Author: mposolda
Date: 2012-01-13 08:00:01 -0500 (Fri, 13 Jan 2012)
New Revision: 8297
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SAML2IntegrationLoginModule.java
components/sso/trunk/saml/
components/sso/trunk/saml/gatein-saml-plugin/
components/sso/trunk/saml/gatein-saml-plugin/pom.xml
components/sso/trunk/saml/gatein-saml-plugin/src/
components/sso/trunk/saml/gatein-saml-plugin/src/main/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SAML2IdpLoginModule.java
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimpleGroup.java
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimplePrincipal.java
components/sso/trunk/saml/gatein-saml-portal/
components/sso/trunk/saml/gatein-saml-portal/pom.xml
components/sso/trunk/saml/gatein-saml-portal/src/
components/sso/trunk/saml/gatein-saml-portal/src/main/
components/sso/trunk/saml/pom.xml
Modified:
components/sso/trunk/
components/sso/trunk/agent/pom.xml
components/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java
components/sso/trunk/pom.xml
Log:
GTNSSO-4 SAML support - initial version
Property changes on: components/sso/trunk
___________________________________________________________________
Added: svn:ignore
+ *.iml
Modified: components/sso/trunk/agent/pom.xml
===================================================================
--- components/sso/trunk/agent/pom.xml 2012-01-12 17:33:27 UTC (rev 8296)
+++ components/sso/trunk/agent/pom.xml 2012-01-13 13:00:01 UTC (rev 8297)
@@ -70,6 +70,11 @@
<artifactId>jacc</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-bindings-jboss</artifactId>
+ </dependency>
+
</dependencies>
<build>
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SAML2IntegrationLoginModule.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SAML2IntegrationLoginModule.java
(rev 0)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SAML2IntegrationLoginModule.java 2012-01-13
13:00:01 UTC (rev 8297)
@@ -0,0 +1,157 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.gatein.sso.agent.login;
+
+import org.exoplatform.container.ExoContainer;
+import org.exoplatform.container.ExoContainerContext;
+import org.exoplatform.container.PortalContainer;
+import org.exoplatform.container.RootContainer;
+import org.exoplatform.services.security.Authenticator;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.UsernameCredential;
+import org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import java.security.acl.Group;
+import java.util.Map;
+
+/**
+ * Login module for integration with GateIn. It's running on GateIn (SAML SP) side.
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class SAML2IntegrationLoginModule extends SAML2LoginModule
+{
+
+ // Name of portalContainer
+ private static final String OPTION_PORTAL_CONTAINER_NAME =
"portalContainerName";
+
+ // If this boolean property is true, then final principal will use roles from SAML.
+ // If false, then we don't use roles from SAML, but we will delegate filling of
"Roles" principal to next login module in stack
+ // (actually it is JbossLoginModule, which uses JAAS roles from GateIn database)
+ // Default value is false, so we are preferring delegation to JbossLoginModule and
using roles from portal DB.
+ private static final String OPTION_USE_SAML_ROLES = "useSAMLRoles";
+
+ private String portalContainerName;
+ private boolean useSAMLRoles;
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState,
+ Map<String, ?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+
+ // GateIn integration
+ this.portalContainerName = getPortalContainerName(options);
+
+ String useSAMLRoles = (String)options.get(OPTION_USE_SAML_ROLES);
+ this.useSAMLRoles = useSAMLRoles != null &&
"true".equals(useSAMLRoles);
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("Using options: "
+ + OPTION_PORTAL_CONTAINER_NAME + "=" + this.portalContainerName
+ + ", " + OPTION_USE_SAML_ROLES + "=" +
this.useSAMLRoles);
+ }
+ }
+
+ @Override
+ public boolean login() throws javax.security.auth.login.LoginException
+ {
+ if (super.login())
+ {
+ // Username is already in sharedState thanks to superclass
+ String username =
(String)sharedState.get("javax.security.auth.login.name");
