JBoss Identity SVN: r889 - in identity-federation/trunk: jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock and 12 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2009-10-30 15:02:20 -0400 (Fri, 30 Oct 2009)
New Revision: 889
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorType.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorsType.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/ClaimsProcessor.java
Removed:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/constants/AttributeConstants.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project
Log:
JBID-140: added a ClaimsProcessor interface. Implementations are responsible for parsing the WS-T claims and obtain the attributes that correspond to these claims. SAML20TokenProvider has been changed to insert the attributes in the SAML assertion when creating the assertion.
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.bindings.tomcat.idp;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -59,6 +61,7 @@
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.StatementUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
@@ -70,8 +73,6 @@
import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.xml.sax.SAXException;
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
-
/**
* Valve at the IDP that supports the HTTP/Redirect Binding
* @author Anil.Saldhana(a)redhat.com
@@ -367,7 +368,7 @@
List<String> roles = rg.generateRoles(userPrincipal);
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
- AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
+ AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
//Add timed conditions
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -39,7 +39,6 @@
private Map<String, String> headers = new HashMap<String, String>();
private int status;
public String redirectString;
- @SuppressWarnings("unused")
private PrintWriter mywriter;
@Override
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -25,7 +25,6 @@
import java.io.OutputStream;
import java.io.Writer;
import java.util.Arrays;
-import java.util.List;
import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
@@ -44,7 +43,6 @@
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
-import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
@@ -57,8 +55,6 @@
import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.ActionType;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.assertion.AuthnContextType;
import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AuthzDecisionStatementType;
@@ -141,22 +137,6 @@
}
/**
- * Given a set of roles, create an attribute statement
- * @param roles
- * @return
- */
- public AttributeStatementType createAttributeStatement(List<String> roles)
- {
- AttributeStatementType attrStatement = JBossSAMLBaseFactory.createAttributeStatement();
- for(String role: roles)
- {
- AttributeType attr = JBossSAMLBaseFactory.createAttributeForRole(role);
- attrStatement.getAttributeOrEncryptedAttribute().add(attr);
- }
- return attrStatement;
- }
-
- /**
* Create a ResponseType
* @param ID id of the response
* @param sp holder with the information about the Service Provider
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -43,6 +43,7 @@
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.StatementUtil;
import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
@@ -211,7 +212,7 @@
responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
- AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
+ AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
//Add timed conditions
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -1,131 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2009.09.03 at 01:21:42 PM BRT
-//
-
-
-package org.jboss.identity.federation.core.config;
-
-import java.util.ArrayList;
-import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * <p>Java class for ClaimProviderType complex type.
- *
- * <p>The following schema fragment specifies the expected content contained within this class.
- *
- * <pre>
- * <complexType name="ClaimProviderType">
- * <complexContent>
- * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- * <sequence>
- * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}KeyValueType" maxOccurs="unbounded" minOccurs="0"/>
- * </sequence>
- * <attribute name="ProviderClass" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
- * <attribute name="Dialect" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
- * </restriction>
- * </complexContent>
- * </complexType>
- * </pre>
- *
- *
- */
-(a)XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "ClaimProviderType", propOrder = {
- "property"
-})
-public class ClaimProviderType {
-
- @XmlElement(name = "Property")
- protected List<KeyValueType> property;
- @XmlAttribute(name = "ProviderClass", required = true)
- protected String providerClass;
- @XmlAttribute(name = "Dialect", required = true)
- protected String dialect;
-
- /**
- * Gets the value of the property property.
- *
- * <p>
- * This accessor method returns a reference to the live list,
- * not a snapshot. Therefore any modification you make to the
- * returned list will be present inside the JAXB object.
- * This is why there is not a <CODE>set</CODE> method for the property property.
