[seam-commits] Seam SVN: r13692 - in modules/security/trunk/external/src: main/java/org/jboss/seam/security/external/api and 15 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Wed Sep 1 09:39:02 EDT 2010
Author: marcelkolsteren
Date: 2010-09-01 09:39:00 -0400 (Wed, 01 Sep 2010)
New Revision: 13692
Added:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/EntityConfigurationApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyConfigurationApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityConfigurationApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderConfigurationApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderConfigurationApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInApplicationScopeProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInVirtualApplicationScopeProducer.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlSingleUserServiceProviderSpi.java
modules/security/trunk/external/src/main/resources/META-INF/services/
modules/security/trunk/external/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
modules/security/trunk/external/src/main/resources/META-INF/web-fragment.xml
Removed:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
modules/security/trunk/external/src/main/resources/services/
Modified:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java
modules/security/trunk/external/src/test/resources/jndi.properties
Log:
External authentication changes:
- Use servlets instead of servlet filters for OpenID and SAML endpoints.
- Created a single user shell around the multi user SAML API.
- Combined receiver/sender classes into services.
- Documented the SAML API/SPI classes.
- Added the SAML relayState.
- Fixed the unsolicited (IDP-initiated) login for the SAML Service Provider.
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -7,6 +7,7 @@
import javax.inject.Inject;
import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.saml.SamlMessage;
import org.jboss.seam.security.external.saml.SamlPostMessage;
import org.jboss.seam.security.external.saml.SamlRedirectMessage;
@@ -21,7 +22,7 @@
public void sendFormToUserAgent(String destination, SamlPostMessage message)
{
- String key = message.getRequestOrResponse().isRequest() ? SamlRedirectMessage.QSP_SAML_REQUEST : SamlRedirectMessage.QSP_SAML_RESPONSE;
+ String key = message.getRequestOrResponse().isRequest() ? SamlMessage.QSP_SAML_REQUEST : SamlMessage.QSP_SAML_RESPONSE;
if (destination == null)
throw new IllegalStateException("Destination is null");
@@ -40,6 +41,10 @@
builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + message.getSamlMessage() + "\"/>");
+ if (message.getRelayState() != null)
+ {
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SamlMessage.QSP_RELAY_STATE + "\"" + " VALUE=\"" + message.getRelayState() + "\"/>");
+ }
builder.append("</FORM></BODY></HTML>");
PrintWriter writer = getWriter();
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/EntityConfigurationApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/EntityConfigurationApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/EntityConfigurationApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface EntityConfigurationApi
+{
+ String getProtocol();
+
+ void setProtocol(String protocol);
+
+ String getHostName();
+
+ void setHostName(String hostName);
+
+ int getPort();
+
+ void setPort(int port);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/EntityConfigurationApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdAttribute.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -31,6 +31,14 @@
private String typeUri;
private boolean required;
+ public OpenIdAttribute(String alias, String typeUri, boolean required)
+ {
+ super();
+ this.alias = alias;
+ this.typeUri = typeUri;
+ this.required = required;
+ }
+
public String getAlias()
{
return alias;
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdPrincipal.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -22,7 +22,6 @@
package org.jboss.seam.security.external.api;
import java.net.URL;
-import java.security.Principal;
import java.util.List;
import java.util.Map;
@@ -31,7 +30,7 @@
*
*/
// TODO: create hash code and equals method
-public class OpenIdPrincipal implements Principal
+public class OpenIdPrincipal
{
private String identifier;
@@ -47,11 +46,6 @@
this.attributes = attributes;
}
- public String getName()
- {
- return identifier;
- }
-
public String getIdentifier()
{
return identifier;
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -21,13 +21,13 @@
*/
package org.jboss.seam.security.external.api;
+import java.util.List;
+
/**
* @author Marcel Kolsteren
*
*/
public interface OpenIdRelyingPartyApi
{
- public void signOn(String openId);
-
- public void logout(OpenIdPrincipal principal);
+ public void login(String openId, List<OpenIdAttribute> attributes);
}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyConfigurationApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyConfigurationApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyConfigurationApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,27 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+public interface OpenIdRelyingPartyConfigurationApi extends EntityConfigurationApi
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyConfigurationApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.api;
-
-import java.io.Reader;
-import java.io.Writer;
-import java.util.List;
-
-import org.jboss.seam.security.external.saml.SamlExternalEntity;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public interface SamlEntityApi
-{
- String getProtocol();
-
- void setProtocol(String protocol);
-
- void setEntityId(String entityId);
-
- String getEntityId();
-
- String getHostName();
-
- void setHostName(String hostName);
-
- int getPort();
-
- void setPort(int port);
-
- SamlBinding getPreferredBinding();
-
- void setPreferredBinding(SamlBinding preferredBinding);
-
- void setSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass);
-
- SamlExternalEntity getExternalSamlEntityByEntityId(String entityId);
-
- SamlExternalEntity addExternalSamlEntity(Reader reader);
-
- List<SamlExternalEntity> getExternalSamlEntities();
-
- void writeMetaData(Writer writer);
-}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityConfigurationApi.java (from rev 13645, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityApi.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityConfigurationApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlEntityConfigurationApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,67 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.io.Reader;
+import java.io.Writer;
+import java.util.List;
+
+import org.jboss.seam.security.external.saml.SamlExternalEntity;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlEntityConfigurationApi
+{
+ String getProtocol();
+
+ void setProtocol(String protocol);
+
+ void setEntityId(String entityId);
+
+ String getEntityId();
+
+ String getHostName();
+
+ void setHostName(String hostName);
+
+ int getPort();
+
+ void setPort(int port);
+
+ SamlBinding getPreferredBinding();
+
+ void setPreferredBinding(SamlBinding preferredBinding);
+
+ void setSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass);
+
+ SamlExternalEntity getExternalSamlEntityByEntityId(String entityId);
+
+ SamlExternalEntity addExternalSamlEntity(Reader reader);
+
+ List<SamlExternalEntity> getExternalSamlEntities();
+
+ void writeMetaData(Writer writer);
+
+ String getMetaDataURL();
+}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -22,39 +22,89 @@
package org.jboss.seam.security.external.api;
import java.util.List;
-import java.util.Set;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external.saml.idp.SamlExternalServiceProvider;
import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+import org.jboss.seam.security.external.spi.SamlIdentityProviderSpi;
/**
* @author Marcel Kolsteren
*
*/
-public interface SamlIdentityProviderApi extends SamlEntityApi
+
+public interface SamlIdentityProviderApi
{
- void authenticationSucceeded(SamlNameId nameId, List<AttributeType> attributes);
+ /**
+ * Creates a local SAML session for the user with the given name and
+ * attributes. This call is typically done before a remoteLogin or an
+ * authenticationSucceeded call.
+ *
+ * @param nameId
+ * @param attributes
+ */
+ void localLogin(SamlNameId nameId, List<AttributeType> attributes);
- void authenticationSucceeded(SamlIdpSession sessionToJoin);
+ /**
+ * <p>
+ * Logs the user in remotely in the application of the given service
+ * provider. If the remote URL is specified, the service provider will
+ * redirect the user to that URL. Otherwise, the service provider will
+ * determine for itself which page is shown to the user.
+ * </p>
+ *
+ * <p>
+ * In SAML terms, this call results in an "unsolicited login" at the side of
+ * the service provider.
+ * </p>
+ *
+ * @param spEntityId the entity id of the remote service provider
+ * @param remoteUrl the URL where the user agent needs to be redirected to by
+ * the service provider (can be null)
+ */
+ void remoteLogin(String spEntityId, String remoteUrl);
+ /**
+ * This is one of the possible responses that relate to the SPI call
+ * {@link SamlIdentityProviderSpi#authenticate}. If should be called in the
+ * same dialogue context as the corresponding SPI call. It instructs the SAML
+ * identity provider to send a positive authentication result back to the
+ * service provider, using the local SAML session, which must have been
+ * established before this call is done.
+ */
+ void authenticationSucceeded();
+
+ /**
+ * This is one of the possible responses that relate to the SPI call
+ * {@link SamlIdentityProviderSpi#authenticate}. If should be called in the
+ * same dialogue context as the corresponding SPI call. It instructs the SAML
+ * identity provider to send a positive authentication result back to the
+ * service provider.
+ */
void authenticationFailed();
- Set<SamlIdpSession> getSessions();
+ /**
+ * Gets the current SAML session. This contains information about the logged
+ * in user, and the external service providers that take part in this
+ * session.
+ *
+ * @return the session
+ */
+ SamlIdpSession getSession();
- List<SamlExternalServiceProvider> getServiceProviders();
+ /**
+ * Removes the local SAML session for the current user. This use case is
+ * considered out of scope by the SAML spec (see the SAMLv2 Profiles
+ * document, section 4.4). External service providers that take part in the
+ * session are not informed about the fact that the shared session has been
+ * removed at the identity provider side.
+ */
+ void localLogout();
- void logout(SamlPrincipal principal, List<String> indexes);
-
- boolean isWantAuthnRequestsSigned();
-
- void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned);
-
- boolean isSingleLogoutMessagesSigned();
-
- void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned);
-
- boolean isWantSingleLogoutMessagesSigned();
-
- void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned);
+ /**
+ * Globally logs out the current user. This leads to a "single logout" where
+ * the identity provider logs out the user from all service providers that
+ * participate in the current session. The result of the global logout is
+ * reported asynchronously through the SPI.
+ */
+ void globalLogout();
}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderConfigurationApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderConfigurationApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderConfigurationApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.List;
+
+import org.jboss.seam.security.external.saml.idp.SamlExternalServiceProvider;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlIdentityProviderConfigurationApi extends SamlEntityConfigurationApi
+{
+ boolean isWantAuthnRequestsSigned();
+
+ void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned);
+
+ boolean isSingleLogoutMessagesSigned();
+
+ void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned);
+
+ boolean isWantSingleLogoutMessagesSigned();
+
+ void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned);
+
+ List<SamlExternalServiceProvider> getServiceProviders();
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderConfigurationApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java (from rev 13645, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.List;
+import java.util.Set;
+
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlMultiUserIdentityProviderApi
+{
+ void authenticationSucceeded(SamlIdpSession session);
+
+ void authenticationFailed();
+
+ Set<SamlIdpSession> getSessions();
+
+ SamlIdpSession localLogin(SamlNameId nameId, List<AttributeType> attributes);
+
+ void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl);
+
+ void localLogout(SamlIdpSession session);
+
+ void globalLogout(SamlIdpSession session);
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java (from rev 13645, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.Set;
+
+import org.jboss.seam.security.external.saml.sp.SamlSpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlMultiUserServiceProviderApi
+{
+ public void login(String idpEntityId);
+
+ public void localLogout(SamlSpSession session);
+
+ public void globalLogout(SamlSpSession session);
+
+ public Set<SamlSpSession> getSessions();
+}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -21,41 +21,97 @@
*/
package org.jboss.seam.security.external.api;
-import java.util.List;
-import java.util.Set;
-
-import org.jboss.seam.security.external.saml.sp.SamlExternalIdentityProvider;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+import org.jboss.seam.security.external.saml.sp.SamlSpInApplicationScopeProducer;
+import org.jboss.seam.security.external.saml.sp.SamlSpInVirtualApplicationScopeProducer;
import org.jboss.seam.security.external.saml.sp.SamlSpSession;
+import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
+import org.jboss.seam.security.external.spi.SamlSingleUserServiceProviderSpi;
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
/**
+ * API to the SAMLv2 compliant service provider. In order to use this API, one
+ * of the following alternative beans need to be activated:
+ *
+ * <ul>
+ * <li>{@link SamlSpInApplicationScopeProducer}</li>
+ * <li>{@link SamlSpInVirtualApplicationScopeProducer}</li>
+ * </ul>
+ *
+ * The former will install the service provider in application scope, the latter
+ * will install it in virtual application scope. The virtual application scope
+ * allows for using different service provider configurations depending on the
+ * server name. See {@link VirtualApplicationScoped}
+ *
+ * <p>
+ * This API (implemented by the framework) comes along with an SPI:
+ * {@link SamlServiceProviderSpi} (implemented by the client application).