+ if (log.isTraceEnabled())
+ {
+ log.trace("Found user " + username + " in shared
state.");
+ }
+
+ try
+ {
+ //Perform authentication by setting up the proper Application State
+ Authenticator authenticator = (Authenticator)
getContainer().getComponentInstanceOfType(Authenticator.class);
+
+ Identity identity = authenticator.createIdentity(username);
+ sharedState.put("exo.security.identity", identity);
+ subject.getPublicCredentials().add(new UsernameCredential(username));
+
+ return true;
+ }
+ catch (Exception e)
+ {
+ log.debug("Exception during login process: " + e.getMessage(), e);
+ throw new LoginException(e.getMessage());
+ }
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ @Override
+ protected Group[] getRoleSets() throws LoginException
+ {
+ if (useSAMLRoles)
+ {
+ return super.getRoleSets();
+ }
+ else
+ {
+ // Delegate creation of Group principal to next login module
+ return new Group[] {};
+ }
+ }
+
+
+
+ // *********************** Helper private methods for GateIn integration
*****************************
+
+ private String getPortalContainerName(Map options)
+ {
+ if (options != null)
+ {
+ String optionValue = (String) options.get(OPTION_PORTAL_CONTAINER_NAME);
+ if (optionValue != null && optionValue.length() > 0)
+ {
+ return optionValue;
+ }
+ }
+ return PortalContainer.DEFAULT_PORTAL_CONTAINER_NAME;
+ }
+
+ private ExoContainer getContainer() throws Exception
+ {
+ ExoContainer container = ExoContainerContext.getCurrentContainer();
+ if (container instanceof RootContainer)
+ {
+ container =
RootContainer.getInstance().getPortalContainer(portalContainerName);
+ }
+ return container;
+ }
+
+}
Modified:
components/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java
===================================================================
---
components/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java 2012-01-12
17:33:27 UTC (rev 8296)
+++
components/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java 2012-01-13
13:00:01 UTC (rev 8297)
@@ -37,11 +37,14 @@
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.Credential;
+import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.PasswordCredential;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.rest.resource.ResourceContainer;
+import java.util.Collection;
+
/**
* This is a RESTful component that is invoked by central SSO servers like CAS server,
JOSSO server etc, to invoke
* Gatein authentication related queries during their own "Authentication
process"
@@ -64,9 +67,8 @@
{
log.debug("---------------------------------------");
log.debug("Username: "+username);
- log.debug("Password: "+password);
-
- ExoContainer container = this.getContainer();
+ log.debug("Password: XXXXXXXXXXXXXXXX");
+
Authenticator authenticator = (Authenticator)
getContainer().getComponentInstanceOfType(Authenticator.class);
Credential[] credentials = new Credential[] { new UsernameCredential(username),
@@ -88,6 +90,57 @@
throw new RuntimeException(e);
}
}
+
+ /**
+ * Obtain list of JAAS roles for some user. For example, for user root it can return
String like: "users,administrators,organization"
+ * It's usually not needed because SSO authorization is done on portal side, but
may be useful for some SSO implementations to use
+ * this callback and ask portal for roles.
+ *
+ * @param username
+ * @return {@link String} with roles in format like:
"users,administrators,organization"
+ */
+ @GET
+ @Path("/roles/{1}")
+ @Produces({MediaType.TEXT_PLAIN})
+ public String getJAASRoles(@PathParam("1") String username)
+ {
+ try
+ {
+ log.debug("---------------------------------------");
+ log.debug("Going to obtain roles for user: " + username);
+
+ Authenticator authenticator = (Authenticator)
getContainer().getComponentInstanceOfType(Authenticator.class);
+ Identity identity = authenticator.createIdentity(username);
+ Collection<String> roles = identity.getRoles();
+
+ StringBuilder result = null;
+ for (String role : roles)
+ {
+ if (result == null)
+ {
+ result = new StringBuilder(role);
+ }
+ else
+ {
+ result.append(",").append(role);
+ }
+ }
+
+ if (result != null)
+ {
+ return result.toString();
+ }
+ else
+ {
+ return "";
+ }