- *
- * <p>
- * For example, to add a new item, do as follows:
- * <pre>
- * getProperty().add(newItem);
- * </pre>
- *
- *
- * <p>
- * Objects of the following type(s) are allowed in the list
- * {@link KeyValueType }
- *
- *
- */
- public List<KeyValueType> getProperty() {
- if (property == null) {
- property = new ArrayList<KeyValueType>();
- }
- return this.property;
- }
-
- /**
- * Gets the value of the providerClass property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
- public String getProviderClass() {
- return providerClass;
- }
-
- /**
- * Sets the value of the providerClass property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setProviderClass(String value) {
- this.providerClass = value;
- }
-
- /**
- * Gets the value of the dialect property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
- public String getDialect() {
- return dialect;
- }
-
- /**
- * Sets the value of the dialect property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setDialect(String value) {
- this.dialect = value;
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -1,80 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2009.09.03 at 01:21:42 PM BRT
-//
-
-
-package org.jboss.identity.federation.core.config;
-
-import java.util.ArrayList;
-import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- *
- * The claim providers specify the classes that are capable of handling specific claims dialects.
- *
- *
- * <p>Java class for ClaimProvidersType complex type.
- *
- * <p>The following schema fragment specifies the expected content contained within this class.
- *
- * <pre>
- * <complexType name="ClaimProvidersType">
- * <complexContent>
- * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- * <sequence>
- * <element name="ClaimProvider" type="{urn:jboss:identity-federation:config:1.0}ClaimProviderType" maxOccurs="unbounded"/>
- * </sequence>
- * </restriction>
- * </complexContent>
- * </complexType>
- * </pre>
- *
- *
- */
-(a)XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "ClaimProvidersType", propOrder = {
- "claimProvider"
-})
-public class ClaimProvidersType {
-
- @XmlElement(name = "ClaimProvider", required = true)
- protected List<ClaimProviderType> claimProvider;
-
- /**
- * Gets the value of the claimProvider property.
- *
- * <p>
- * This accessor method returns a reference to the live list,
- * not a snapshot. Therefore any modification you make to the
- * returned list will be present inside the JAXB object.
- * This is why there is not a <CODE>set</CODE> method for the claimProvider property.
- *
- * <p>
- * For example, to add a new item, do as follows:
- * <pre>
- * getClaimProvider().add(newItem);
- * </pre>
- *
- *
- * <p>
- * Objects of the following type(s) are allowed in the list
- * {@link ClaimProviderType }
- *
- *
- */
- public List<ClaimProviderType> getClaimProvider() {
- if (claimProvider == null) {
- claimProvider = new ArrayList<ClaimProviderType>();
- }
- return this.claimProvider;
- }
-
-}
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorType.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorType.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -0,0 +1,131 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.30 at 03:20:31 PM GMT-03:00
+//
+
+
+package org.jboss.identity.federation.core.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for ClaimsProcessorType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * <complexType name="ClaimsProcessorType">
+ * <complexContent>
+ * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * <sequence>
+ * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}KeyValueType" maxOccurs="unbounded" minOccurs="0"/>
+ * </sequence>
+ * <attribute name="ProcessorClass" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * <attribute name="Dialect" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
+ * </restriction>
+ * </complexContent>
+ * </complexType>
+ * </pre>
+ *
+ *
+ */
+(a)XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ClaimsProcessorType", propOrder = {
+ "property"
+})
+public class ClaimsProcessorType {
+
+ @XmlElement(name = "Property")
+ protected List<KeyValueType> property;
+ @XmlAttribute(name = "ProcessorClass", required = true)
+ protected String processorClass;
+ @XmlAttribute(name = "Dialect", required = true)
+ protected String dialect;
+
+ /**
+ * Gets the value of the property property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the property property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getProperty().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link KeyValueType }
+ *
+ *
+ */
+ public List<KeyValueType> getProperty() {
+ if (property == null) {
+ property = new ArrayList<KeyValueType>();
+ }
+ return this.property;
+ }
+
+ /**
+ * Gets the value of the processorClass property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getProcessorClass() {
+ return processorClass;
+ }
+
+ /**
+ * Sets the value of the processorClass property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setProcessorClass(String value) {
+ this.processorClass = value;
+ }
+
+ /**
+ * Gets the value of the dialect property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getDialect() {
+ return dialect;
+ }
+
+ /**
+ * Sets the value of the dialect property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setDialect(String value) {
+ this.dialect = value;
+ }
+
+}
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorsType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorsType.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimsProcessorsType.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -0,0 +1,80 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
+// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.30 at 02:46:25 PM GMT-03:00
+//
+
+
+package org.jboss.identity.federation.core.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ *
+ * The claims processors specify the classes that are capable of processing specific claims dialects.
