.arquillian.api.RunModeType;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+ at RunWith(Arquillian.class)
+ at Run(RunModeType.AS_CLIENT)
+public class IntegrationTest
+{
+ private static final Logger log = LoggerFactory.getLogger(IntegrationTest.class);
+
+ private HttpClient httpClient;
+
+ private HttpUriRequest request;
+
+ private ResponseType responseType;
+
+ private String responseBody;
+
+ private HttpResponse response;
+
+ enum ResponseType
+ {
+ SAML_MESSAGE_REDIRECT_BOUND, SAML_MESSAGE_POST_BOUND, APPLICATION_MESSAGE, ERROR
+ }
+
+ @Deployment
+ public static Archive<?> createTestArchive()
+ {
+ /*
+ * We need to deploy two war files: one for the service provider and one
+ * for the identity provider. Current version of Arquillian (1.0.0.Alpha3)
+ * doesn't support multiple archives. See ARQ-67. For the time being, we
+ * add the first war here, and we add the second war using a listener that
+ * is registered by using the Arquillian SPI (see {@Link
+ * AfterDeployEventHandler}).
+ */
+ return ArchiveBuilder.createTestArchive("sp");
+ }
+
+ @Before
+ public void init()
+ {
+ httpClient = new DefaultHttpClient();
+ httpClient.getParams().setParameter(ClientPNames.HANDLE_REDIRECTS, false);
+ }
+
+ @Test
+ public void samlTest()
+ {
+ Map<String, String> params = new HashMap<String, String>();
+ params.put("command", "loadMetaData");
+ sendMessageToApplication("www.sp1.com", "sp", params);
+ sendMessageToApplication("www.sp2.com", "sp", params);
+ sendMessageToApplication("www.idp.com", "idp", params);
+
+ // Login one user at each service provider application
+ signOn("www.sp1.com", "https://www.idp.com", "John Doe");
+ signOn("www.sp2.com", "https://www.idp.com", "Jane Doe");
+
+ // Check that the IDP has two sessions (one for each user) and that each
+ // SP has one
+ checkNrOfSessions("www.idp.com", "idp", 2);
+ checkNrOfSessions("www.sp1.com", "sp", 1);
+ checkNrOfSessions("www.sp2.com", "sp", 1);
+
+ // So an IDP-initiated single logout of the user at SP1.
+ params.clear();
+ params.put("command", "singleLogout");
+ params.put("userName", "John Doe");
+ sendMessageToApplication("www.idp.com", "idp", params);
+
+ checkApplicationMessage("Single logout succeeded");
+
+ checkNrOfSessions("www.idp.com", "idp", 1);
+ checkNrOfSessions("www.sp1.com", "sp", 0);
+ checkNrOfSessions("www.sp2.com", "sp", 1);
+
+ // So an SP-initiated single logout of the user at SP2.
+ params.clear();
+ params.put("command", "singleLogout");
+ params.put("userName", "Jane Doe");
+ sendMessageToApplication("www.sp2.com", "sp", params);
+
+ checkApplicationMessage("Single logout succeeded");
+
+ // All sessions should be terminated by now.
+ checkNrOfSessions("www.idp.com", "idp", 0);
+ checkNrOfSessions("www.sp1.com", "sp", 0);
+ checkNrOfSessions("www.sp2.com", "sp", 0);
+
+ // All dialogues should be terminated by now.