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ }
private ExoContainer getContainer() throws Exception
{
Modified: components/sso/trunk/pom.xml
===================================================================
--- components/sso/trunk/pom.xml 2012-01-12 17:33:27 UTC (rev 8296)
+++ components/sso/trunk/pom.xml 2012-01-13 13:00:01 UTC (rev 8297)
@@ -41,8 +41,9 @@
-->
<module>opensso</module>
<module>spnego</module>
+ <module>saml</module>
<module>packaging</module>
- </modules>
+ </modules>
<properties>
<version.junit>3.8.2</version.junit>
@@ -88,6 +89,10 @@
<!-- SPNEGO support using JBoss Negotiation -->
<version.jboss.negotiation>2.0.4.GA</version.jboss.negotiation>
+
+ <!-- Picketlink federation (SAML integration) -->
+ <version.picketlink.fed>2.0.1.final</version.picketlink.fed>
+
</properties>
<dependencyManagement>
@@ -308,6 +313,14 @@
<artifactId>jacc</artifactId>
<version>1.0</version>
</dependency>
+
+ <!-- Picketlink federation (SAML) -->
+ <dependency>
+ <groupId>org.picketlink</groupId>
+ <artifactId>picketlink-bindings-jboss</artifactId>
+ <version>2.0.1.final</version>
+ </dependency>
+
</dependencies>
</dependencyManagement>
Added: components/sso/trunk/saml/gatein-saml-plugin/pom.xml
===================================================================
--- components/sso/trunk/saml/gatein-saml-plugin/pom.xml (rev 0)
+++ components/sso/trunk/saml/gatein-saml-plugin/pom.xml 2012-01-13 13:00:01 UTC (rev
8297)
@@ -0,0 +1,28 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>sso-saml-parent</artifactId>
+ <groupId>org.gatein.sso</groupId>
+ <version>1.1.1-CR01-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.gatein.sso</groupId>
+ <artifactId>sso-saml-plugin</artifactId>
+ <packaging>jar</packaging>
+
+ <name>GateIn SSO - SAML Identity provider plugin</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
+ </dependencies>
+
+</project>
Added:
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SAML2IdpLoginModule.java
===================================================================
---
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SAML2IdpLoginModule.java
(rev 0)
+++
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SAML2IdpLoginModule.java 2012-01-13
13:00:01 UTC (rev 8297)
@@ -0,0 +1,310 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.gatein.sso.saml.plugin;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.log4j.Logger;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Login module, which can be executed on SAML Identity provider side. It executes REST
requests to GateIn to verify authentication of single user
+ * against GateIn or obtain list of roles from GateIn.
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class SAML2IdpLoginModule implements LoginModule
+{
+ // This option can have two values: "STATIC" or "PORTAL_CALLBACK"
+ // "STATIC" means that roles of authenticated user will be statically
obtained from "staticRolesList", which means that all users will have same list
of roles.
+ // "PORTAL_CALLBACK" means that roles will be obtained from GateIn via
callback request to GateIn REST service
+ private static final String OPTION_ROLES_PROCESSING = "rolesProcessing";
+
+ // This option is valid only if rolesProcessing is STATIC. It contains list of static
roles, which will be assigned to each authenticated user.
+ private static final String OPTION_STATIC_ROLES_LIST = "staticRolesList";
+
+ // gateIn URL related properties, which will be used to send REST callback requests
+ private static final String OPTION_GATEIN_HOST = "gateInHost";
+ private static final String OPTION_GATEIN_PORT = "gateInPort";
+ private static final String OPTION_GATEIN_CONTEXT = "gateInContext";
+
+ private static Logger log = Logger.getLogger(SAML2IdpLoginModule.class);
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+
+ @SuppressWarnings("unchecked")
+ private Map sharedState;
+
+ @SuppressWarnings("unchecked")
+ private Map options;
+
+ private String gateInHost;
+ private String gateInPort;
+ private String gateInContext;
+
+ private ROLES_PROCESSING_TYPE rolesProcessingType;
+ private List<String> staticRolesList;
+
+
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options)