+ * Dialogues are used to bridge corresponding API and SPI calls (see
+ * {@link Dialogued}).
+ * </p>
+ *
+ * <p>
+ * All methods in this API, except the {@link #logout} method, require that the
+ * request scoped {@link ResponseHolder} bean contains a link to the current
+ * HTTP response. The implementation needs to response, in order to redirect the
+ * browser to the identity provider. Beware not to touch the HTTP response after
+ * one of these method returns.
+ * </p>
+ *
* @author Marcel Kolsteren
*
*/
-public interface SamlServiceProviderApi extends SamlEntityApi
+public interface SamlServiceProviderApi
{
- public void signOn(String idpEntityId);
+ /**
+ * Sends the user agent to the site of the given identity provider, where the
+ * user can be authenticated. When the call returns, a redirect on the HTTP
+ * response has taken place. The response of the identity provider will be
+ * sent asynchronously through the SPI methods
+ * {@link SamlSingleUserServiceProviderSpi#loginSucceeded(OpenIdSession)} or
+ * {@link SamlSingleUserServiceProviderSpi#loginFailed(OpenIdSession)}. If
+ * the method is called within a dialogue, that same dialogue will be active
+ * when the SPI method is called. Thus, the dialogue can be used to store API
+ * client state that needs to survive the sign on process.
+ *
+ * @param idpEntityId
+ */
+ public void login(String idpEntityId);
- public void logout(SamlSpSession session);
+ /**
+ * <p>
+ * Locally logs out the user. This use case is considered out of scope by the
+ * SAML spec (see the SAMLv2 Profiles document, section 4.4). The local
+ * logout means that the session established by the SAML SP is not used any
+ * more by the application. So when the SAML SP will receive a logout request
+ * for this session in the future, it won't pass that on to the application.
+ * </p>
+ *
+ * <p>
+ * This method doesn't write the HTTP response.
+ * </p>
+ */
+ public void localLogout();
- public void singleLogout(SamlSpSession session);
+ /**
+ * Globally logs out the user. The browser of the user is redirected to the
+ * site of the identity provider, so that the identity provider can logout
+ * the user from all applications that share the same session at the identity
+ * provider. The result of the logout operation is reported back
+ * asynchronously through the SPI methods
+ * {@link SamlSingleUserServiceProviderSpi#globalLogoutSucceeded()} and
+ * {@link SamlSingleUserServiceProviderSpi#singleLogoutFailed()}. If this
+ * method is called with an active dialogue scope, the same dialogue will be
+ * active when the SPI method is called. This allows the API client to store
+ * state information in the dialogue.
+ */
+ public void globalLogout();
- public Set<SamlSpSession> getSessions();
-
- List<SamlExternalIdentityProvider> getIdentityProviders();
-
- boolean isAuthnRequestsSigned();
-
- void setAuthnRequestsSigned(boolean authnRequestsSigned);
-
- boolean isWantAssertionsSigned();
-
- void setWantAssertionsSigned(boolean wantAssertionsSigned);
-
- boolean isSingleLogoutMessagesSigned();
-
- void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned);
-
- boolean isWantSingleLogoutMessagesSigned();
-
- void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned);
+ /**
+ * Gets the current session (login). If there is no active session, null is
+ * returned.
+ *
+ * @return active session, or null
+ */
+ public SamlSpSession getSession();
}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderConfigurationApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderConfigurationApi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderConfigurationApi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.api;
+
+import java.util.List;
+
+import org.jboss.seam.security.external.saml.sp.SamlExternalIdentityProvider;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlServiceProviderConfigurationApi extends SamlEntityConfigurationApi
+{
+ /**
+ * Returns a list with all identity providers that are supported (trusted).
+ * This allows the API client to present the list to the user, so that the
+ * user can choose the provider that needs to be used for doing the login.
+ *
+ * @return list of identity providers
+ */
+ List<SamlExternalIdentityProvider> getIdentityProviders();
+
+ /**
+ * If this property is enabled, all authentication requests targeted at
+ * identity providers will be signed. The property is disabled by default.
+ * When enabling it, be sure to add a signing key by calling
+ * {@link SamlEntityConfigurationApi#setSigningKey(String, String, String, String)}
+ * .
+ *
+ * @return true iff the authentication requests are signed
+ */
+ boolean isAuthnRequestsSigned();
+
+ /**
+ * See {@link #isAuthnRequestsSigned}.
+ */
+ void setAuthnRequestsSigned(boolean authnRequestsSigned);
+
+ /**
+ * This property, which is enabled by default, determines whether incoming
+ * authentication responses from the identity provider are required to have a
+ * valid signature. It is strongly discouraged to disabled signature
+ * validation, because this opens possibilities for sending fake
+ * authentication responses to the service provider.
+ *
+ * @return true iff incoming assertions need to have a valid signature
+ */
+ boolean isWantAssertionsSigned();
+
+ /**
+ * See {@link #isWantAssertionsSigned()}.
+ */
+ void setWantAssertionsSigned(boolean wantAssertionsSigned);
+
+ /**
+ * This property indicates whether outgoing single logout messages are
+ * signed. True by default, and the advice is not to disable this property,
+ * unless you understand the security risks of doing so.
+ *
+ * @return true iff the single logout requests (sent to identity providers)
+ * are signed
+ */
+ boolean isSingleLogoutMessagesSigned();
+
+ /**
+ * See {@link #isSingleLogoutMessagesSigned()}.
+ */
+ void setSingleLogoutMessagesSigned(boolean singleLogoutMessagesSigned);
+
+ /**
+ * This property indicates whether incoming single logout requests are
+ * required to have a valid signature. True by default, and the advice is not
+ * to disable this property, unless you understand the security risks of
+ * doing so.
+ *
+ * @return true iff incoming single logout requests need to have a valid
+ * signature
+ */
+ boolean isWantSingleLogoutMessagesSigned();
+
+ /**
+ * See {@link #isWantSingleLogoutMessagesSigned()}.
+ */
+ void setWantSingleLogoutMessagesSigned(boolean wantSingleLogoutMessagesSigned);
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderConfigurationApi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -23,9 +23,11 @@
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.servlet.ServletContextEvent;
+import org.jboss.seam.security.external.dialogues.api.AfterDialogueActivation;
import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.servlet.event.qualifier.Destroyed;
import org.jboss.seam.servlet.event.qualifier.Initialized;
@@ -42,6 +44,9 @@
@Inject
private Instance<Dialogue> dialogue;
+ @Inject
+ private BeanManager beanManager;
+
protected void servletInitialized(@Observes @Initialized final ServletContextEvent e)
{
dialogueContextExtension.getDialogueContext().initialize(e.getServletContext());
@@ -56,6 +61,7 @@
{
String dialogueId = dialogueContextExtension.getDialogueContext().create();
dialogue.get().setDialogueId(dialogueId);
+ beanManager.fireEvent(new AfterDialogueActivation());
}
public void endDialogue()
@@ -66,11 +72,19 @@
public void attachDialogue(String requestId)
{
dialogueContextExtension.getDialogueContext().attach(requestId);
+ beanManager.fireEvent(new AfterDialogueActivation());
}
public void detachDialogue()
{
- dialogueContextExtension.getDialogueContext().detach();
+ if (dialogue.get().isFinished())
+ {
+ endDialogue();
+ }
+ else
+ {
+ dialogueContextExtension.getDialogueContext().detach();
+ }
}
public boolean isExistingDialogue(String dialogueId)
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialoguedInterceptor.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -21,13 +21,11 @@
*/
package org.jboss.seam.security.external.dialogues;
-import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
-import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
/**
@@ -41,19 +39,20 @@
@Inject
private DialogueManager manager;
- @Inject
- private Instance<Dialogue> dialogue;
-
@AroundInvoke
public Object intercept(InvocationContext ctx) throws Exception
{
- boolean joined = false;
+ boolean joined;
Object result;
boolean join = ctx.getMethod().getAnnotation(Dialogued.class).join();
if (!join || !manager.isAttached())
{
manager.beginDialogue();
+ joined = false;
+ }
+ else
+ {
joined = true;
}
@@ -65,28 +64,16 @@
{
if (!joined)
{
- endOrDetachDialogue();
+ manager.detachDialogue();
}
throw (e);
}
if (!joined)
{
- endOrDetachDialogue();
+ manager.detachDialogue();
}
return result;
}
-
- private void endOrDetachDialogue()
- {
- if (dialogue.get().isFinished())
- {
- manager.endDialogue();
- }
- else
- {
- manager.detachDialogue();
- }
- }
}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues.api;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class AfterDialogueActivation
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,58 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import javax.inject.Inject;
-
-import org.jboss.seam.security.external.EntityBean;
-import org.jboss.seam.security.external.api.OpenIdPrincipal;
-import org.jboss.seam.security.external.api.OpenIdRelyingPartyApi;
-import org.jboss.seam.security.external.dialogues.api.Dialogued;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class OpenIdBean extends EntityBean implements OpenIdRelyingPartyApi
-{
- @Inject
- private OpenIdSingleLoginSender openIdSingleLoginSender;
-
- @Inject
- private OpenIdSessions openIdSessions;
-
- @Dialogued
- public void signOn(String openId)
- {
- openIdSingleLoginSender.sendAuthRequest(openId);
- }
-
- @Dialogued
- public void logout(OpenIdPrincipal openIdPrincipal)
- {
- if (!openIdSessions.isLoggedIn(openIdPrincipal))
- {
- throw new RuntimeException("Not logged in");
- }
- openIdSessions.logout(openIdPrincipal);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdFilterInstaller.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,47 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.event.Observes;
-import javax.servlet.FilterRegistration;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-
-import org.jboss.seam.servlet.event.qualifier.Initialized;
-
-/**
- * @author Marcel Kolsteren
- *
- */
- at ApplicationScoped
-public class OpenIdFilterInstaller
-{
- public static final String FILTER_PATH = "/openid";
-
- protected void contextInitialized(@Observes @Initialized ServletContextEvent event)
- {
- ServletContext servletContext = event.getServletContext();
- FilterRegistration filterRegistration = servletContext.addFilter("OpenIdFilter", new OpenIdServletFilter());
- filterRegistration.addMappingForUrlPatterns(null, true, FILTER_PATH + "/*");
- }
-}
\ No newline at end of file
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdMessageHandler.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,79 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.external.InvalidRequestException;
-import org.jboss.seam.security.external.ResponseHandler;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class OpenIdMessageHandler
-{
- @Inject
- private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
-
- @Inject