+ checkDialogueTermination("www.idp.com", "idp");
+ checkDialogueTermination("www.sp1.com", "sp");
+ checkDialogueTermination("www.sp2.com", "sp");
+ }
+
+ private void checkNrOfSessions(String serverName, String spOrIdp, int expectedNumber)
+ {
+ Map<String, String> params = new HashMap<String, String>();
+ params.put("command", "getNrOfSessions");
+ sendMessageToApplication(serverName, spOrIdp, params);
+ checkApplicationMessage(Integer.toString(expectedNumber));
+ }
+
+ private void signOn(String spHostName, String idpEntityId, String userName)
+ {
+ Map<String, String> params = new HashMap<String, String>();
+ params.put("command", "login");
+ params.put("idpEntityId", idpEntityId);
+ sendMessageToApplication(spHostName, "sp", params);
+
+ checkApplicationMessage("Please login");
+
+ params = new HashMap<String, String>();
+ params.put("command", "authenticate");
+ params.put("userName", userName);
+ sendMessageToApplication("www.idp.com", "idp", params);
+
+ checkApplicationMessage("Login succeeded (" + userName + ")");
+ }
+
+ private void sendMessageToApplication(String hostName, String spOrIdp, Map<String, String> params)
+ {
+ List<NameValuePair> qParams = new ArrayList<NameValuePair>();
+ for (Map.Entry<String, String> mapEntry : params.entrySet())
+ {
+ qParams.add(new BasicNameValuePair(mapEntry.getKey(), mapEntry.getValue()));
+ }
+ URI uri;
+ try
+ {
+ uri = URIUtils.createURI("http", "localhost", 8080, "/" + spOrIdp + "/testservlet", URLEncodedUtils.format(qParams, "UTF-8"), null);
+ }
+ catch (URISyntaxException e)
+ {
+ throw new RuntimeException(e);
+ }
+ request = new HttpGet(uri);
+ request.getParams().setParameter(ClientPNames.VIRTUAL_HOST, new HttpHost(hostName));
+
+ executeHttpRequestAndRelay();
+ }
+
+ private void checkDialogueTermination(String serverName, String spOrIdp)
+ {
+ Map<String, String> params = new HashMap<String, String>();
+ params.put("command", "getNrOfDialogues");
+ sendMessageToApplication(serverName, spOrIdp, params);
+ checkApplicationMessage("0");
+ }
+
+ /**
+ * Relays the SAML message from the SP to the IDP or vice versa. Results in
+ * an HTTP request that is ready to be executed.
+ */
+ private void relaySamlMessage()
+ {
+ if (responseType == ResponseType.SAML_MESSAGE_POST_BOUND)
+ {
+ Matcher matcher = Pattern.compile("ACTION=\"(.*?)\"").matcher(responseBody);
+ matcher.find();
+ String uri = matcher.group(1);
+
+ matcher = Pattern.compile("NAME=\"(.*?)\"").matcher(responseBody);
+ matcher.find();
+ String name = matcher.group(1);
+
+ matcher = Pattern.compile("VALUE=\"(.*?)\"").matcher(responseBody);
+ matcher.find();
+ String value = matcher.group(1);
+
+ String serverName = extractServerNameFromUri(uri);
+ uri = uri.replace(serverName, "localhost");
+ HttpPost httpPost = new HttpPost(uri);
+ httpPost.getParams().setParameter(ClientPNames.VIRTUAL_HOST, new HttpHost(serverName));
+ List<NameValuePair> formparams = new ArrayList<NameValuePair>();
+ formparams.add(new BasicNameValuePair(name, value));
+ UrlEncodedFormEntity entity;
+ try
+ {
+ entity = new UrlEncodedFormEntity(formparams, "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ httpPost.setEntity(entity);
+ request = httpPost;
+ }
+ else if (responseType == ResponseType.SAML_MESSAGE_REDIRECT_BOUND)
+ {
+ String location = response.getFirstHeader("Location").getValue();
+ log.info("Received redirect to " + location);
+ String serverName = extractServerNameFromUri(location);
+ HttpGet httpGet = new HttpGet(location.replace(serverName, "localhost"));
+ httpGet.getParams().setParameter(ClientPNames.VIRTUAL_HOST, new HttpHost(serverName));
+ request = httpGet;
+ }
+ else if (responseType == ResponseType.ERROR)
+ {
+ Assert.fail("Error response received by test client (status code " + response.getStatusLine().getStatusCode() + "): " + responseBody);
+ }
+ else
+ {
+ throw new RuntimeException("Cannot relay the non-SAML response type " + responseType + " (message: " + responseBody + ")");
+ }
+ }
+
+ private ResponseType determineResponseType()
+ {
+ if (response.getStatusLine().getStatusCode() == HttpStatus.SC_MOVED_TEMPORARILY)
+ {
+ return ResponseType.SAML_MESSAGE_REDIRECT_BOUND;
+ }
+ else if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK)
+ {
+ return ResponseType.ERROR;
+ }
+ else if (responseBody.contains("HTTP Post SamlBinding"))
+ {
+ return ResponseType.SAML_MESSAGE_POST_BOUND;
+ }
+ else
+ {
+ return ResponseType.APPLICATION_MESSAGE;
+ }
+ }
+
+ private String extractServerNameFromUri(String string)
+ {
+ Matcher matcher = Pattern.compile("http://(.*?):").matcher(string);
+ matcher.find();
+ return matcher.group(1);
+ }
+
+ private void checkApplicationMessage(String expectedMessageBody)
+ {
+ if (responseType == ResponseType.ERROR)
+ {
+ Assert.fail("Error response received by test client (status code " + response.getStatusLine().getStatusCode() + "): " + responseBody);
+ }
+ Assert.assertEquals(ResponseType.APPLICATION_MESSAGE, responseType);
+ Assert.assertEquals(expectedMessageBody, responseBody);
+ }
+
+ /**
+ * Executes the current HTTP request and evaluates the response. If the
+ * response is a SAML message that needs to be relayed, by the user agent
+ * (which is mimicked by the current class), from the SP to the IDP or vice
+ * versa, the relay is performed. This is repeated until a non-relay response
+ * has been received.