+ {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.sharedState = sharedState;
+ this.options = options;
+
+ // Read options for this login module
+ String rolesProcessingType = readOption(OPTION_ROLES_PROCESSING,
"STATIC");
+ if ("STATIC".equals(rolesProcessingType) ||
"PORTAL_CALLBACK".equals(rolesProcessingType))
+ {
+ this.rolesProcessingType = ROLES_PROCESSING_TYPE.valueOf(rolesProcessingType);
+ }
+ else
+ {
+ this.rolesProcessingType = ROLES_PROCESSING_TYPE.STATIC;
+ }
+
+ String staticRoles = readOption(OPTION_STATIC_ROLES_LIST, "users");
+ this.staticRolesList = Arrays.asList(staticRoles.split(","));
+
+ this.gateInHost = readOption(OPTION_GATEIN_HOST, "localhost");
+ this.gateInPort = readOption(OPTION_GATEIN_PORT, "8080");
+ this.gateInContext = readOption(OPTION_GATEIN_CONTEXT, "portal");
+ }
+
+ public boolean login() throws LoginException
+ {
+ try
+ {
+ Callback[] callbacks = new Callback[2];
+ callbacks[0] = new NameCallback("Username");
+ callbacks[1] = new PasswordCallback("Password", false);
+
+ callbackHandler.handle(callbacks);
+ String username = ((NameCallback)callbacks[0]).getName();
+ String password = new String(((PasswordCallback)callbacks[1]).getPassword());
+ ((PasswordCallback)callbacks[1]).clearPassword();
+ if (username == null || password == null)
+ {
+ return false;
+ }
+
+ boolean authenticationSuccess = validateUser(username, password);
+
+ if (authenticationSuccess)
+ {
+ log.debug("Successful REST login request for authentication of user
" + username);
+ sharedState.put("javax.security.auth.login.name", username);
+ return true;
+ }
+ else
+ {
+ String message = "Remote login via REST failed for username " +
username;
+ log.warn(message);
+ throw new LoginException(message);
+ }
+ }
+ catch (LoginException le)
+ {
+ throw le;
+ }
+ catch (Exception e)
+ {
+ log.warn("Exception during login: " + e.getMessage(), e);
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ public boolean commit() throws LoginException
+ {
+ String username =
(String)sharedState.get("javax.security.auth.login.name");
+
+ Set<Principal> principals = subject.getPrincipals();
+
+ Group roleGroup = new SimpleGroup("Roles");
+ for (String role : getRoles(username))
+ {
+ roleGroup.addMember(new SimplePrincipal(role));
+ }
+
+ // group principal
+ principals.add(roleGroup);
+
+ // username principal
+ principals.add(new SimplePrincipal(username));
+
+ return true;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ // Remove all principals from Subject
+ Set<Principal> principals = new HashSet(subject.getPrincipals());
+ for (Principal p : principals)
+ {
+ subject.getPrincipals().remove(p);
+ }
+
+ return true;
+ }
+
+
+ // ********** PROTECTED HELPER METHODS ****************************
+
+ protected boolean validateUser(String username, String password)
+ {
+ StringBuilder urlBuffer = new StringBuilder();
+ urlBuffer.append("http://" + this.gateInHost + ":" +
this.gateInPort + "/" + this.gateInContext
+ + "/rest/sso/authcallback/auth/" + username + "/" +
password);
+ String url = urlBuffer.toString();
+ log.debug("Execute callback HTTP for authentication of user: " +
username);
+
+ ResponseContext responseContext = this.executeRemoteCall(urlBuffer.toString());
+
+ return responseContext.status == 200 &&
"true".equals(responseContext.response.trim());
+ }
+
+ protected Collection<String> getRoles(String username)
+ {
+ if (rolesProcessingType == ROLES_PROCESSING_TYPE.STATIC)
+ {
+ return staticRolesList;
+ }
+ else
+ {
+ // We need to execute REST callback to GateIn to ask for roles
+ StringBuilder urlBuffer = new StringBuilder();
+ urlBuffer.append("http://" + this.gateInHost + ":" +
this.gateInPort + "/" + this.gateInContext
+ + "/rest/sso/authcallback/roles/" + username);
+
+ String url = urlBuffer.toString();
+
+ log.debug("Execute callback HTTP request: " + url);
+ ResponseContext responseContext = this.executeRemoteCall(url);
+
+ if (responseContext.status == 200)
+ {
+ String rolesString = responseContext.response;
+
+ String[] roles = rolesString.split(",");
+ return Arrays.asList(roles);
+ }
+ else
+ {
+ log.warn("Incorrect response received from REST callback for roles.