+ *
+ *
+ * <p>Java class for ClaimsProcessorsType complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within this class.
+ *
+ * <pre>
+ * <complexType name="ClaimsProcessorsType">
+ * <complexContent>
+ * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * <sequence>
+ * <element name="ClaimsProcessor" type="{urn:jboss:identity-federation:config:1.0}ClaimsProcessorType" maxOccurs="unbounded"/>
+ * </sequence>
+ * </restriction>
+ * </complexContent>
+ * </complexType>
+ * </pre>
+ *
+ *
+ */
+(a)XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "ClaimsProcessorsType", propOrder = {
+ "claimsProcessor"
+})
+public class ClaimsProcessorsType {
+
+ @XmlElement(name = "ClaimsProcessor", required = true)
+ protected List<ClaimsProcessorType> claimsProcessor;
+
+ /**
+ * Gets the value of the claimsProcessor property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the claimsProcessor property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getClaimsProcessor().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link ClaimsProcessorType }
+ *
+ *
+ */
+ public List<ClaimsProcessorType> getClaimsProcessor() {
+ if (claimsProcessor == null) {
+ claimsProcessor = new ArrayList<ClaimsProcessorType>();
+ }
+ return this.claimsProcessor;
+ }
+
+}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -1,8 +1,8 @@
//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2009.09.03 at 01:21:42 PM BRT
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.30 at 02:46:25 PM GMT-03:00
//
@@ -17,7 +17,7 @@
/**
* This object contains factory methods for each
* Java content interface and Java element interface
- * generated in the org.jboss.identity.federation.core.config package.
+ * generated in the jboss.identity_federation.config._1 package.
* <p>An ObjectFactory allows you to programatically
* construct new instances of the Java representation
* for XML content. The Java representation of XML
@@ -36,142 +36,138 @@
private final static QName _JBossSP_QNAME = new QName("urn:jboss:identity-federation:config:1.0", "JBossSP");
/**
- * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.jboss.identity.federation.core.config
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: jboss.identity_federation.config._1
*
*/
public ObjectFactory() {
}
-
/**
- * Create an instance of {@link TokenProviderType }
+ * Create an instance of {@link SPType }
*
- */
- public TokenProviderType createTokenProviderType() {
- return new TokenProviderType();
- }
-
-
- /**
- * Create an instance of {@link SPType }
- *
- */
+ */
public SPType createSPType() {
return new SPType();
}
/**
- * Create an instance of {@link ProviderType }
+ * Create an instance of {@link AuthPropertyType }
*
- */
- public ProviderType createProviderType() {
- return new ProviderType();
+ */
+ public AuthPropertyType createAuthPropertyType() {
+ return new AuthPropertyType();
}
-
+
/**
- * Create an instance of {@link ServiceProvidersType }
+ * Create an instance of {@link ServiceProviderType }
*
*/
- public ServiceProvidersType createServiceProvidersType() {
- return new ServiceProvidersType();
+ public ServiceProviderType createServiceProviderType() {
+ return new ServiceProviderType();
}
/**
- * Create an instance of {@link AuthPropertyType }
+ * Create an instance of {@link TrustType }
*
*/
- public AuthPropertyType createAuthPropertyType() {
- return new AuthPropertyType();
+ public TrustType createTrustType() {
+ return new TrustType();
}
/**
- * Create an instance of {@link ClaimProvidersType }
+ * Create an instance of {@link STSType }
*
*/
- public ClaimProvidersType createClaimProvidersType() {
- return new ClaimProvidersType();
+ public STSType createSTSType() {
+ return new STSType();
}
/**
- * Create an instance of {@link ClaimProviderType }