- private OpenIdXrdsProvider openIdXrdsProvider;
-
- @Inject
- private ResponseHandler responseHolder;
-
- public void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
- {
- OpenIdService service = determineService(httpRequest);
-
- switch (service)
- {
- case OPEN_ID_SERVICE:
- openIdSingleLoginReceiver.handleIncomingMessage(httpRequest);
- break;
- case OPEN_ID_XRDS_SERVICE:
- openIdXrdsProvider.writeMetaData(responseHolder.getWriter("application/xrds+xml"));
- break;
- default:
- throw new RuntimeException("Unsupported service " + service);
- }
- }
-
- private OpenIdService determineService(HttpServletRequest httpRequest)
- {
- String path = httpRequest.getRequestURI();
-
- for (OpenIdService service : OpenIdService.values())
- {
- if (path.contains(service.getName()))
- {
- return service;
- }
- }
- return null;
- }
-
- public void destroy()
- {
- }
-}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java (from rev 13662, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdBean.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,84 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+
+import javax.inject.Inject;
+import javax.servlet.ServletContext;
+
+import org.jboss.seam.security.external.EntityBean;
+import org.jboss.seam.security.external.api.OpenIdAttribute;
+import org.jboss.seam.security.external.api.OpenIdRelyingPartyApi;
+import org.jboss.seam.security.external.api.OpenIdRelyingPartyConfigurationApi;
+import org.jboss.seam.security.external.dialogues.api.Dialogued;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdRpBean extends EntityBean implements OpenIdRelyingPartyApi, OpenIdRelyingPartyConfigurationApi
+{
+ @Inject
+ private OpenIdSingleLoginService openIdSingleLoginSender;
+
+ @Inject
+ private ServletContext servletContext;
+
+ @Dialogued
+ public void login(String openId, List<OpenIdAttribute> attributes)
+ {
+ openIdSingleLoginSender.sendAuthRequest(openId, attributes);
+ }
+
+ public String getServiceURL(OpenIdService service)
+ {
+ String path = servletContext.getContextPath() + "/openid/" + service.getName();
+ return createURL(path);
+ }
+
+ public String getRealm()
+ {
+ return createURL("");
+ }
+
+ private String createURL(String path)
+ {
+ try
+ {
+ if (protocol.equals("http") && port == 80 || protocol.equals("https") && port == 443)
+ {
+ return new URL(protocol, hostName, path).toExternalForm();
+ }
+ else
+ {
+ return new URL(protocol, hostName, port, path).toExternalForm();
+ }
+ }
+ catch (MalformedURLException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInApplicationScopeProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInApplicationScopeProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInApplicationScopeProducer.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.New;
+import javax.enterprise.inject.Produces;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Alternative
+public class OpenIdRpInApplicationScopeProducer
+{
+ @Produces
+ @ApplicationScoped
+ public OpenIdRpBean produce(@New OpenIdRpBean rp)
+ {
+ return rp;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInApplicationScopeProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInVirtualApplicationScopeProducer.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInVirtualApplicationScopeProducer.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInVirtualApplicationScopeProducer.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.New;
+import javax.enterprise.inject.Produces;
+
+import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+ at Alternative
+public class OpenIdRpInVirtualApplicationScopeProducer
+{
+ @Produces
+ @VirtualApplicationScoped
+ public OpenIdRpBean produce(@New OpenIdRpBean rp)
+ {
+ return rp;
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpInVirtualApplicationScopeProducer.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdService.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -21,6 +21,7 @@
*/
package org.jboss.seam.security.external.openid;
+
/**
* @author Marcel Kolsteren
*
@@ -42,4 +43,16 @@
{
return name;
}
+
+ public static OpenIdService getByName(String name)
+ {
+ for (OpenIdService service : values())
+ {
+ if (service.getName().equals(name))
+ {
+ return service;
+ }
+ }
+ return null;
+ }
}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServiceProvider.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,80 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import java.util.List;
-
-import javax.inject.Inject;
-import javax.servlet.ServletContext;
-
-import org.jboss.seam.security.external.EntityBean;
-import org.jboss.seam.security.external.api.OpenIdAttribute;
-import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
-
-/**
- * @author Marcel Kolsteren
- *
- */
- at VirtualApplicationScoped
-public class OpenIdServiceProvider extends EntityBean
-{
- private List<OpenIdAttribute> attributes;
-
- private String realm;
-
- @Inject
- private ServletContext servletContext;
-
- public String getServiceURL(OpenIdService service)
- {
- String portString;
- if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443)
- {
- portString = ":" + port;
- }
- else
- {
- portString = "";
- }
- return protocol + "://" + hostName + portString + servletContext.getContextPath() + OpenIdFilterInstaller.FILTER_PATH + "/" + service.getName();
- }
-
- public List<OpenIdAttribute> getAttributes()
- {
- return attributes;
- }
-
- public void setAttributes(List<OpenIdAttribute> attributes)
- {
- this.attributes = attributes;
- }
-
- public String getRealm()
- {
- return realm;
- }
-
- public void setRealm(String realm)
- {
- this.realm = realm;
- }
-}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java (from rev 13665, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.inject.Inject;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.slf4j.Logger;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdServlet extends HttpServlet
+{
+ private static final long serialVersionUID = -3058316157797375740L;
+
+ @Inject
+ private Logger log;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ @Inject
+ private ResponseHandler responseHandler;
+
+ @Inject
+ private OpenIdSingleLoginService openIdSingleLoginService;
+
+ @Inject
+ private OpenIdXrdsProvider openIdXrdsProvider;
+
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ doGetOrPost(request, response);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ doGetOrPost(request, response);
+ }
+
+ private void doGetOrPost(HttpServletRequest request, HttpServletResponse response) throws IOException
+ {
+ try
+ {
+ responseHolder.setResponse(response);
+ handleMessage(request);
+ }
+ catch (InvalidRequestException e)
+ {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getDescription());
+ if (log.isInfoEnabled())
+ {
+ log.info("Bad request received from {}: {}", request.getRemoteHost(), e.getDescription());
+ }
+ }
+ }
+
+ private void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ {
+ Matcher matcher = Pattern.compile("/([^/]*?)$").matcher(httpRequest.getRequestURI());
+ boolean found = matcher.find();
+ if (!found)
+ {
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ return;
+ }
+ OpenIdService service = OpenIdService.getByName(matcher.group(1));
+
+ if (service == null)
+ {
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ return;
+ }
+
+ switch (service)
+ {
+ case OPEN_ID_SERVICE:
+ openIdSingleLoginService.handleIncomingMessage(httpRequest);
+ break;
+ case OPEN_ID_XRDS_SERVICE:
+ openIdXrdsProvider.writeMetaData(responseHandler.getWriter("application/xrds+xml"));
+ break;
+ default:
+ throw new RuntimeException("Unsupported service " + service);
+ }
+ }
+
+ public void destroy()
+ {
+ }
+}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServletFilter.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,80 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import java.io.IOException;
-
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.external.InvalidRequestException;
-import org.jboss.seam.security.external.api.ResponseHolder;
-import org.slf4j.Logger;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class OpenIdServletFilter implements Filter
-{
- @Inject
- private Logger log;
-
- @Inject
- private Instance<OpenIdMessageHandler> openIdMessageHandler;
-
- @Inject
- private ResponseHolder responseHolder;
-
- public void init(FilterConfig filterConfig) throws ServletException
- {
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
- {
- try
- {
- responseHolder.setResponse((HttpServletResponse) response);
- openIdMessageHandler.get().handleMessage((HttpServletRequest) request);
- }
- catch (InvalidRequestException e)
- {
- ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, e.getDescription());
- if (log.isInfoEnabled())
- {
- log.info("Bad request received from {}: {}", request.getRemoteHost(), e.getDescription());
- }
- }
- }
-
- public void destroy()
- {
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSessions.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,56 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import java.io.Serializable;
-import java.util.Set;
-
-import javax.enterprise.context.SessionScoped;
-
-import org.jboss.seam.security.external.api.OpenIdPrincipal;
-
-/**
- * @author Marcel Kolsteren
- *
- */
- at SessionScoped
-public class OpenIdSessions implements Serializable
-{
- private static final long serialVersionUID = -6167224737841053169L;
-
- private Set<OpenIdPrincipal> loggedInPrincipals;
-
- public boolean isLoggedIn(OpenIdPrincipal principal)
- {
- return loggedInPrincipals.contains(principal);
- }
-
- public void login(OpenIdPrincipal principal)
- {
- loggedInPrincipals.add(principal);
- }
-
- public void logout(OpenIdPrincipal principal)
- {
- loggedInPrincipals.remove(principal);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,120 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import java.net.URL;
-import java.util.List;
-import java.util.Map;
-
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.external.InvalidRequestException;
-import org.jboss.seam.security.external.api.OpenIdPrincipal;
-import org.jboss.seam.security.external.spi.OpenIdServiceProviderSpi;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.consumer.VerificationResult;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.discovery.Identifier;
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.ParameterList;
-import org.openid4java.message.ax.AxMessage;
-import org.openid4java.message.ax.FetchResponse;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class OpenIdSingleLoginReceiver
-{
- @Inject
- private OpenIdRequest openIdRequest;
-
- @Inject
- private ConsumerManager openIdConsumerManager;
-
- @Inject
- private Instance<OpenIdServiceProviderSpi> openIdServiceProviderSpi;
-
- @Inject
- private OpenIdSessions openIdSessions;
-
- @SuppressWarnings("unchecked")
- public void handleIncomingMessage(HttpServletRequest httpRequest) throws InvalidRequestException
- {
- try
- {
- // extract the parameters from the authentication response
- // (which comes in as a HTTP request from the OpenID provider)
- ParameterList response = new ParameterList(httpRequest.getParameterMap());
-
- // retrieve the previously stored discovery information
- DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
-
- // extract the receiving URL from the HTTP request
- StringBuffer receivingURL = httpRequest.getRequestURL();