Status=" + responseContext.status + ", Response=" +
responseContext.response);
+ return new ArrayList<String>();
+ }
+ }
+ }
+
+ // ********** PRIVATE HELPER METHODS ****************************
+
+ private String readOption(String key, String defaultValue)
+ {
+ String result = (String)options.get(key);
+ if (result == null)
+ {
+ result = defaultValue;
+ }
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("Read option " + key + "=" + result);
+ }
+
+ return result;
+ }
+
+ private ResponseContext executeRemoteCall(String authUrl)
+ {
+ HttpClient client = new HttpClient();
+ GetMethod method = null;
+ try
+ {
+ method = new GetMethod(authUrl);
+
+ int status = client.executeMethod(method);
+ String response = method.getResponseBodyAsString();
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("Received response from REST call: status=" + status +
", response=" + response);
+ }
+
+ return new ResponseContext(status, response);
+ }
+ catch (Exception e)
+ {
+ log.warn("Error when sending request through HTTP client", e);
+ return new ResponseContext(1000, e.getMessage());
+ }
+ finally
+ {
+ if(method != null)
+ {
+ method.releaseConnection();
+ }
+ }
+ }
+
+ private static class ResponseContext
+ {
+ private final int status;
+ private final String response;
+
+ private ResponseContext(int status, String response)
+ {
+ this.status = status;
+ this.response = response;
+ }
+ }
+
+ private static enum ROLES_PROCESSING_TYPE
+ {
+ STATIC,
+ PORTAL_CALLBACK
+ }
+}
Added:
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimpleGroup.java
===================================================================
---
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimpleGroup.java
(rev 0)
+++
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimpleGroup.java 2012-01-13
13:00:01 UTC (rev 8297)
@@ -0,0 +1,145 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.gatein.sso.saml.plugin;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+
+
+/**
+ * Forked class because this plugin can be used on both JBoss or Tomcat and we want to be
independent on AS.
+ *
+ * An implementation of Group that manages a collection of Principal
+ *objects based on their hashCode() and equals() methods. This class
+ * is not thread safe.
+ * @author Scott.Stark(a)jboss.org
+ * @version $Revision$
+ */
+@SuppressWarnings({"rawtypes","unchecked"})
+public class SimpleGroup extends SimplePrincipal implements Group, Cloneable
+{
+ /** The serialVersionUID */
+ private static final long serialVersionUID = 605185963957807247L;
+
+ private HashMap members;
+
+ public SimpleGroup(String groupName)
+ {
+ super(groupName);
+ members = new HashMap(3);
+ }
+
+ /** Adds the specified member to the group.
+ @param user the principal to add to this group.
+ @return true if the member was successfully added,
+ false if the principal was already a member.
+ */
+ public boolean addMember(Principal user)
+ {
+ boolean isMember = members.containsKey(user);
+ if( isMember == false )
+ members.put(user, user);
+ return isMember == false;
+ }
+
+ /** Returns true if the passed principal is a member of the group.
+ This method does a recursive search, so if a principal belongs to a
+ group which is a member of this group, true is returned.
+
+ A special check is made to see if the member is an instance of
+ org.jboss.security.AnybodyPrincipal or org.jboss.security.NobodyPrincipal
+ since these classes do not hash to meaningful values.
+ @param member the principal whose membership is to be checked.
+ @return true if the principal is a member of this group,
+ false otherwise.
+ */
+ public boolean isMember(Principal member)
+ {
+ // First see if there is a key with the member name
+ boolean isMember = members.containsKey(member);
+
+ if( isMember == false )
+ { // Check any Groups for membership
+ Collection values = members.values();
+ Iterator iter = values.iterator();
+ while( isMember == false && iter.hasNext() )
+ {
+ Object next = iter.next();
+ if( next instanceof Group )
+ {
+ Group group = (Group) next;
+ isMember = group.isMember(member);
+ }
+ }
+ }
+
+ return isMember;
+ }
+
+ /** Returns an enumeration of the members in the group.
+ The returned objects can be instances of either Principal
+ or Group (which is a subinterface of Principal).
+ @return an enumeration of the group members.
+ */
+ public Enumeration<Principal> members()
+ {
+ return Collections.enumeration(members.values());
+ }
+
+ /** Removes the specified member from the group.
+ @param user the principal to remove from this group.