+ * Create an instance of {@link MetadataProviderType }
*
*/
- public ClaimProviderType createClaimProviderType() {
- return new ClaimProviderType();
+ public MetadataProviderType createMetadataProviderType() {
+ return new MetadataProviderType();
}
- /**
- * Create an instance of {@link TrustType }
+ /**
+ * Create an instance of {@link TokenProvidersType }
*
- */
- public TrustType createTrustType() {
- return new TrustType();
- }
+ */
+ public TokenProvidersType createTokenProvidersType() {
+ return new TokenProvidersType();
+ }
- /**
- * Create an instance of {@link STSType }
+ /**
+ * Create an instance of {@link ClaimsProcessorType }
*
- */
- public STSType createSTSType() {
- return new STSType();
+ */
+ public ClaimsProcessorType createClaimsProcessorType() {
+ return new ClaimsProcessorType();
}
/**
- * Create an instance of {@link KeyProviderType }
+ * Create an instance of {@link ServiceProvidersType }
*
- */
- public KeyProviderType createKeyProviderType() {
- return new KeyProviderType();
+ */
+ public ServiceProvidersType createServiceProvidersType() {
+ return new ServiceProvidersType();
}
/**
- * Create an instance of {@link KeyValueType }
+ * Create an instance of {@link ClaimsProcessorsType }
*
- */
- public KeyValueType createKeyValueType() {
- return new KeyValueType();
+ */
+ public ClaimsProcessorsType createClaimsProcessorsType() {
+ return new ClaimsProcessorsType();
}
-
+
/**
- * Create an instance of {@link EncryptionType }
+ * Create an instance of {@link KeyProviderType }
*
*/
- public EncryptionType createEncryptionType() {
- return new EncryptionType();
+ public KeyProviderType createKeyProviderType() {
+ return new KeyProviderType();
}
- /**
- * Create an instance of {@link MetadataProviderType }
+ /**
+ * Create an instance of {@link TokenProviderType }
*
*/
- public MetadataProviderType createMetadataProviderType() {
- return new MetadataProviderType();
- }
-
+ public TokenProviderType createTokenProviderType() {
+ return new TokenProviderType();
+ }
/**
- * Create an instance of {@link IDPType }
+ * Create an instance of {@link ProviderType }
*
- */
+ */
+ public ProviderType createProviderType() {
+ return new ProviderType();
+ }
+
+ /**
+ * Create an instance of {@link IDPType }
+ *
+ */
public IDPType createIDPType() {
- return new IDPType();
+ return new IDPType();
}
-
/**
- * Create an instance of {@link ServiceProviderType }
+ * Create an instance of {@link EncryptionType }
*
*/
- public ServiceProviderType createServiceProviderType() {
- return new ServiceProviderType();
+ public EncryptionType createEncryptionType() {
+ return new EncryptionType();
}
/**
- * Create an instance of {@link TokenProvidersType }
+ * Create an instance of {@link KeyValueType }
*
*/
- public TokenProvidersType createTokenProvidersType() {
- return new TokenProvidersType();
+ public KeyValueType createKeyValueType() {
+ return new KeyValueType();
}
/**
@@ -182,6 +178,7 @@
public JAXBElement<IDPType> createJBossIDP(IDPType value) {
return new JAXBElement<IDPType>(_JBossIDP_QNAME, IDPType.class, null, value);
}
+
/**
* Create an instance of {@link JAXBElement }{@code <}{@link STSType }{@code >}}
*
@@ -200,4 +197,4 @@
return new JAXBElement<SPType>(_JBossSP_QNAME, SPType.class, null, value);
}
-}
\ No newline at end of file
+}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -1,8 +1,8 @@
//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2009.09.03 at 01:21:42 PM BRT
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.30 at 02:46:25 PM GMT-03:00
//
@@ -27,7 +27,7 @@
* <sequence>
* <element name="KeyProvider" type="{urn:jboss:identity-federation:config:1.0}KeyProviderType" minOccurs="0"/>
* <element name="RequestHandler" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