- String queryString = httpRequest.getQueryString();
- if (queryString != null && queryString.length() > 0)
- receivingURL.append("?").append(httpRequest.getQueryString());
-
- // verify the response; ConsumerManager needs to be the same
- // (static) instance used to place the authentication request
- VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
-
- // examine the verification result and extract the verified identifier
- Identifier identifier = verification.getVerifiedId();
-
- if (identifier != null)
- {
- AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
-
- Map<String, List<String>> attributes = null;
- if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
- {
- FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
-
- attributes = fetchResp.getAttributes();
- }
-
- OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
- openIdSessions.login(principal);
-
- openIdServiceProviderSpi.get().loginSucceeded(principal);
- }
- else
- {
- openIdServiceProviderSpi.get().loginFailed();
- }
- }
- catch (OpenIDException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
- {
- return new OpenIdPrincipal(identifier, openIdProvider, attributes);
- }
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginSender.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,98 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.openid;
-
-import java.util.List;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-
-import org.jboss.seam.security.external.ResponseHandler;
-import org.jboss.seam.security.external.api.OpenIdAttribute;
-import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.message.AuthRequest;
-import org.openid4java.message.ax.FetchRequest;
-
-/**
- * @author Marcel Kolsteren
- *
- */
- at ApplicationScoped
-public class OpenIdSingleLoginSender
-{
- @Inject
- private OpenIdRequest openIdRequest;
-
- @Inject
- private ConsumerManager openIdConsumerManager;
-
- @Inject
- private OpenIdServiceProvider serviceProvider;
-
- @Inject
- private ResponseHandler responseHandler;
-
- @Inject
- private Instance<SamlServiceProviderSpi> samlServiceProviderSpi;
-
- public void sendAuthRequest(String openId)
- {
- try
- {
- @SuppressWarnings("unchecked")
- List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
-
- DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
-
- openIdRequest.setDiscoveryInformation(discovered);
-
- String openIdServiceUrl = serviceProvider.getServiceURL(OpenIdService.OPEN_ID_SERVICE);
- String realm = serviceProvider.getRealm();
- AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
-
- // Request attributes
- List<OpenIdAttribute> attributes = serviceProvider.getAttributes();
- if (attributes.size() > 0)
- {
- FetchRequest fetch = FetchRequest.createFetchRequest();
- for (OpenIdAttribute attribute : attributes)
- {
- fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
- }
- // attach the extension to the authentication request
- authReq.addExtension(fetch);
- }
-
- String url = authReq.getDestinationUrl(true);
-
- responseHandler.sendHttpRedirectToUserAgent(url);
- }
- catch (OpenIDException e)
- {
- samlServiceProviderSpi.get().loginFailed();
- }
- }
-}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginService.java (from rev 13662, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginService.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdSingleLoginService.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,162 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.openid;
+
+import java.net.URL;
+import java.util.List;
+import java.util.Map;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.api.OpenIdAttribute;
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+import org.jboss.seam.security.external.spi.OpenIdRelyingPartySpi;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.Identifier;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.ParameterList;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchRequest;
+import org.openid4java.message.ax.FetchResponse;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class OpenIdSingleLoginService
+{
+ @Inject
+ private OpenIdRequest openIdRequest;
+
+ @Inject
+ private ConsumerManager openIdConsumerManager;
+
+ @Inject
+ private Instance<OpenIdRelyingPartySpi> openIdRelyingPartySpi;
+
+ @Inject
+ private OpenIdRpBean relyingPartyBean;
+
+ @Inject
+ private ResponseHandler responseHandler;
+
+ @SuppressWarnings("unchecked")
+ public void handleIncomingMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ {
+ try
+ {
+ // extract the parameters from the authentication response
+ // (which comes in as a HTTP request from the OpenID provider)
+ ParameterList response = new ParameterList(httpRequest.getParameterMap());
+
+ // retrieve the previously stored discovery information
+ DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
+
+ // extract the receiving URL from the HTTP request
+ StringBuffer receivingURL = httpRequest.getRequestURL();
+ String queryString = httpRequest.getQueryString();
+ if (queryString != null && queryString.length() > 0)
+ receivingURL.append("?").append(httpRequest.getQueryString());
+
+ // verify the response; ConsumerManager needs to be the same
+ // (static) instance used to place the authentication request
+ VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
+
+ // examine the verification result and extract the verified identifier
+ Identifier identifier = verification.getVerifiedId();
+
+ if (identifier != null)
+ {
+ AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
+
+ Map<String, List<String>> attributes = null;
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
+ {
+ FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
+
+ attributes = fetchResp.getAttributes();
+ }
+
+ OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
+
+ openIdRelyingPartySpi.get().loginSucceeded(principal);
+ }
+ else
+ {
+ openIdRelyingPartySpi.get().loginFailed();
+ }
+ }
+ catch (OpenIDException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+ {
+ return new OpenIdPrincipal(identifier, openIdProvider, attributes);
+ }
+
+ public void sendAuthRequest(String openId, List<OpenIdAttribute> attributes)
+ {
+ try
+ {
+ @SuppressWarnings("unchecked")
+ List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
+
+ DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
+
+ openIdRequest.setDiscoveryInformation(discovered);
+
+ String openIdServiceUrl = relyingPartyBean.getServiceURL(OpenIdService.OPEN_ID_SERVICE);
+ String realm = relyingPartyBean.getRealm();
+ AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
+
+ if (attributes != null && attributes.size() > 0)
+ {
+ FetchRequest fetch = FetchRequest.createFetchRequest();
+ for (OpenIdAttribute attribute : attributes)
+ {
+ fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
+ }
+ // attach the extension to the authentication request
+ authReq.addExtension(fetch);
+ }
+
+ String url = authReq.getDestinationUrl(true);
+
+ responseHandler.sendHttpRedirectToUserAgent(url);
+ }
+ catch (OpenIDException e)
+ {
+ openIdRelyingPartySpi.get().loginFailed();
+ }
+ }
+}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdXrdsProvider.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -44,7 +44,7 @@
public class OpenIdXrdsProvider
{
@Inject
- private OpenIdServiceProvider serviceProvider;
+ private OpenIdRpBean serviceProvider;
@Inject
@JaxbContext(ObjectFactory.class)
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlDialogue.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -34,6 +34,8 @@
private String externalProviderMessageId;
+ private String externalProviderRelayState;
+
public void setExternalProvider(SamlExternalEntity externalProvider)
{
this.externalProvider = externalProvider;
@@ -54,4 +56,14 @@
this.externalProviderMessageId = externalProviderRequestId;
}
+ public String getExternalProviderRelayState()
+ {
+ return externalProviderRelayState;
+ }
+
+ public void setExternalProviderRelayState(String externalProviderRelayState)
+ {
+ this.externalProviderRelayState = externalProviderRelayState;
+ }
+
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlEntityBean.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -39,7 +39,7 @@
import org.jboss.seam.security.external.EntityBean;
import org.jboss.seam.security.external.JaxbContext;
import org.jboss.seam.security.external.api.SamlBinding;
-import org.jboss.seam.security.external.api.SamlEntityApi;
+import org.jboss.seam.security.external.api.SamlEntityConfigurationApi;
import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntitiesDescriptorType;
import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
@@ -55,7 +55,7 @@
* @author Marcel Kolsteren
*
*/
-public abstract class SamlEntityBean extends EntityBean implements SamlEntityApi
+public abstract class SamlEntityBean extends EntityBean implements SamlEntityConfigurationApi
{
private Map<String, SSODescriptorType> metaInfo = new HashMap<String, SSODescriptorType>();
@@ -72,9 +72,9 @@
@JaxbContext(ObjectFactory.class)
protected JAXBContext metaDataJaxbContext;
- private boolean singleLogoutMessagesSigned = false;
+ private boolean singleLogoutMessagesSigned = true;
- private boolean wantSingleLogoutMessagesSigned = false;
+ private boolean wantSingleLogoutMessagesSigned = true;
public String getServiceURL(SamlServiceType service)
{
@@ -87,9 +87,14 @@
{
portString = "";
}
- return protocol + "://" + hostName + portString + servletContext.getContextPath() + SamlFilterInstaller.FILTER_PATH + "/" + getIdpOrSp() + "/" + service.getName();
+ return protocol + "://" + hostName + portString + servletContext.getContextPath() + "/saml/" + getIdpOrSp() + "/" + service.getName();
}
+ public String getMetaDataURL()
+ {
+ return getServiceURL(SamlServiceType.SAML_META_DATA_SERVICE);
+ }
+
public void setEntityId(String entityId)
{
this.entityId = entityId;
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlFilterInstaller.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,47 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.saml;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.event.Observes;
-import javax.servlet.FilterRegistration;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-
-import org.jboss.seam.servlet.event.qualifier.Initialized;
-
-/**
- * @author Marcel Kolsteren
- *
- */
- at ApplicationScoped
-public class SamlFilterInstaller
-{
- public static final String FILTER_PATH = "/saml";
-
- protected void contextInitialized(@Observes @Initialized ServletContextEvent event)
- {
- ServletContext servletContext = event.getServletContext();
- FilterRegistration filterRegistration = servletContext.addFilter("SamlFilter", new SamlServletFilter());
- filterRegistration.addMappingForUrlPatterns(null, true, FILTER_PATH + "/*");
- }
-}
\ No newline at end of file
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessage.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -29,11 +29,14 @@
{
public static final String QSP_SAML_REQUEST = "SAMLRequest";
public static final String QSP_SAML_RESPONSE = "SAMLResponse";
+ public static final String QSP_RELAY_STATE = "RelayState";
protected SamlRequestOrResponse samlRequestOrResponse;
protected String samlMessage;
+ protected String relayState;
+
public SamlRequestOrResponse getRequestOrResponse()
{
return samlRequestOrResponse;
@@ -54,4 +57,13 @@
this.samlMessage = samlMessage;
}
+ public String getRelayState()
+ {
+ return relayState;