+ */
+ private void executeHttpRequestAndRelay()
+ {
+ executeHttpRequest();
+ while (responseType == ResponseType.SAML_MESSAGE_POST_BOUND || responseType == ResponseType.SAML_MESSAGE_REDIRECT_BOUND)
+ {
+ relaySamlMessage();
+ executeHttpRequest();
+ }
+ }
+
+ private void executeHttpRequest()
+ {
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ try
+ {
+ response = httpClient.execute(request);
+ HttpEntity entity = response.getEntity();
+ if (entity != null)
+ {
+ entity.writeTo(outputStream);
+ }
+ responseBody = outputStream.toString("UTF-8");
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ responseType = determineResponseType();
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.idp;
+
+import javax.enterprise.event.Observes;
+import javax.servlet.ServletContextEvent;
+
+import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.servlet.event.qualifier.Initialized;
+
+public class IdpCustomizer
+{
+ public void servletInitialized(@Observes @Initialized final ServletContextEvent e, SamlIdentityProviderApi idp)
+ {
+ idp.setEntityId("https://www.idp.com");
+ idp.setHostName("www.idp.com");
+ idp.setProtocol("http");
+ idp.setPort(8080);
+ idp.setSigningKey("classpath:/test_keystore.jks", "store456", "servercert", "pass456");
+ idp.setSingleLogoutMessagesSigned(true);
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,70 @@
+package org.jboss.seam.security.externaltest.integration.idp;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import javax.inject.Inject;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.externaltest.integration.MetaDataLoader;
+
+ at WebServlet(name = "IdpTestServlet", urlPatterns = { "/testservlet" })
+public class IdpTestServlet extends HttpServlet
+{
+ private static final long serialVersionUID = -4551548646707243449L;
+
+ @Inject
+ private SamlIdpApplicationMock samlIdpApplicationMock;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ @Inject
+ private MetaDataLoader metaDataLoader;
+
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ responseHolder.setResponse(response);
+ String command = request.getParameter("command");
+ if (command.equals("authenticate"))
+ {
+ samlIdpApplicationMock.handleLogin(request.getParameter("userName"));
+ }
+ else if (command.equals("singleLogout"))
+ {
+ samlIdpApplicationMock.handleSingleLogout(request.getParameter("userName"));
+ }
+ else if (command.equals("getNrOfSessions"))
+ {
+ response.getWriter().print(samlIdpApplicationMock.getNumberOfSessions());
+ }
+ else if (command.equals("getNrOfDialogues"))
+ {
+ int count = 0;
+ Enumeration<String> attributeNames = request.getServletContext().getAttributeNames();
+ while (attributeNames.hasMoreElements())
+ {
+ String attributeName = attributeNames.nextElement();
+ if (attributeName.startsWith("DialogueContextBeanStore"))
+ {
+ count++;
+ }
+ }
+ response.getWriter().print(count);
+ }
+ else if (command.equals("loadMetaData"))
+ {
+ metaDataLoader.loadMetaDataOfOtherSamlEntity("www.sp1.com", "sp");
+ metaDataLoader.loadMetaDataOfOtherSamlEntity("www.sp2.com", "sp");
+ }
+ else
+ {
+ throw new RuntimeException("Invalid command: " + command);
+ }
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.idp;
+
+import java.io.IOException;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.api.SamlPrincipal;
+import org.jboss.seam.security.external.dialogues.DialogueManager;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+import org.jboss.seam.security.external.spi.SamlIdentityProviderSpi;
+import org.slf4j.Logger;
+
+ at ApplicationScoped
+public class SamlIdpApplicationMock implements SamlIdentityProviderSpi
+{
+ @Inject
+ private ResponseHolder responseHolder;
+
+ @Inject
+ private DialogueManager dialogueManager;
+
+ @Inject
+ private Dialogue dialogue;
+
+ @Inject
+ private Instance<SamlIdentityProviderApi> idpApi;
+
+ private String dialogueId;
+
+ @Inject
+ private Logger log;
+
+ public void authenticate()
+ {
+ dialogueId = dialogue.getDialogueId();
+ try
+ {
+ responseHolder.getResponse().getWriter().print("Please login");
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void handleLogin(String userName)
+ {
+ dialogueManager.attachDialogue(dialogueId);
+ idpApi.get().authenticationSucceeded(new SamlNameId(userName, null, null), null);