- * <element name="ClaimProviders" type="{urn:jboss:identity-federation:config:1.0}ClaimProvidersType" minOccurs="0"/>
+ * <element name="ClaimsProcessors" type="{urn:jboss:identity-federation:config:1.0}ClaimsProcessorsType" minOccurs="0"/>
* <element name="TokenProviders" type="{urn:jboss:identity-federation:config:1.0}TokenProvidersType" minOccurs="0"/>
* <element name="ServiceProviders" type="{urn:jboss:identity-federation:config:1.0}ServiceProvidersType" minOccurs="0"/>
* </sequence>
@@ -46,7 +46,7 @@
@XmlType(name = "STSType", propOrder = {
"keyProvider",
"requestHandler",
- "claimProviders",
+ "claimsProcessors",
"tokenProviders",
"serviceProviders"
})
@@ -56,8 +56,8 @@
protected KeyProviderType keyProvider;
@XmlElement(name = "RequestHandler")
protected String requestHandler;
- @XmlElement(name = "ClaimProviders")
- protected ClaimProvidersType claimProviders;
+ @XmlElement(name = "ClaimsProcessors")
+ protected ClaimsProcessorsType claimsProcessors;
@XmlElement(name = "TokenProviders")
protected TokenProvidersType tokenProviders;
@XmlElement(name = "ServiceProviders")
@@ -120,27 +120,27 @@
}
/**
- * Gets the value of the claimProviders property.
+ * Gets the value of the claimsProcessors property.
*
* @return
* possible object is
- * {@link ClaimProvidersType }
+ * {@link ClaimsProcessorsType }
*
*/
- public ClaimProvidersType getClaimProviders() {
- return claimProviders;
+ public ClaimsProcessorsType getClaimsProcessors() {
+ return claimsProcessors;
}
/**
- * Sets the value of the claimProviders property.
+ * Sets the value of the claimsProcessors property.
*
* @param value
* allowed object is
- * {@link ClaimProvidersType }
+ * {@link ClaimsProcessorsType }
*
*/
- public void setClaimProviders(ClaimProvidersType value) {
- this.claimProviders = value;
+ public void setClaimsProcessors(ClaimsProcessorsType value) {
+ this.claimsProcessors = value;
}
/**
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/constants/AttributeConstants.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/constants/AttributeConstants.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/constants/AttributeConstants.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -41,4 +41,5 @@
String STREET = "street";
String TITLE = "title";
String TELEPHONE = "telephoneNumber";
+ String ROLES = "roles";
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.core.saml.v2.util;
+import java.util.Collection;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -41,66 +43,99 @@
*/
public class StatementUtil
{
- public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(),
- "Encoding");
-
+ public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(), "Encoding");
+
private static ObjectFactory factory = new ObjectFactory();
-
+
/**
* Create an attribute statement with all the attributes
* @param attributes a map with keys from {@link AttributeConstants}
* @return
*/
- public static AttributeStatementType createAttributeStatement(Map<String,Object> attributes)
+ public static AttributeStatementType createAttributeStatement(Map<String, Object> attributes)
{
- AttributeStatementType attrStatement = null;
-
+ AttributeStatementType attrStatement = null;
+
int i = 0;
-
+
Set<String> keys = attributes.keySet();
- for(String key: keys)
- {
- if(i == 0)
+ for (String key : keys)
+ {
+ if (i == 0)
{
//Deal with the X500 Profile of SAML2
attrStatement = JBossSAMLBaseFactory.createAttributeStatement();
i++;
}
- AttributeType att = getX500Attribute();
-
- Object value = attributes.get(key);
-
- if(AttributeConstants.EMAIL_ADDRESS.equals(key))
- {
- att.setFriendlyName(X500SAMLProfileConstants.EMAIL_ADDRESS.getFriendlyName());
- att.setName(X500SAMLProfileConstants.EMAIL_ADDRESS.get());
+
+ // if the attribute contains roles, add each role as an attribute.