+ @return true if the principal was removed, or
+ false if the principal was not a member.
+ */
+ public boolean removeMember(Principal user)
+ {
+ Object prev = members.remove(user);
+ return prev != null;
+ }
+
+ public String toString()
+ {
+ StringBuffer tmp = new StringBuffer(getName());
+ tmp.append("(members:");
+ Iterator iter = members.keySet().iterator();
+ while( iter.hasNext() )
+ {
+ tmp.append(iter.next());
+ tmp.append(',');
+ }
+ tmp.setCharAt(tmp.length()-1, ')');
+ return tmp.toString();
+ }
+
+ public synchronized Object clone() throws CloneNotSupportedException
+ {
+ SimpleGroup clone = (SimpleGroup) super.clone();
+ if(clone != null)
+ clone.members = (HashMap)this.members.clone();
+ return clone;
+ }
+}
\ No newline at end of file
Added:
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimplePrincipal.java
===================================================================
---
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimplePrincipal.java
(rev 0)
+++
components/sso/trunk/saml/gatein-saml-plugin/src/main/java/org/gatein/sso/saml/plugin/SimplePrincipal.java 2012-01-13
13:00:01 UTC (rev 8297)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.gatein.sso.saml.plugin;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * Forked class because this plugin can be used on both JBoss or Tomcat and we want to be
independent on AS.
+ *
+ * @author <a href="on(a)ibis.odessa.ua">Oleg Nitz</a>
+ * @author Scott.Stark(a)jboss.org
+ */
+public class SimplePrincipal implements Principal, Serializable
+{
+ private static final long serialVersionUID = 7701951188631723290L;
+ private final String name;
+
+ public SimplePrincipal(String name)
+ {
+ this.name = name;
+ }
+
+ /**
+ * Compare this SimplePrincipal's name against another Principal. If system
property
+ * org.jboss.security.simpleprincipal.equals.override is set to true will only
+ * compare instances of SimplePrincipals.
+ * @return true if name equals another.getName();
+ */
+ @Override
+ public boolean equals(Object another)
+ {
+ String anotherName = ((Principal) another).getName();
+ boolean equals = false;
+ if (name == null)
+ equals = anotherName == null;
+ else
+ equals = name.equals(anotherName);
+ return equals;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return (name == null ? 0 : name.hashCode());
+ }
+
+ @Override
+ public String toString()
+ {
+ return name;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+}
\ No newline at end of file
Added: components/sso/trunk/saml/gatein-saml-portal/pom.xml
===================================================================
--- components/sso/trunk/saml/gatein-saml-portal/pom.xml (rev 0)
+++ components/sso/trunk/saml/gatein-saml-portal/pom.xml 2012-01-13 13:00:01 UTC (rev
8297)
@@ -0,0 +1,19 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>sso-saml-parent</artifactId>
+ <groupId>org.gatein.sso</groupId>
+ <version>1.1.1-CR01-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.gatein.sso</groupId>
+ <artifactId>gatein-saml-pkg</artifactId>
+ <packaging>pom</packaging>
+
+ <name>GateIn SSO - SAML - Portal packaging</name>
+
+ <dependencies>
+ </dependencies>
+</project>
Added: components/sso/trunk/saml/pom.xml
===================================================================
--- components/sso/trunk/saml/pom.xml (rev 0)
+++ components/sso/trunk/saml/pom.xml 2012-01-13 13:00:01 UTC (rev 8297)
@@ -0,0 +1,45 @@
+<!--
+ ~ JBoss, a division of Red Hat
+ ~ Copyright 2012, Red Hat Middleware, LLC, and individual
+ ~ contributors as indicated by the @authors tag. See the
+ ~ copyright.txt in the distribution for a full listing of
+ ~ individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ -->
+
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.gatein.sso</groupId>
+ <artifactId>sso-parent</artifactId>
+ <version>1.1.1-CR01-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.gatein.sso</groupId>
+ <artifactId>sso-saml-parent</artifactId>
+ <packaging>pom</packaging>
+
+ <name>GateIn SSO - SAML</name>
+
+ <modules>
+ <module>gatein-saml-plugin</module>
+ <module>gatein-saml-portal</module>
+ </modules>
+
+</project>