+ dialogueManager.detachDialogue();
+ }
+
+ public int getNumberOfSessions()
+ {
+ return idpApi.get().getSessions().size();
+ }
+
+ public void singleLogoutFailed()
+ {
+ try
+ {
+ responseHolder.getResponse().getWriter().print("Single logout failed");
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void singleLogoutSucceeded()
+ {
+ try
+ {
+ responseHolder.getResponse().getWriter().print("Single logout succeeded");
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Dialogued
+ public void handleSingleLogout(String nameId)
+ {
+ SamlPrincipal principal = new SamlPrincipal();
+ principal.setNameId(new SamlNameId(nameId, null, null));
+ idpApi.get().logout(principal, null);
+ }
+
+ public void loggedOut(SamlIdpSession session)
+ {
+ log.info("User " + session.getPrincipal().getNameId() + " has been logged out.");
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.sp;
+
+import java.io.IOException;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+import org.jboss.seam.security.external.saml.sp.SamlSpSession;
+import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
+import org.slf4j.Logger;
+
+ at VirtualApplicationScoped
+public class SamlSpApplicationMock implements SamlServiceProviderSpi
+{
+ @Inject
+ private Instance<SamlServiceProviderApi> samlServiceProviderApi;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ @Inject
+ private Logger log;
+
+ @Dialogued
+ public void login(String idpEntityId)
+ {
+ samlServiceProviderApi.get().signOn(idpEntityId);
+ }
+
+ public void loginFailed()
+ {
+ writeMessageToResponse("login failed");
+ }
+
+ public void loginSucceeded(SamlSpSession session)
+ {
+ writeMessageToResponse("Login succeeded (" + session.getPrincipal().getNameId().getValue() + ")");
+ }
+
+ public void singleLogoutFailed(String statusCode)
+ {
+ writeMessageToResponse("Single logout failed");
+ }
+
+ public void singleLogoutSucceeded()
+ {
+ writeMessageToResponse("Single logout succeeded");
+ }
+
+ public void unsolicitedLogin(SamlSpSession session)
+ {
+ writeMessageToResponse("Logged in unsolicited");
+ }
+
+ private void writeMessageToResponse(String message)
+ {
+ try
+ {
+ responseHolder.getResponse().getWriter().print(message);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public int getNumberOfSessions()
+ {
+ return samlServiceProviderApi.get().getSessions().size();
+ }
+
+ @Dialogued
+ public void handleSingleLogout(String userName)
+ {
+ SamlSpSession session = null;
+ for (SamlSpSession s : samlServiceProviderApi.get().getSessions())
+ {
+ if (s.getPrincipal().getNameId().getValue().equals(userName))
+ {
+ session = s;
+ }
+ }
+ if (session != null)
+ {
+ samlServiceProviderApi.get().singleLogout(session);
+ }
+ else
+ {
+ throw new RuntimeException("No session found for user " + userName);
+ }
+ }
+
+ public void loggedOut(SamlSpSession session)
+ {
+ log.info("User " + session.getPrincipal().getNameId() + " has been logged out.");
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,44 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.sp;
+
+import javax.enterprise.event.Observes;
+
+import org.jboss.seam.security.external.api.SamlBinding;
+import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+import org.jboss.seam.security.external.virtualapplications.api.AfterVirtualApplicationCreation;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplication;
+
+public class SpCustomizer
+{
+ public void customize(@Observes AfterVirtualApplicationCreation event, SamlServiceProviderApi sp, VirtualApplication virtualApplication)
+ {
+ if (virtualApplication.equals("www.sp2.com"))
+ {
+ sp.setPreferredBinding(SamlBinding.HTTP_Redirect);
+ }
+ sp.setWantSingleLogoutMessagesSigned(true);
+ sp.setProtocol("http");
+ sp.setPort(8080);
+ }
+
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,71 @@
+package org.jboss.seam.security.externaltest.integration.sp;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import javax.inject.Inject;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.externaltest.integration.MetaDataLoader;
+
+ at WebServlet(name = "SpTestServlet", urlPatterns = { "/testservlet" })
+public class SpTestServlet extends HttpServlet
+{
+ private static final long serialVersionUID = -4551548646707243449L;