+ if (AttributeConstants.ROLES.equalsIgnoreCase(key))
+ {
+ Object value = attributes.get(key);
+ if (value instanceof Collection<?>)
+ {
+ Collection<?> roles = (Collection<?>) value;
+ for (Object role : roles)
+ {
+ AttributeType roleAttr = JBossSAMLBaseFactory.createAttributeForRole((String) role);
+ attrStatement.getAttributeOrEncryptedAttribute().add(factory.createAttribute(roleAttr));
+ }
+ }
}
- else if(AttributeConstants.EMPLOYEE_NUMBER.equals(key))
- {
- att.setFriendlyName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.getFriendlyName());
- att.setName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.get());
+
+ else
+ {
+ AttributeType att = getX500Attribute();
+ Object value = attributes.get(key);
+
+ if (AttributeConstants.EMAIL_ADDRESS.equals(key))
+ {
+ att.setFriendlyName(X500SAMLProfileConstants.EMAIL_ADDRESS.getFriendlyName());
+ att.setName(X500SAMLProfileConstants.EMAIL_ADDRESS.get());
+ }
+ else if (AttributeConstants.EMPLOYEE_NUMBER.equals(key))
+ {
+ att.setFriendlyName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.getFriendlyName());
+ att.setName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.get());
+ }
+ else if (AttributeConstants.GIVEN_NAME.equals(key))
+ {
+ att.setFriendlyName(X500SAMLProfileConstants.GIVENNAME.getFriendlyName());
+ att.setName(X500SAMLProfileConstants.GIVENNAME.get());
+ }
+ else if (AttributeConstants.TELEPHONE.equals(key))
+ {
+ att.setFriendlyName(X500SAMLProfileConstants.TELEPHONE.getFriendlyName());
+ att.setName(X500SAMLProfileConstants.TELEPHONE.get());
+ }
+ att.getAttributeValue().add(value);
+ attrStatement.getAttributeOrEncryptedAttribute().add(att);
}
- else if(AttributeConstants.GIVEN_NAME.equals(key))
- {
- att.setFriendlyName(X500SAMLProfileConstants.GIVENNAME.getFriendlyName());
- att.setName(X500SAMLProfileConstants.GIVENNAME.get());
- }
- else if(AttributeConstants.TELEPHONE.equals(key))
- {
- att.setFriendlyName(X500SAMLProfileConstants.TELEPHONE.getFriendlyName());
- att.setName(X500SAMLProfileConstants.TELEPHONE.get());
- }
- att.getAttributeValue().add(value);
- attrStatement.getAttributeOrEncryptedAttribute().add(att);
}
- return attrStatement;
+ return attrStatement;
}
-
+
+ /**
+ * Given a set of roles, create an attribute statement
+ * @param roles
+ * @return
+ */
+ public static AttributeStatementType createAttributeStatement(List<String> roles)
+ {
+ AttributeStatementType attrStatement = JBossSAMLBaseFactory.createAttributeStatement();
+ for (String role : roles)
+ {
+ AttributeType attr = JBossSAMLBaseFactory.createAttributeForRole(role);
+ attrStatement.getAttributeOrEncryptedAttribute().add(attr);
+ }
+ return attrStatement;
+ }
+
private static AttributeType getX500Attribute()
{
AttributeType att = factory.createAttributeType();
att.getOtherAttributes().put(X500_QNAME, "LDAP");
-
+
att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get());
return att;
}
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/ClaimsProcessor.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/ClaimsProcessor.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/ClaimsProcessor.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source.