+ }
+
+ public void setRelayState(String relayState)
+ {
+ this.relayState = relayState;
+ }
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -107,9 +107,6 @@
@JaxbContext( { RequestAbstractType.class, StatusResponseType.class })
private JAXBContext jaxbContext;
- @Inject
- private Instance<SamlEntityBean> configuredSamlEntity;
-
public void handleIncomingSamlMessage(SamlServiceType service, HttpServletRequest httpRequest, SamlIdpOrSp idpOrSp) throws InvalidRequestException
{
String samlRequestParam = httpRequest.getParameter(SamlRedirectMessage.QSP_SAML_REQUEST);
@@ -165,103 +162,92 @@
log.debug("Received: " + SamlUtils.getDocumentAsString(document));
}
- if (samlRequestOrResponse.isRequest() || samlResponseMessage.getInResponseTo() == null)
+ try
{
- // Request or unsolicited response
-
- boolean serviceFound = false;
- String destination = samlRequestMessage.getDestination();
- for (SamlEntityBean samlEntityBean : configuredSamlEntity)
+ if (samlRequestOrResponse.isRequest() || samlResponseMessage.getInResponseTo() == null)
{
- for (SamlServiceType samlServiceType : SamlServiceType.values())
+ // Request or unsolicited response
+
+ String destination = samlRequestOrResponse.isRequest() ? samlRequestMessage.getDestination() : samlResponseMessage.getDestination();
+ if (!samlEntityBean.get().getServiceURL(service).equals(destination))
{
- if (samlEntityBean.getServiceURL(samlServiceType).equals(destination))
- {
- serviceFound = true;
- }
+ throw new InvalidRequestException("Destination (" + destination + ") is not valid.");
}
- }
- if (!serviceFound)
- {
- throw new InvalidRequestException("No service found at destination " + destination);
- }
- dialogueManager.beginDialogue();
- samlDialogue.get().setExternalProviderMessageId(samlRequestMessage.getID());
- SamlExternalEntity externalProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(issuerEntityId);
- if (externalProvider == null)
- {
- throw new InvalidRequestException("Received message from unknown entity id " + issuerEntityId);
+ dialogueManager.beginDialogue();
+ samlDialogue.get().setExternalProviderMessageId(samlRequestOrResponse.isRequest() ? samlRequestMessage.getID() : samlResponseMessage.getID());
+ SamlExternalEntity externalProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(issuerEntityId);
+ if (externalProvider == null)
+ {
+ throw new InvalidRequestException("Received message from unknown entity id " + issuerEntityId);
+ }
+ samlDialogue.get().setExternalProvider(externalProvider);
}
- samlDialogue.get().setExternalProvider(externalProvider);
- }
- else
- {
- String dialogueId = samlResponseMessage.getInResponseTo();
- if (!dialogueManager.isExistingDialogue(dialogueId))
+ else
{
- throw new InvalidRequestException("No request that corresponds with the received response");
- }
+ String dialogueId = samlResponseMessage.getInResponseTo();
+ if (!dialogueManager.isExistingDialogue(dialogueId))
+ {
+ throw new InvalidRequestException("No request that corresponds with the received response");
+ }
- dialogueManager.attachDialogue(dialogueId);
- if (!(samlDialogue.get().getExternalProvider().getEntityId().equals(issuerEntityId)))
- {
- throw new InvalidRequestException("Identity samlEntityBean of request and response do not match");
+ dialogueManager.attachDialogue(dialogueId);
+ if (!(samlDialogue.get().getExternalProvider().getEntityId().equals(issuerEntityId)))
+ {
+ throw new InvalidRequestException("Identity samlEntityBean of request and response do not match");
+ }
}
- }
- SamlExternalEntity externalProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(issuerEntityId);
+ SamlExternalEntity externalProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(issuerEntityId);
- boolean validate;
- if (samlRequestOrResponse.isRequest())
- {
- if (service.getProfile() == SamlProfile.SINGLE_SIGN_ON)
+ boolean validate;
+ if (samlRequestOrResponse.isRequest())
{
- if (idpOrSp == SamlIdpOrSp.IDP)
+ if (service.getProfile() == SamlProfile.SINGLE_SIGN_ON)
{
- validate = samlIdpBean.get().isWantAuthnRequestsSigned();
+ if (idpOrSp == SamlIdpOrSp.IDP)
+ {
+ validate = samlIdpBean.get().isWantAuthnRequestsSigned();
+ }
+ else
+ {
+ validate = samlSpBean.get().isWantAssertionsSigned();
+ }
}
else
{
- validate = samlSpBean.get().isWantAssertionsSigned();
+ if (idpOrSp == SamlIdpOrSp.IDP)
+ {
+ validate = samlIdpBean.get().isWantSingleLogoutMessagesSigned();
+ }
+ else
+ {
+ validate = samlSpBean.get().isWantSingleLogoutMessagesSigned();
+ }
}
}
else
{
- if (idpOrSp == SamlIdpOrSp.IDP)
+ validate = samlResponseMessage instanceof ResponseType;
+ }
+
+ if (validate)
+ {
+ if (log.isDebugEnabled())
{
- validate = samlIdpBean.get().isWantSingleLogoutMessagesSigned();
+ log.debug("Validating the signature");
}
+ if (httpRequest.getMethod().equals("POST"))
+ {
+ signatureUtilForPostBinding.validateSignature(externalProvider.getPublicKey(), document);
+ }
else
{
- validate = samlSpBean.get().isWantSingleLogoutMessagesSigned();
+ SamlRedirectMessage redirectMessage = new SamlRedirectMessage(samlRequestOrResponse, httpRequest);
+ signatureUtilForRedirectBinding.validateSignature(redirectMessage, externalProvider.getPublicKey());
}
}
- }
- else
- {
- validate = samlResponseMessage instanceof ResponseType;
- }
- if (validate)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Validating the signature");
- }
- if (httpRequest.getMethod().equals("POST"))
- {
- signatureUtilForPostBinding.validateSignature(externalProvider.getPublicKey(), document);
- }
- else
- {
- SamlRedirectMessage redirectMessage = new SamlRedirectMessage(samlRequestOrResponse, httpRequest);
- signatureUtilForRedirectBinding.validateSignature(redirectMessage, externalProvider.getPublicKey());
- }
- }
-
- try
- {
if (service.getProfile() == SamlProfile.SINGLE_SIGN_ON)
{
if (samlRequestOrResponse.isRequest())
@@ -301,7 +287,10 @@
}
catch (Exception e)
{
- dialogueManager.endDialogue();
+ if (dialogueManager.isAttached())
+ {
+ dialogueManager.endDialogue();
+ }
throw new RuntimeException(e);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -256,6 +256,7 @@
SamlPostMessage samlPostMessage = new SamlPostMessage();
samlPostMessage.setRequestOrResponse(samlRequestOrResponse);
samlPostMessage.setSamlMessage(base64EncodedMessage);
+ samlPostMessage.setRelayState(samlDialogue.get().getExternalProviderRelayState());
responseHandler.sendFormToUserAgent(endpoint.getLocation(), samlPostMessage);
}
}
@@ -275,6 +276,7 @@
{
redirectMessage.setRequestOrResponse(samlRequestOrResponse);
redirectMessage.setSamlMessage(base64EncodedSamlMessage);
+ redirectMessage.setRelayState(samlDialogue.get().getExternalProviderRelayState());
samlSignatureUtilForRedirectBinding.sign(redirectMessage, signingKey);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlRedirectMessage.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -36,14 +36,11 @@
// Query string parameters used by the HTTP_Redirect binding
public static final String QSP_SIGNATURE = "Signature";
public static final String QSP_SIG_ALG = "SigAlg";
- public static final String QSP_RELAY_STATE = "RelayState";
private String signature;
private String signatureAlgorithm;
- private String relayState;
-
// If this is true, the samlMessage, signature, signatureAlgorithm and
// relayState values are in url encoded form
private boolean urlEncoded;
@@ -84,7 +81,7 @@
{
addParamToQueryString(queryString, SamlRedirectMessage.QSP_SAML_RESPONSE, samlMessage);
}
- addParamToQueryString(queryString, SamlRedirectMessage.QSP_RELAY_STATE, relayState);
+ addParamToQueryString(queryString, SamlMessage.QSP_RELAY_STATE, relayState);
addParamToQueryString(queryString, SamlRedirectMessage.QSP_SIG_ALG, signatureAlgorithm);
addParamToQueryString(queryString, SamlRedirectMessage.QSP_SIGNATURE, signature);
@@ -125,16 +122,6 @@
this.signatureAlgorithm = signatureAlgorithm;
}
- public String getRelayState()
- {
- return relayState;
- }
-
- public void setRelayState(String relayState)
- {
- this.relayState = relayState;
- }
-
public boolean isUrlEncoded()
{
return urlEncoded;
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java (from rev 13665, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,117 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml;
+
+import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.slf4j.Logger;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlServlet extends HttpServlet
+{
+ private static final long serialVersionUID = -6125510783395424719L;
+
+ @Inject
+ private Logger log;
+
+ @Inject
+ private ResponseHolder responseHolder;
+
+ @Inject
+ private SamlMessageReceiver samlMessageReceiver;
+
+ @Inject
+ private ResponseHandler responseHandler;
+
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ doGetOrPost(request, response);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ doGetOrPost(request, response);
+ }
+
+ private void doGetOrPost(HttpServletRequest request, HttpServletResponse response) throws IOException
+ {
+ try
+ {
+ responseHolder.setResponse(response);
+ handleMessage(request);
+ }
+ catch (InvalidRequestException e)
+ {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getDescription());
+ if (log.isInfoEnabled())
+ {
+ log.info("Bad request received from {}: {}", request.getRemoteHost(), e.getDescription());
+ }
+ }
+ }
+
+ private void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ {
+ Matcher matcher = Pattern.compile("/(IDP|SP)/(.*?)$").matcher(httpRequest.getRequestURI());
+ boolean found = matcher.find();
+ if (!found)
+ {
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ }
+ SamlIdpOrSp idpOrSp = SamlIdpOrSp.valueOf(matcher.group(1));
+ SamlServiceType service = SamlServiceType.getByName(matcher.group(2));
+
+ switch (service)
+ {
+ case SAML_SINGLE_LOGOUT_SERVICE:
+ case SAML_SINGLE_SIGN_ON_SERVICE:
+ case SAML_ASSERTION_CONSUMER_SERVICE:
+ samlMessageReceiver.handleIncomingSamlMessage(service, httpRequest, idpOrSp);
+ break;
+ case SAML_META_DATA_SERVICE:
+ samlEntityBean.get().writeMetaData(responseHandler.getWriter("application/xml"));
+ break;
+ default:
+ throw new RuntimeException("Unsupported service " + service);
+ }
+ }
+}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServletFilter.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,115 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.saml;
-
-import java.io.IOException;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.external.InvalidRequestException;
-import org.jboss.seam.security.external.ResponseHandler;
-import org.jboss.seam.security.external.api.ResponseHolder;
-import org.slf4j.Logger;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class SamlServletFilter implements Filter
-{
- @Inject
- private Logger log;
-
- @Inject
- private ResponseHolder responseHolder;
-
- @Inject
- private SamlMessageReceiver samlMessageReceiver;
-
- @Inject
- private ResponseHandler responseHandler;
-
- @Inject
- private Instance<SamlEntityBean> samlEntityBean;
-
- public void init(FilterConfig filterConfig) throws ServletException
- {
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
- {
- try
- {
- responseHolder.setResponse((HttpServletResponse) response);
- handleMessage((HttpServletRequest) request);
- }
- catch (InvalidRequestException e)
- {
- ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, e.getDescription());
- if (log.isInfoEnabled())
- {
- log.info("Bad request received from {}: {}", request.getRemoteHost(), e.getDescription());