+
+ @Inject
+ private SamlSpApplicationMock samlSpApplicationMock;
+
+ @Inject
+ private MetaDataLoader metaDataLoader;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ responseHolder.setResponse(response);
+ String command = request.getParameter("command");
+ if (command.equals("login"))
+ {
+ String idpEntityId = request.getParameter("idpEntityId");
+ samlSpApplicationMock.login(idpEntityId);
+ }
+ else if (command.equals("singleLogout"))
+ {
+ String userName = request.getParameter("userName");
+ samlSpApplicationMock.handleSingleLogout(userName);
+ }
+ else if (command.equals("getNrOfSessions"))
+ {
+ response.getWriter().print(samlSpApplicationMock.getNumberOfSessions());
+ }
+ else if (command.equals("getNrOfDialogues"))
+ {
+ int count = 0;
+ Enumeration<String> attributeNames = request.getServletContext().getAttributeNames();
+ while (attributeNames.hasMoreElements())
+ {
+ String attributeName = attributeNames.nextElement();
+ if (attributeName.startsWith("DialogueContextBeanStore"))
+ {
+ count++;
+ }
+ }
+ response.getWriter().print(count);
+ }
+ else if (command.equals("loadMetaData"))
+ {
+ metaDataLoader.loadMetaDataOfOtherSamlEntity("www.idp.com", "idp");
+ }
+ else
+ {
+ throw new RuntimeException("Invalid command: " + command);
+ }
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpVirtualApplicationCreator.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpVirtualApplicationCreator.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpVirtualApplicationCreator.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,37 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.externaltest.integration.sp;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Observes;
+
+import org.jboss.seam.security.external.virtualapplications.api.AfterVirtualApplicationManagerCreation;
+
+ at ApplicationScoped
+public class SpVirtualApplicationCreator
+{
+ public void virtualApplicationManagerCreated(@Observes final AfterVirtualApplicationManagerCreation event)
+ {
+ event.addVirtualApplication("www.sp1.com");
+ event.addVirtualApplication("www.sp2.com");
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpVirtualApplicationCreator.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForPostBindingTest.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForPostBindingTest.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForPostBindingTest.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,101 @@
+package org.jboss.seam.security.externaltest.module;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import junit.framework.Assert;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.saml.SamlSignatureUtilForPostBinding;
+import org.junit.Before;
+import org.junit.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class SamlSignatureUtilForPostBindingTest
+{
+ private SamlSignatureUtilForPostBinding samlSignatureUtilForPostBinding;
+
+ private KeyPair keyPair;
+
+ @Before
+ public void setup() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException
+ {
+ samlSignatureUtilForPostBinding = new SamlSignatureUtilForPostBinding();
+
+ // Get private and public key
+ InputStream keyStoreStream = getClass().getClassLoader().getResourceAsStream("test_keystore.jks");
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ keyStore.load(keyStoreStream, "store456".toCharArray());
+ X509Certificate certificate = (X509Certificate) keyStore.getCertificate("servercert");
+ PublicKey publicKey = certificate.getPublicKey();
+ PrivateKey privateKey = (PrivateKey) keyStore.getKey("servercert", "pass456".toCharArray());
+ keyPair = new KeyPair(publicKey, privateKey);
+ }
+
+ @Test
+ public void testValidSignature() throws ParserConfigurationException, InvalidRequestException
+ {
+ Document doc = createSignedDocument();
+
+ // Verify the signature (must not throw an InvalidRequestException)
+ samlSignatureUtilForPostBinding.validateSignature(keyPair.getPublic(), doc);
+ }
+
+ @Test
+ public void testInvalidSignature() throws ParserConfigurationException
+ {
+ Document doc = createSignedDocument();
+
+ // Manipulate the document
+ Element root = doc.getElementById("rootElement");
+ root.setAttribute("extraAttribute", "value");
+
+ // Verify the signature. Verification must fail.