+
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.Principal;
+import java.util.Map;
+
+import org.jboss.identity.federation.ws.trust.ClaimsType;
+
+/**
+ * <p>
+ * A {@code ClaimsProcessor} implementation is responsible for parsing the WS-Trust claims according to the specified
+ * claims dialect and retrieving the attributes that correspond to the required claims. {@code ClaimsProcessor}s may
+ * use the properties specified in the configuration to perform its job (for instance, to connect to an external LDAP
+ * server or IDM system when retrieving the attributes).
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface ClaimsProcessor
+{
+ /**
+ * <p>
+ * Initializes the {@code ClaimsProcessor} using the specified properties map.
+ * </p>
+ *
+ * @param properties a {@code Map<String, String>} that contains the properties that have been configured for
+ * this {@code ClaimsProcessor}.
+ */
+ public void initialize(Map<String, String> properties);
+
+ /**
+ * <p>
+ * Parses the specified claims according to the claims dialect and returns a {@code Map} of attributes that
+ * correspond to the required claims. Implementing classes may get the attributes from a local context or from an
+ * external system (like an LDAP server or IDM system).
+ * </p>
+ *
+ * @param claims a reference to the {@code ClaimsType} instance that contains the claims that must be inserted into
+ * generated tokens as attributes.
+ * @param principal the {@code Principal} to which the claims refer.
+ * @return a {@code Map<String, Object>} of attributes that correspond to the required claims.
+ * @throws WSTrustException if an error occurs while processing the claims.
+ */
+ public Map<String, Object> processClaims(ClaimsType claims, Principal principal) throws WSTrustException;
+}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -27,6 +27,8 @@
import java.util.HashMap;
import java.util.Map;
+import org.jboss.identity.federation.core.config.ClaimsProcessorType;
+import org.jboss.identity.federation.core.config.ClaimsProcessorsType;
import org.jboss.identity.federation.core.config.KeyProviderType;
import org.jboss.identity.federation.core.config.KeyValueType;
import org.jboss.identity.federation.core.config.STSType;
@@ -53,6 +55,8 @@
private final Map<String, ServiceProviderType> spMetadata = new HashMap<String, ServiceProviderType>();
+ private final Map<String, ClaimsProcessor> claimsProcessors = new HashMap<String, ClaimsProcessor>();
+
private TrustKeyManager trustManager;
private WSTrustRequestHandler handler;
@@ -83,31 +87,52 @@
if (this.delegate.getRequestHandler() == null)
this.delegate.setRequestHandler("org.jboss.identity.federation.core.wstrust.StandardRequestHandler");
- // build the token-provider and service-metadata maps.
+ // build the token-provider maps.
TokenProvidersType providers = this.delegate.getTokenProviders();
if (providers != null)
{
- WSTrustServiceFactory serviceFactory = WSTrustServiceFactory.getInstance();
for (TokenProviderType provider : providers.getTokenProvider())
{
- // create and initialize the token provider.
- SecurityTokenProvider tokenProvider = serviceFactory.createTokenProvider(provider.getProviderClass());
+ // get the properties that have been configured for the token provider.
Map<String, String> properties = new HashMap<String, String>();
for (KeyValueType propertyType : provider.getProperty())
properties.put(propertyType.getKey(), propertyType.getValue());
- tokenProvider.initialize(properties);
+ // create and initialize the token provider.