- }
- }
- }
-
- private void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
- {
- Matcher matcher = Pattern.compile("/(IDP|SP)/(.*?)$").matcher(httpRequest.getRequestURI());
- boolean found = matcher.find();
- if (!found)
- {
- responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
- }
- SamlIdpOrSp idpOrSp = SamlIdpOrSp.valueOf(matcher.group(1));
- SamlServiceType service = SamlServiceType.getByName(matcher.group(2));
-
- switch (service)
- {
- case SAML_SINGLE_LOGOUT_SERVICE:
- case SAML_SINGLE_SIGN_ON_SERVICE:
- case SAML_ASSERTION_CONSUMER_SERVICE:
- samlMessageReceiver.handleIncomingSamlMessage(service, httpRequest, idpOrSp);
- break;
- case SAML_META_DATA_SERVICE:
- samlEntityBean.get().writeMetaData(responseHandler.getWriter("application/xml"));
- break;
- default:
- throw new RuntimeException("Unsupported service " + service);
- }
- }
-
- public void destroy()
- {
- }
-}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -33,7 +33,8 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
-import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlIdentityProviderConfigurationApi;
+import org.jboss.seam.security.external.api.SamlMultiUserIdentityProviderApi;
import org.jboss.seam.security.external.api.SamlNameId;
import org.jboss.seam.security.external.api.SamlPrincipal;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
@@ -50,12 +51,14 @@
import org.jboss.seam.security.external.saml.SamlIdpOrSp;
import org.jboss.seam.security.external.saml.SamlServiceType;
+import com.google.common.collect.Lists;
+
/**
* @author Marcel Kolsteren
*
*/
@Typed(SamlIdpBean.class)
-public class SamlIdpBean extends SamlEntityBean implements SamlIdentityProviderApi
+public class SamlIdpBean extends SamlEntityBean implements SamlMultiUserIdentityProviderApi, SamlIdentityProviderConfigurationApi
{
@Inject
private SamlIdpSingleSignOnService samlIdpSingleSignOnService;
@@ -173,8 +176,30 @@
}
@Dialogued(join = true)
- public void authenticationSucceeded(SamlNameId nameId, List<AttributeType> attributes)
+ public void authenticationSucceeded(SamlIdpSession session)
{
+ session.getServiceProviders().add((SamlExternalServiceProvider) samlDialogue.get().getExternalProvider());
+ samlIdpSingleSignOnService.handleSucceededAuthentication(session);
+ }
+
+ @Dialogued(join = true)
+ public void authenticationFailed()
+ {
+ samlIdpSingleSignOnService.handleFailedAuthentication();
+ }
+
+ public Set<SamlIdpSession> getSessions()
+ {
+ return samlIdpSessions.getSessions();
+ }
+
+ public SamlIdpSession localLogin(SamlNameId nameId, List<AttributeType> attributes)
+ {
+ return createSession(nameId, attributes);
+ }
+
+ private SamlIdpSession createSession(SamlNameId nameId, List<AttributeType> attributes)
+ {
SamlPrincipal samlPrincipal = new SamlPrincipal();
samlPrincipal.setNameId(nameId);
if (attributes != null)
@@ -185,33 +210,33 @@
{
samlPrincipal.setAttributes(new LinkedList<AttributeType>());
}
- SamlIdpSession session = samlIdpSessions.addSession(samlPrincipal, (SamlExternalServiceProvider) samlDialogue.get().getExternalProvider());
-
- samlIdpSingleSignOnService.handleSucceededAuthentication(session);
+ return samlIdpSessions.addSession(samlPrincipal);
}
- public void authenticationSucceeded(SamlIdpSession sessionToJoin)
- {
- sessionToJoin.getServiceProviders().add((SamlExternalServiceProvider) samlDialogue.get().getExternalProvider());
-
- samlIdpSingleSignOnService.handleSucceededAuthentication(sessionToJoin);
- }
-
@Dialogued(join = true)
- public void authenticationFailed()
+ public void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl)
{
- samlIdpSingleSignOnService.handleFailedAuthentication();
+ for (SamlExternalServiceProvider sp : session.getServiceProviders())
+ {
+ if (sp.getEntityId().equals(spEntityId))
+ {
+ throw new RuntimeException("Service provider " + spEntityId + " is already a session participant.");
+ }
+ }
+ session.getServiceProviders().add(getExternalSamlEntityByEntityId(spEntityId));
+ samlIdpSingleSignOnService.remoteLogin(spEntityId, session, remoteUrl);
}
- public Set<SamlIdpSession> getSessions()
+ public void localLogout(SamlIdpSession session)
{
- return samlIdpSessions.getSessions();
+ samlIdpSessions.removeSession(session);
}
@Dialogued(join = true)
- public void logout(SamlPrincipal principal, List<String> indexes)
+ public void globalLogout(SamlIdpSession session)
{
- samlIdpSingleSignLogoutService.handleIDPInitiatedSingleLogout(principal, indexes);
+ SamlPrincipal principal = session.getPrincipal();
+ samlIdpSingleSignLogoutService.handleIDPInitiatedSingleLogout(principal, Lists.newArrayList(session.getSessionIndex()));
}
@Override
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSessions.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -40,7 +40,7 @@
private Set<SamlIdpSession> sessions = new HashSet<SamlIdpSession>();
- public SamlIdpSession addSession(SamlPrincipal principal, SamlExternalServiceProvider serviceProvider)
+ public SamlIdpSession addSession(SamlPrincipal principal)
{
String sessionIndex;
int i = 0;
@@ -52,7 +52,6 @@
SamlIdpSession session = new SamlIdpSession();
session.setPrincipal(principal);
- session.getServiceProviders().add(serviceProvider);
session.setSessionIndex(sessionIndex);
sessions.add(session);
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -128,34 +128,39 @@
if (sessionToRemove != null)
{
- // For the session that is about to be removed, get the first
- // service provider that participates in the session. Remove it from
- // the session.
- SamlExternalServiceProvider sp = sessionToRemove.getServiceProviders().iterator().next();
- sessionToRemove.getServiceProviders().remove(sp);
- if (sessionToRemove.getServiceProviders().size() == 0)
+ if (sessionToRemove.getServiceProviders().size() != 0)
{
+ // For the session that is about to be removed, get the first
+ // service provider that participates in the session. Remove it
+ // from the session.
+ SamlExternalServiceProvider sp = sessionToRemove.getServiceProviders().iterator().next();
+ sessionToRemove.getServiceProviders().remove(sp);
+
+ // If the session participant is not the party that initiated the
+ // single logout, and it has a single logout service, send a
+ // single logout request. Otherwise, move on to the next session
+ // participant (if available) or to the next session.
+ if (sp != null && !sp.equals(samlDialogue.get().getExternalProvider()) && sp.getService(SamlProfile.SINGLE_LOGOUT) != null)
+ {
+ String incomingDialogueId = dialogue.get().getDialogueId();
+ dialogueManager.detachDialogue();
+ dialogueManager.beginDialogue();
+ samlIdpOutgoingLogoutDialogue.get().setIncomingDialogueId(incomingDialogueId);
+
+ sendSingleLogoutRequestToSP(sessionToRemove, sp);
+ readyForNow = true;
+ }
+ }
+ else
+ {
+ // Session has no participating service providers (any more).
+ // Remove the session.
samlIdpSessions.removeSession(sessionToRemove);
if (samlDialogue.get().getExternalProvider() != null)
{
samlIdentityProviderSpi.get().loggedOut(sessionToRemove);
}
}
-
- // If the session participant is not the party that initiated the
- // single logout, and it has a single logout service, send a
- // single logout request. Otherwise, move on to the next session
- // participant (if available) or to the next session.
- if (!sp.equals(samlDialogue.get().getExternalProvider()) && sp.getService(SamlProfile.SINGLE_LOGOUT) != null)
- {
- String incomingDialogueId = dialogue.get().getDialogueId();
- dialogueManager.detachDialogue();
- dialogueManager.beginDialogue();
- samlIdpOutgoingLogoutDialogue.get().setIncomingDialogueId(incomingDialogueId);
-
- sendSingleLogoutRequestToSP(sessionToRemove, sp);
- readyForNow = true;
- }
}
else
{
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -33,6 +33,7 @@
import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
import org.jboss.seam.security.external.saml.SamlConstants;
import org.jboss.seam.security.external.saml.SamlDialogue;
+import org.jboss.seam.security.external.saml.SamlEntityBean;
import org.jboss.seam.security.external.saml.SamlExternalEntity;
import org.jboss.seam.security.external.saml.SamlMessageFactory;
import org.jboss.seam.security.external.saml.SamlMessageSender;
@@ -62,6 +63,9 @@
@Inject
private SamlDialogue samlDialogue;
+ @Inject
+ private Instance<SamlEntityBean> samlEntityBean;
+
public void processSPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
{
if (!(request instanceof AuthnRequestType))
@@ -74,13 +78,11 @@
public void handleSucceededAuthentication(SamlIdpSession session)
{
- sendAuthenticationResponse(session, false);
+ sendAuthenticationResponse(samlDialogue.getExternalProvider(), session, false);
}
- private void sendAuthenticationResponse(SamlIdpSession session, boolean failed)
+ private void sendAuthenticationResponse(SamlExternalEntity serviceProvider, SamlIdpSession session, boolean failed)
{
- SamlExternalEntity samlServiceProvider = samlDialogue.getExternalProvider();
-
StatusResponseType response;
if (failed)
@@ -89,18 +91,18 @@
}
else
{
- SamlService service = samlServiceProvider.getService(SamlProfile.SINGLE_SIGN_ON);
+ SamlService service = serviceProvider.getService(SamlProfile.SINGLE_SIGN_ON);
response = samlMessageFactory.createResponse(session, samlMessageSender.getEndpoint(service));
}
- samlMessageSender.sendResponse(samlServiceProvider, response, SamlProfile.SINGLE_SIGN_ON);
+ samlMessageSender.sendResponse(serviceProvider, response, SamlProfile.SINGLE_SIGN_ON);
dialogue.setFinished(true);
}
public void handleFailedAuthentication()
{
- sendAuthenticationResponse(null, true);
+ sendAuthenticationResponse(samlDialogue.getExternalProvider(), null, true);
}
@Dialogued
@@ -112,4 +114,14 @@
samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest);
}
+
+ public void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl)
+ {
+ SamlExternalEntity serviceProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(spEntityId);
+ samlDialogue.setExternalProvider(serviceProvider);
+ samlDialogue.setExternalProviderRelayState(remoteUrl);
+
+ // Send an unsolicited authentication response to the service provider
+ sendAuthenticationResponse(serviceProvider, session, false);
+ }
}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,95 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.idp;
+
+import java.util.List;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlMultiUserIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlNameId;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+
+public class SamlIdpSingleUser implements SamlIdentityProviderApi
+{
+ @Inject
+ private Instance<SamlMultiUserIdentityProviderApi> multiUserApi;
+
+ public void authenticationSucceeded()
+ {
+ multiUserApi.get().authenticationSucceeded(getSession());
+ }
+
+ public void authenticationFailed()
+ {
+ multiUserApi.get().authenticationFailed();
+ }
+
+ public SamlIdpSession getSession()
+ {
+ if (multiUserApi.get().getSessions().size() == 0)
+ {
+ return null;
+ }
+ else
+ {
+ return multiUserApi.get().getSessions().iterator().next();
+ }
+ }
+
+ public void localLogin(SamlNameId nameId, List<AttributeType> attributes)
+ {
+ multiUserApi.get().localLogin(nameId, attributes);
+ }
+
+ public void remoteLogin(String spEntityId, String remoteUrl)
+ {
+ SamlIdpSession session = getSession();
+ if (session == null)
+ {
+ throw new IllegalStateException("Need to login locally first.");