+ boolean exception = false;
+ try
+ {
+ samlSignatureUtilForPostBinding.validateSignature(keyPair.getPublic(), doc);
+ }
+ catch (InvalidRequestException e)
+ {
+ exception = true;
+ }
+
+ Assert.assertTrue(exception);
+ }
+
+ private Document createSignedDocument() throws ParserConfigurationException
+ {
+ // Create a test document
+ DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance();
+ DocumentBuilder docBuilder = dbfac.newDocumentBuilder();
+ Document doc = docBuilder.newDocument();
+ Element root = doc.createElement("root");
+ root.setAttribute("ID", "rootElement");
+ root.setIdAttribute("ID", true);
+ doc.appendChild(root);
+ Element child = doc.createElement("child");
+ child.setAttribute("name", "value");
+ root.appendChild(child);
+
+ // Sign the document
+ samlSignatureUtilForPostBinding.init();
+ samlSignatureUtilForPostBinding.sign(doc, keyPair);
+
+ return doc;
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForPostBindingTest.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForRedirectBindingTest.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForRedirectBindingTest.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForRedirectBindingTest.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,102 @@
+package org.jboss.seam.security.externaltest.module;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import junit.framework.Assert;
+
+import org.jboss.seam.security.external.Base64;
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.saml.SamlRequestOrResponse;
+import org.jboss.seam.security.external.saml.SamlRedirectMessage;
+import org.jboss.seam.security.external.saml.SamlSignatureUtilForRedirectBinding;
+import org.junit.Before;
+import org.junit.Test;
+
+public class SamlSignatureUtilForRedirectBindingTest
+{
+ private SamlSignatureUtilForRedirectBinding samlSignatureUtilForRedirectBinding;
+
+ private KeyPair keyPair;
+
+ @Before
+ public void setup() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException
+ {
+ samlSignatureUtilForRedirectBinding = new SamlSignatureUtilForRedirectBinding();
+
+ // Get private and public key
+ InputStream keyStoreStream = getClass().getClassLoader().getResourceAsStream("test_keystore.jks");
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ keyStore.load(keyStoreStream, "store456".toCharArray());
+ X509Certificate certificate = (X509Certificate) keyStore.getCertificate("servercert");
+ PublicKey publicKey = certificate.getPublicKey();
+ PrivateKey privateKey = (PrivateKey) keyStore.getKey("servercert", "pass456".toCharArray());
+ keyPair = new KeyPair(publicKey, privateKey);
+ }
+
+ @Test
+ public void testValidSignature() throws ParserConfigurationException, InvalidRequestException, IOException, GeneralSecurityException
+ {
+ SamlRedirectMessage samlRedirectMessage = createSignedRedirectMessage();
+
+ // Verify the signature (must not throw an InvalidRequestException)
+ samlSignatureUtilForRedirectBinding.validateSignature(samlRedirectMessage, keyPair.getPublic());
+ }
+
+ @Test
+ public void testInvalidSignature() throws ParserConfigurationException
+ {
+ SamlRedirectMessage samlRedirectMessage = createSignedRedirectMessage();
+
+ // Modify the message contents
+ samlRedirectMessage.setRelayState("bar");
+
+ // Verify the signature. Verification must fail.
+ boolean exception = false;
+ try
+ {
+ samlSignatureUtilForRedirectBinding.validateSignature(samlRedirectMessage, keyPair.getPublic());
+ }
+ catch (InvalidRequestException e)
+ {
+ exception = true;
+ }
+
+ Assert.assertTrue(exception);
+ }
+
+ private SamlRedirectMessage createSignedRedirectMessage()
+ {
+ SamlRedirectMessage samlRedirectMessage = new SamlRedirectMessage();
+ String base64EncodedMessage = Base64.encodeBytes("this is just a test string".getBytes(), Base64.DONT_BREAK_LINES);
+ samlRedirectMessage.setRequestOrResponse(SamlRequestOrResponse.REQUEST);
+ samlRedirectMessage.setSamlMessage(base64EncodedMessage);
+ samlRedirectMessage.setRelayState("foo");
+ samlRedirectMessage.encode();
+ try
+ {
+ samlSignatureUtilForRedirectBinding.sign(samlRedirectMessage, keyPair.getPrivate());
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ return samlRedirectMessage;
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/module/SamlSignatureUtilForRedirectBindingTest.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/util/MavenArtifactResolver.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/util/MavenArtifactResolver.java (rev 0)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/util/MavenArtifactResolver.java 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,165 @@
+package org.jboss.seam.security.externaltest.util;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Resolves a maven artifact present on the test classpath.
+ *
+ * @author Stuart Douglas
+ *
+ */
+public class MavenArtifactResolver
+{
+
+ public static File resolve(String groupId, String artifactId)
+ {
+ if (groupId == null)
+ {
+ throw new IllegalArgumentException("groupId cannot be null");
+ }
+ if (artifactId == null)
+ {
+ throw new IllegalArgumentException("artifactId cannot be null");
+ }
+ String path = new MavenArtifactResolver(groupId.trim(), artifactId.trim(), System.getProperty("java.class.path"), File.pathSeparatorChar, File.separatorChar).resolve();
+ if (path == null)
+ {
+ throw new IllegalArgumentException("Cannot locate artifact for " + groupId + ":" + artifactId);
+ }
+ return new File(path);
+ }
+
+ public static File resolve(String qualifiedArtifactId)
+ {
+ String[] segments = qualifiedArtifactId.split(":");
+ if (segments.length == 2)
+ {
+ return resolve(segments[0], segments[1]);
+ }
+ else
+ {
+ throw new IllegalArgumentException("Unable to parse " + qualifiedArtifactId + " as a groupId:artifactId");
+ }
+ }
+
+ private final String classPathSeparatorRegex;
+ private final char fileSeparator;
+ private final String groupId;
+ private final String artifactId;
+ private final String classPath;
+
+ MavenArtifactResolver(String groupId, String artifactId, String classPath, char pathSeparator, char fileSeparator)
+ {
+ this.groupId = groupId;
+ this.artifactId = artifactId;
+ this.classPath = classPath;
+ this.classPathSeparatorRegex = "[^" + pathSeparator + "]*";
+ this.fileSeparator = fileSeparator;
+ }
+
+ String resolve()
+ {
+ Matcher matches = createFullyQualifiedMatcher();
+ if (!matches.find())
+ {
+ matches = createUnqualifiedMatcher();
+ if (!matches.find())
+ {
+ matches = createTargetClassesMatcher();
+ if (!matches.find())
+ {
+ return null;
+ }
+ else
+ {
+ String fileName = scanForArtifact(matches);
+ if (fileName == null)
+ {
+ return null;
+ }
+ else
+ {
+ return fileName;
+ }
+ }
+ }
+ }
+ return matches.group(0);
+ }
+
+ private String scanForArtifact(Matcher targetClassesMatcher)
+ {
+ // Locate all target/classes in classpath and store the path to all files
+ // target/
+ List<String> paths = new ArrayList<String>();
+ do
+ {
+ String path = targetClassesMatcher.group();
+ File target = new File(path.substring(0, path.length() - 8));
+ if (target.exists())
+ {
+ if (!target.isDirectory())
+ {
+ throw new IllegalStateException("Found ${project.dir}/target/ but it is not a directory!");
+ }
+ for (File file : target.listFiles())
+ {
+ paths.add(file.getPath());
+ }
+ }
+ }
+ while (targetClassesMatcher.find());
+ return scanForArtifact(paths);
+ }
+
+ String scanForArtifact(List<String> paths)
+ {
+ Pattern pattern = Pattern.compile(artifactId + "-[\\d+\\.]+(?:[\\-\\.]\\p{Alpha}*)?.jar$");
+ for (String path : paths)
+ {
+ if (pattern.matcher(path).find())
+ {
+ return path;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Creates a matcher that returns any fully qualified matches of the form
+ * <code>com/acme/acme-core/1.0/acme-core-1.0.jar</code>. This will match
+ * artifacts on the classpath from the Maven repo.
+ */
+ private Matcher createFullyQualifiedMatcher()
+ {
+ String pathString = groupId.replace('.', fileSeparator) + fileSeparator + artifactId + fileSeparator;
+ Pattern p = Pattern.compile(classPathSeparatorRegex + Pattern.quote(pathString) + classPathSeparatorRegex, Pattern.CASE_INSENSITIVE);
+ return p.matcher(classPath);
+ }
+
+ /**
+ * Creates a matcher that returns any unqualified matches of the form
+ * <code>target/acme-foo-1.0.jar</code>. This will match artifacts on the
+ * classpath from the reactor.