+ }
+ multiUserApi.get().remoteLogin(spEntityId, session, remoteUrl);
+ }
+
+ public void localLogout()
+ {
+ SamlIdpSession session = getSession();
+ if (session == null)
+ {
+ throw new IllegalStateException("Logout not possible because there is no current session.");
+ }
+ multiUserApi.get().localLogout(session);
+ }
+
+ public void globalLogout()
+ {
+ SamlIdpSession session = getSession();
+ if (session == null)
+ {
+ throw new IllegalStateException("Logout not possible because there is no current session.");
+ }
+ multiUserApi.get().globalLogout(session);
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -32,7 +32,8 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
-import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+import org.jboss.seam.security.external.api.SamlMultiUserServiceProviderApi;
+import org.jboss.seam.security.external.api.SamlServiceProviderConfigurationApi;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
@@ -50,7 +51,7 @@
*
*/
@Typed(SamlSpBean.class)
-public class SamlSpBean extends SamlEntityBean implements SamlServiceProviderApi
+public class SamlSpBean extends SamlEntityBean implements SamlMultiUserServiceProviderApi, SamlServiceProviderConfigurationApi
{
private List<SamlExternalIdentityProvider> identityProviders = new LinkedList<SamlExternalIdentityProvider>();
@@ -179,7 +180,7 @@
}
@Dialogued(join = true)
- public void signOn(String idpEntityId)
+ public void login(String idpEntityId)
{
SamlExternalIdentityProvider idp = getExternalSamlEntityByEntityId(idpEntityId);
if (idp == null)
@@ -191,15 +192,15 @@
}
@Dialogued(join = true)
- public void logout(SamlSpSession session)
+ public void localLogout(SamlSpSession session)
{
samlSpSessions.removeSession(session);
}
@Dialogued(join = true)
- public void singleLogout(SamlSpSession session)
+ public void globalLogout(SamlSpSession session)
{
- logout(session);
+ localLogout(session);
samlSpSingleLogoutService.sendSingleLogoutRequestToIDP(session);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -108,12 +108,12 @@
{
if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
{
- samlServiceProviderSpi.get().singleLogoutSucceeded();
+ samlServiceProviderSpi.get().globalLogoutSucceeded();
}
else
{
String statusCode = response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue();
- samlServiceProviderSpi.get().singleLogoutFailed(statusCode);
+ samlServiceProviderSpi.get().globalLogoutFailed(statusCode);
}
dialogue.setFinished(true);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -52,6 +52,7 @@
import org.jboss.seam.security.external.saml.SamlMessageFactory;
import org.jboss.seam.security.external.saml.SamlMessageSender;
import org.jboss.seam.security.external.saml.SamlProfile;
+import org.jboss.seam.security.external.saml.SamlRedirectMessage;
import org.jboss.seam.security.external.saml.SamlServiceType;
import org.jboss.seam.security.external.saml.SamlUtils;
import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
@@ -100,7 +101,7 @@
String statusValue = status.getStatusCode().getValue();
if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
{
- throw new RuntimeException("IDP returned status " + statusValue);
+ samlServiceProviderSpi.get().loginFailed();
}
if (!(statusResponse instanceof ResponseType))
@@ -119,12 +120,12 @@
SamlSpSession session = createSession(response, idp);
if (session == null)
{
- samlServiceProviderSpi.get().loginFailed();
+ throw new InvalidRequestException("Not possible to login based on the supplied assertions");
}
else
{
session.setIdentityProvider(idp);
- loginUser(httpRequest, session, statusResponse.getInResponseTo() == null);
+ loginUser(httpRequest, session, statusResponse.getInResponseTo() == null, httpRequest.getParameter(SamlRedirectMessage.QSP_RELAY_STATE));
}
dialogue.setFinished(true);
@@ -271,13 +272,13 @@
}
}
- private void loginUser(HttpServletRequest httpRequest, SamlSpSession session, boolean unsolicited)
+ private void loginUser(HttpServletRequest httpRequest, SamlSpSession session, boolean unsolicited, String relayState)
{
samlSpSessions.addSession(session);
if (unsolicited)
{
- samlServiceProviderSpi.get().unsolicitedLogin(session);
+ samlServiceProviderSpi.get().loggedIn(session, relayState);
}
else
{
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.saml.sp;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.external.api.SamlMultiUserServiceProviderApi;
+import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class SamlSpSingleUser implements SamlServiceProviderApi
+{
+ @Inject
+ private Instance<SamlMultiUserServiceProviderApi> multiUserApi;
+
+ public void login(String idpEntityId)
+ {
+ multiUserApi.get().login(idpEntityId);
+ }
+
+ public void localLogout()
+ {
+ SamlSpSession session = getSession();
+ if (session == null)
+ {
+ throw new IllegalStateException("Logout not possible because there is no current session.");
+ }
+ multiUserApi.get().localLogout(session);
+ }
+
+ public void globalLogout()
+ {
+ SamlSpSession session = getSession();
+ if (session == null)
+ {
+ throw new IllegalStateException("Logout not possible because there is no current session.");
+ }
+ multiUserApi.get().globalLogout(session);
+ }
+
+ public SamlSpSession getSession()
+ {
+ if (multiUserApi.get().getSessions().size() == 0)
+ {
+ return null;
+ }
+ else
+ {
+ return multiUserApi.get().getSessions().iterator().next();
+ }
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java (from rev 13662, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,35 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import org.jboss.seam.security.external.api.OpenIdPrincipal;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface OpenIdRelyingPartySpi
+{
+ public void loginSucceeded(OpenIdPrincipal principal);
+
+ public void loginFailed();
+}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdServiceProviderSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,39 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.spi;
-
-import org.jboss.seam.security.external.api.OpenIdPrincipal;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public interface OpenIdServiceProviderSpi
-{
- public void loginSucceeded(OpenIdPrincipal principal);
-
- public void loginFailed();
-
- public void logoutSucceeded(OpenIdPrincipal principal);
-
- public void logoutFailed(OpenIdPrincipal principal, String statusCode);
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/ResponseSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,39 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.spi;
-
-import java.io.PrintWriter;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public interface ResponseSpi
-{
- void setContentType(String type);
-
- PrintWriter getWriter();
-
- void sendRedirect(String url);
-
- void sendError(int statusCode, String message);
-}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,39 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.spi;
-
-import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public interface SamlIdentityProviderSpi
-{
- public void authenticate();
-
- public void loggedOut(SamlIdpSession session);
-
- public void singleLogoutSucceeded();
-
- public void singleLogoutFailed();
-}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlIdentityProviderSpi
+{
+ public void authenticate();
+
+ public void loggedOut(SamlIdpSession session);
+
+ public void singleLogoutSucceeded();
+
+ public void singleLogoutFailed();
+}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,43 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.spi;
-
-import org.jboss.seam.security.external.saml.sp.SamlSpSession;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public interface SamlServiceProviderSpi
-{
- void loginSucceeded(SamlSpSession session);
-
- void loginFailed();
-
- void unsolicitedLogin(SamlSpSession session);
-
- void singleLogoutSucceeded();
-
- void singleLogoutFailed(String statusCode);
-
- void loggedOut(SamlSpSession session);
-}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.saml.sp.SamlSpSession;
+
+/**
+ * Interface that needs to be implemented by applications that want to act as a
+ * SAML service provider. It is the counterpart of the
+ * {@link SamlSingleUserServiceProviderApi}.
+ *
+ * All methods in this interface are called within an active request scope,
+ * which contains a {@link ResponseHolder} bean that contains the HTTP response.
+ * The implementations of the methods are responsible to fill this response.
+ * Typically, this will entail a redirect to an application page. There is one
+ * exception: the implementation of the loggedOut method must not write to the
+ * HTTP response.
+ *
+ * @author Marcel Kolsteren
+ *
+ */
+public interface SamlServiceProviderSpi
+{
+ /**
+ * This method is called after succesfull external authentication of the
+ * user. The session contains the details about the user. The call takes
+ * place in the same dialogue context as the corresponding API call:
+ * {@link SamlSingleUserServiceProviderApi#signOn(String)}. The dialogue can
+ * be used, for example, to store the page that the user requested, so that
+ * the user can be redirected to this page after login took place.
+ *
+ * @param session session
+ */
+ void loginSucceeded(SamlSpSession session);
+
+ /**
+ * This method is called after failed external authentication of the user.
+ * The call takes place in the same dialogue context as the corresponding API
+ * call.
+ */
+ void loginFailed();
+
+ /**
+ * When the service provider receives an unsolicited login from an identity
+ * provider, this method is called.
+ *
+ * @param session that has been created for this login
+ * @param url URL where the user needs to be redirected to; this URL is
+ * supplied by the identity provider and can be null
+ */
+ void loggedIn(SamlSpSession session, String url);
+
+ /**
+ * This method is the asynchronous callbacks related to
+ * {@link SamlSingleUserServiceProviderApi#singleLogout()}. It is called when
+ * the single logout was successful. Before this callback is called, the
+ * dialogue that was active at the time of the API call is restored. An
+ * implementation of this method will typically redirect the user to a page
+ * where a message is shown that the user has been logged out.
+ */
+ void globalLogoutSucceeded();
+
+ /**
+ * <p>
+ * This method is one of the asynchronous callbacks related to
+ * {@link SamlSingleUserServiceProviderApi#singleLogout()}. It is called when
+ * the single logout was successful. Before this callback is called, the
+ * dialogue that was active at the time of the API call is restored. An
+ * implementation of this method will typically redirect the user to a page
+ * where a message is shown that the user could not be logged out.
+ * </p>
+ *
+ * <p>
+ * The fact that the single logout failed doesn't mean that all parts of the
+ * single logout failed. Possibly only one of the session participants
+ * couldn't perform a successful logout, while the others could.
+ * </p>
+ */
+ void globalLogoutFailed(String statusCode);
+
+ /**
+ * When the service provider receives a logout request from an identity
+ * provider, this method is called. The implementation of this method must
+ * take for granted that the user has been logged off. The HTTP response must
+ * not be written during this call, because the service provider will use the
+ * HTTP response to send a response to the identity provider.