+ */
+ private Matcher createUnqualifiedMatcher()
+ {
+ Pattern p = Pattern.compile(classPathSeparatorRegex + Pattern.quote("target" + fileSeparator + artifactId) + classPathSeparatorRegex, Pattern.CASE_INSENSITIVE);
+ return p.matcher(classPath);
+ }
+
+ /**
+ * Creates a matcher that returns any unqualified matches of the form
+ * <code>target/acme-foo-1.0.jar</code>. This locates all
+ *
+ */
+ private Matcher createTargetClassesMatcher()
+ {
+ Pattern p = Pattern.compile(classPathSeparatorRegex + Pattern.quote("target" + fileSeparator + "classes") + classPathSeparatorRegex, Pattern.CASE_INSENSITIVE);
+ return p.matcher(classPath);
+ }
+}
Property changes on: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/util/MavenArtifactResolver.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/test/resources/META-INF/services/org.jboss.arquillian.spi.ClassContextAppender
===================================================================
--- modules/security/trunk/external/src/test/resources/META-INF/services/org.jboss.arquillian.spi.ClassContextAppender (rev 0)
+++ modules/security/trunk/external/src/test/resources/META-INF/services/org.jboss.arquillian.spi.ClassContextAppender 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1 @@
+org.jboss.seam.security.externaltest.integration.client.ClassContextAppenderImpl
Added: modules/security/trunk/external/src/test/resources/WEB-INF/context.xml
===================================================================
--- modules/security/trunk/external/src/test/resources/WEB-INF/context.xml (rev 0)
+++ modules/security/trunk/external/src/test/resources/WEB-INF/context.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Context>
+ <!-- log all incoming and outgoing messages. -->
+ <Valve className="org.apache.catalina.valves.RequestDumperValve" />
+</Context>
\ No newline at end of file
Added: modules/security/trunk/external/src/test/resources/WEB-INF/idp-beans.xml
===================================================================
--- modules/security/trunk/external/src/test/resources/WEB-INF/idp-beans.xml (rev 0)
+++ modules/security/trunk/external/src/test/resources/WEB-INF/idp-beans.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,6 @@
+<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+ <alternatives>
+ <classes>org.jboss.seam.security.external.saml.idp.SamlIdpInApplicationScopeProducer</classes>
+ </alternatives>
+</beans>
Added: modules/security/trunk/external/src/test/resources/WEB-INF/sp-beans.xml
===================================================================
--- modules/security/trunk/external/src/test/resources/WEB-INF/sp-beans.xml (rev 0)
+++ modules/security/trunk/external/src/test/resources/WEB-INF/sp-beans.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,6 @@
+<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+ <alternatives>
+ <classes>org.jboss.seam.security.external.saml.sp.SamlSpInVirtualApplicationScopeProducer</classes>
+ </alternatives>
+</beans>
Added: modules/security/trunk/external/src/test/resources/WEB-INF/web.xml
===================================================================
--- modules/security/trunk/external/src/test/resources/WEB-INF/web.xml (rev 0)
+++ modules/security/trunk/external/src/test/resources/WEB-INF/web.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+
+
+</web-app>
Added: modules/security/trunk/external/src/test/resources/arquillian.xml
===================================================================
--- modules/security/trunk/external/src/test/resources/arquillian.xml (rev 0)
+++ modules/security/trunk/external/src/test/resources/arquillian.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<arquillian xmlns="http://jboss.com/arquillian"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jbossr="urn:arq:org.jboss.arquillian.container.jbossas.remote_6">
+
+ <engine>
+ <maxDeploymentsBeforeRestart>20</maxDeploymentsBeforeRestart>
+ </engine>
+
+ <!--
+ <jbossm:container>-->
+<!-- <jboss:jbossHome>/home/aslak/dev/servers/jboss-6.0.0.M3/</jboss:jbossHome> --> <!-- default %JBOSS_HOME% -->
+<!-- <jboss:javaHome>/usr/lib/jvm/java-6-openjdk</jboss:javaHome> --> <!-- default %JAVA_HOME% -->
+ <!-- Increase the permgen space by default, heap space is default -->
+ <!-- jbossm:javaVmArguments>-Xmx512m -XX:MaxPermSize=256m</jbossm:javaVmArguments>
+ </jbossm:container>
+ -->
+
+ <jbossr:container>
+ <jbossr:profileName>default</jbossr:profileName>
+ </jbossr:container>
+
+</arquillian>
Added: modules/security/trunk/external/src/test/resources/jndi.properties
===================================================================
--- modules/security/trunk/external/src/test/resources/jndi.properties (rev 0)
+++ modules/security/trunk/external/src/test/resources/jndi.properties 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,3 @@
+java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
+java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
+java.naming.provider.url=jnp://localhost:1099
Added: modules/security/trunk/external/src/test/resources/log4j.xml
===================================================================
--- modules/security/trunk/external/src/test/resources/log4j.xml (rev 0)
+++ modules/security/trunk/external/src/test/resources/log4j.xml 2010-08-26 09:27:12 UTC (rev 13645)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"
+ debug="false">
+
+ <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+ <param name="Threshold" value="TRACE" />
+ <param name="Target" value="System.out" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n" />
+ </layout>
+ </appender>
+
+ <category name="org.jboss.seam.security">
+ <priority value="DEBUG" />
+ </category>
+
+ <root>
+ <priority value="DEBUG" />
+ <appender-ref ref="CONSOLE" />
+ </root>
+
+</log4j:configuration>
Added: modules/security/trunk/external/src/test/resources/test_keystore.jks
===================================================================
(Binary files differ)
Property changes on: modules/security/trunk/external/src/test/resources/test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
More information about the seam-commits
mailing list