+ *
+ * @param session that has been removed
+ */
+ void loggedOut(SamlSpSession session);
+}
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlSingleUserServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlSingleUserServiceProviderSpi.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlSingleUserServiceProviderSpi.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,27 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.spi;
+
+public class SamlSingleUserServiceProviderSpi
+{
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlSingleUserServiceProviderSpi.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Copied: modules/security/trunk/external/src/main/resources/META-INF/services (from rev 13645, modules/security/trunk/external/src/main/resources/services)
Added: modules/security/trunk/external/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension
===================================================================
--- modules/security/trunk/external/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension (rev 0)
+++ modules/security/trunk/external/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,2 @@
+org.jboss.seam.security.external.virtualapplications.VirtualApplicationContextExtension
+org.jboss.seam.security.external.dialogues.DialogueContextExtension
\ No newline at end of file
Added: modules/security/trunk/external/src/main/resources/META-INF/web-fragment.xml
===================================================================
--- modules/security/trunk/external/src/main/resources/META-INF/web-fragment.xml (rev 0)
+++ modules/security/trunk/external/src/main/resources/META-INF/web-fragment.xml 2010-09-01 13:39:00 UTC (rev 13692)
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-fragment version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd">
+
+ <servlet>
+ <servlet-name>SamlServlet</servlet-name>
+ <servlet-class>org.jboss.seam.security.external.saml.SamlServlet</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>OpenIdServlet</servlet-name>
+ <servlet-class>org.jboss.seam.security.external.openid.OpenIdServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>SamlServlet</servlet-name>
+ <url-pattern>/saml/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>OpenIdServlet</servlet-name>
+ <url-pattern>/openid/*</url-pattern>
+ </servlet-mapping>
+
+</web-fragment>
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/MetaDataLoader.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -31,13 +31,13 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
-import org.jboss.seam.security.external.api.SamlEntityApi;
+import org.jboss.seam.security.external.api.SamlEntityConfigurationApi;
@ApplicationScoped
public class MetaDataLoader
{
@Inject
- private Instance<SamlEntityApi> samlEntityBean;
+ private Instance<SamlEntityConfigurationApi> samlEntityBean;
public void loadMetaDataOfOtherSamlEntity(String hostName, String idpOrSp)
{
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/OpenIdSpiMock.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -22,9 +22,9 @@
package org.jboss.seam.security.externaltest.integration;
import org.jboss.seam.security.external.api.OpenIdPrincipal;
-import org.jboss.seam.security.external.spi.OpenIdServiceProviderSpi;
+import org.jboss.seam.security.external.spi.OpenIdRelyingPartySpi;
-public class OpenIdSpiMock implements OpenIdServiceProviderSpi
+public class OpenIdSpiMock implements OpenIdRelyingPartySpi
{
public void loginFailed()
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/ArchiveBuilder.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -99,6 +99,7 @@
jar.addPackages(true, ResponseHandler.class.getPackage());
jar.addResource("META-INF/beans.xml", "META-INF/beans.xml");
+ jar.addResource("META-INF/web-fragment.xml", "META-INF/web-fragment.xml");
jar.addServiceProvider(Extension.class, VirtualApplicationContextExtension.class, DialogueContextExtension.class);
return jar;
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -122,10 +122,9 @@
checkNrOfSessions("www.sp1.com", "sp", 1);
checkNrOfSessions("www.sp2.com", "sp", 1);
- // So an IDP-initiated single logout of the user at SP1.
+ // Do an IDP-initiated single logout of the user at SP1.
params.clear();
params.put("command", "singleLogout");
- params.put("userName", "John Doe");
sendMessageToApplication("www.idp.com", "idp", params);
checkApplicationMessage("Single logout succeeded");
@@ -134,10 +133,9 @@
checkNrOfSessions("www.sp1.com", "sp", 0);
checkNrOfSessions("www.sp2.com", "sp", 1);
- // So an SP-initiated single logout of the user at SP2.
+ // Do an SP-initiated single logout of the user at SP2.
params.clear();
params.put("command", "singleLogout");
- params.put("userName", "Jane Doe");
sendMessageToApplication("www.sp2.com", "sp", params);
checkApplicationMessage("Single logout succeeded");
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpCustomizer.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -24,18 +24,18 @@
import javax.enterprise.event.Observes;
import javax.servlet.ServletContextEvent;
-import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlIdentityProviderConfigurationApi;
import org.jboss.seam.servlet.event.qualifier.Initialized;
public class IdpCustomizer
{
- public void servletInitialized(@Observes @Initialized final ServletContextEvent e, SamlIdentityProviderApi idp)
+ public void servletInitialized(@Observes @Initialized final ServletContextEvent e, SamlIdentityProviderConfigurationApi idp)
{
idp.setEntityId("https://www.idp.com");
idp.setHostName("www.idp.com");
idp.setProtocol("http");
idp.setPort(8080);
idp.setSigningKey("classpath:/test_keystore.jks", "store456", "servercert", "pass456");
- idp.setSingleLogoutMessagesSigned(true);
+ idp.setWantSingleLogoutMessagesSigned(false);
}
}
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/IdpTestServlet.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -27,6 +27,7 @@
@Inject
private MetaDataLoader metaDataLoader;
+ @Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
responseHolder.setResponse(response);
@@ -37,7 +38,7 @@
}
else if (command.equals("singleLogout"))
{
- samlIdpApplicationMock.handleSingleLogout(request.getParameter("userName"));
+ samlIdpApplicationMock.handleSingleLogout();
}
else if (command.equals("getNrOfSessions"))
{
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/idp/SamlIdpApplicationMock.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -28,9 +28,8 @@
import javax.inject.Inject;
import org.jboss.seam.security.external.api.ResponseHolder;
-import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
+import org.jboss.seam.security.external.api.SamlMultiUserIdentityProviderApi;
import org.jboss.seam.security.external.api.SamlNameId;
-import org.jboss.seam.security.external.api.SamlPrincipal;
import org.jboss.seam.security.external.dialogues.DialogueManager;
import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
@@ -51,7 +50,7 @@
private Dialogue dialogue;
@Inject
- private Instance<SamlIdentityProviderApi> idpApi;
+ private Instance<SamlMultiUserIdentityProviderApi> idpApi;
private String dialogueId;
@@ -73,8 +72,9 @@
public void handleLogin(String userName)
{
+ SamlIdpSession session = idpApi.get().localLogin(new SamlNameId(userName, null, null), null);
dialogueManager.attachDialogue(dialogueId);
- idpApi.get().authenticationSucceeded(new SamlNameId(userName, null, null), null);
+ idpApi.get().authenticationSucceeded(session);
dialogueManager.detachDialogue();
}
@@ -108,15 +108,13 @@
}
@Dialogued
- public void handleSingleLogout(String nameId)
+ public void handleSingleLogout()
{
- SamlPrincipal principal = new SamlPrincipal();
- principal.setNameId(new SamlNameId(nameId, null, null));
- idpApi.get().logout(principal, null);
+ idpApi.get().globalLogout(idpApi.get().getSessions().iterator().next());
}
public void loggedOut(SamlIdpSession session)
{
- log.info("User " + session.getPrincipal().getNameId() + " has been logged out.");
+ log.info("User " + session.getPrincipal().getNameId().getValue() + " has been logged out.");
}
}
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SamlSpApplicationMock.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -27,7 +27,7 @@
import javax.inject.Inject;
import org.jboss.seam.security.external.api.ResponseHolder;
-import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+import org.jboss.seam.security.external.api.SamlMultiUserServiceProviderApi;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
import org.jboss.seam.security.external.saml.sp.SamlSpSession;
import org.jboss.seam.security.external.spi.SamlServiceProviderSpi;
@@ -38,7 +38,7 @@
public class SamlSpApplicationMock implements SamlServiceProviderSpi
{
@Inject
- private Instance<SamlServiceProviderApi> samlServiceProviderApi;
+ private Instance<SamlMultiUserServiceProviderApi> spApi;
@Inject
private ResponseHolder responseHolder;
@@ -49,7 +49,7 @@
@Dialogued
public void login(String idpEntityId)
{
- samlServiceProviderApi.get().signOn(idpEntityId);
+ spApi.get().login(idpEntityId);
}
public void loginFailed()
@@ -62,17 +62,17 @@
writeMessageToResponse("Login succeeded (" + session.getPrincipal().getNameId().getValue() + ")");
}
- public void singleLogoutFailed(String statusCode)
+ public void globalLogoutFailed(String statusCode)
{
writeMessageToResponse("Single logout failed");
}
- public void singleLogoutSucceeded()
+ public void globalLogoutSucceeded()
{
writeMessageToResponse("Single logout succeeded");
}
- public void unsolicitedLogin(SamlSpSession session)
+ public void loggedIn(SamlSpSession session, String url)
{
writeMessageToResponse("Logged in unsolicited");
}
@@ -91,28 +91,14 @@
public int getNumberOfSessions()
{
- return samlServiceProviderApi.get().getSessions().size();
+ return spApi.get().getSessions().size();
}
@Dialogued
- public void handleSingleLogout(String userName)
+ public void handleGlobalLogout()
{
- SamlSpSession session = null;
- for (SamlSpSession s : samlServiceProviderApi.get().getSessions())
- {
- if (s.getPrincipal().getNameId().getValue().equals(userName))
- {
- session = s;
- }
- }
- if (session != null)
- {
- samlServiceProviderApi.get().singleLogout(session);
- }
- else
- {
- throw new RuntimeException("No session found for user " + userName);
- }
+ SamlSpSession session = spApi.get().getSessions().iterator().next();
+ spApi.get().globalLogout(session);
}
public void loggedOut(SamlSpSession session)
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpCustomizer.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -24,19 +24,19 @@
import javax.enterprise.event.Observes;
import org.jboss.seam.security.external.api.SamlBinding;
-import org.jboss.seam.security.external.api.SamlServiceProviderApi;
+import org.jboss.seam.security.external.api.SamlServiceProviderConfigurationApi;
import org.jboss.seam.security.external.virtualapplications.api.AfterVirtualApplicationCreation;
import org.jboss.seam.security.external.virtualapplications.api.VirtualApplication;
public class SpCustomizer
{
- public void customize(@Observes AfterVirtualApplicationCreation event, SamlServiceProviderApi sp, VirtualApplication virtualApplication)
+ public void customize(@Observes AfterVirtualApplicationCreation event, SamlServiceProviderConfigurationApi sp, VirtualApplication virtualApplication)
{
if (virtualApplication.equals("www.sp2.com"))
{
sp.setPreferredBinding(SamlBinding.HTTP_Redirect);
}
- sp.setWantSingleLogoutMessagesSigned(true);
+ sp.setSingleLogoutMessagesSigned(false);
sp.setProtocol("http");
sp.setPort(8080);
}
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/sp/SpTestServlet.java 2010-09-01 13:39:00 UTC (rev 13692)
@@ -27,6 +27,7 @@
@Inject
private ResponseHolder responseHolder;
+ @Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
responseHolder.setResponse(response);
@@ -38,8 +39,7 @@
}
else if (command.equals("singleLogout"))
{
- String userName = request.getParameter("userName");
- samlSpApplicationMock.handleSingleLogout(userName);
+ samlSpApplicationMock.handleGlobalLogout();
}
else if (command.equals("getNrOfSessions"))
{
Modified: modules/security/trunk/external/src/test/resources/jndi.properties
===================================================================
--- modules/security/trunk/external/src/test/resources/jndi.properties 2010-09-01 12:34:21 UTC (rev 13691)
+++ modules/security/trunk/external/src/test/resources/jndi.properties 2010-09-01 13:39:00 UTC (rev 13692)
@@ -1,3 +1,3 @@
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
-java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
+java.naming.factory.url.pkgs=org.jboss.naming\:org.jnp.interfaces
java.naming.provider.url=jnp://localhost:1099
More information about the seam-commits
mailing list