+ SecurityTokenProvider tokenProvider = WSTrustServiceFactory.getInstance().createTokenProvider(
+ provider.getProviderClass(), properties);
// token providers can be keyed by the token type and by token element + namespace.
this.tokenProviders.put(provider.getTokenType(), tokenProvider);
String tokenElementAndNS = provider.getTokenElement() + "$" + provider.getTokenElementNS();
this.tokenProviders.put(tokenElementAndNS, tokenProvider);
}
}
+
+ // build the claims processors map.
+ ClaimsProcessorsType processors = this.delegate.getClaimsProcessors();
+ if (processors != null)
+ {
+ for (ClaimsProcessorType processor : processors.getClaimsProcessor())
+ {
+ // get the properties that have been configured for the claims processor.
+ Map<String, String> properties = new HashMap<String, String>();
+ for (KeyValueType propertyType : processor.getProperty())
+ properties.put(propertyType.getKey(), propertyType.getValue());
+ // create and initialize the claims processor.
+ ClaimsProcessor claimsProcessor = WSTrustServiceFactory.getInstance().createClaimsProcessor(
+ processor.getProcessorClass(), properties);
+ // store the processor using the dialect as the key.
+ this.claimsProcessors.put(processor.getDialect(), claimsProcessor);
+ }
+ }
+
+ // setup the service providers metadata.
ServiceProvidersType serviceProviders = this.delegate.getServiceProviders();
if (serviceProviders != null)
{
for (ServiceProviderType provider : serviceProviders.getServiceProvider())
this.spMetadata.put(provider.getEndpoint(), provider);
}
+
// setup the key store.
KeyProviderType keyProviderType = config.getKeyProvider();
if (keyProviderType != null)
@@ -218,6 +243,16 @@
/*
* (non-Javadoc)
*
+ * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getClaimsProcessor(java.lang.String)
+ */
+ public ClaimsProcessor getClaimsProcessor(String claimsDialect)
+ {
+ return this.claimsProcessors.get(claimsDialect);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
* @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String)
*/
public String getTokenTypeForService(String serviceName)
@@ -287,12 +322,13 @@
public Certificate getCertificate(String alias)
{
Certificate certificate = null;
- if(this.trustManager != null)
+ if (this.trustManager != null)
{
- try{
+ try
+ {
certificate = trustManager.getCertificate(alias);
}
- catch(Exception e)
+ catch (Exception e)
{
throw new RuntimeException("Error obtaining public key certificate", e);
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -136,6 +136,16 @@
/**
* <p>
+ * Obtains the {@code ClaimsProcessor} that must be used to handle claims of the specified dialect.
+ * </p>
+ *
+ * @param claimsDialect a {@code String} representing the claims dialect (usually a URL).
+ * @return the {@code ClaimsProcessor} to be used, or {@code null} if no processor could be found for the dialect.
+ */
+ public ClaimsProcessor getClaimsProcessor(String claimsDialect);
+
+ /**
+ * <p>
* Obtains a reference to the {@code KeyPair} object that contains the STS {@code PrivateKey} and {@code PublicKey}.
* </p>
*
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -38,6 +38,7 @@
import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
import org.jboss.identity.federation.ws.policy.AppliesTo;
import org.jboss.identity.federation.ws.trust.BinarySecretType;
+import org.jboss.identity.federation.ws.trust.ClaimsType;
import org.jboss.identity.federation.ws.trust.EntropyType;
import org.jboss.identity.federation.ws.trust.ObjectFactory;
import org.jboss.identity.federation.ws.trust.RequestedProofTokenType;
@@ -133,6 +134,19 @@
}
requestContext.setServiceProviderPublicKey(providerPublicKey);
+ // process the claims if needed.
+ if (request.getClaims() != null)
+ {
+ ClaimsType claims = request.getClaims();
+ ClaimsProcessor processor = this.configuration.getClaimsProcessor(claims.getDialect());
+ // if there is a processor, process the claims and set the resulting attributes in the context.
+ if (processor != null)
+ requestContext.setClaimedAttributes(processor.processClaims(claims, callerPrincipal));
+ else if (log.isDebugEnabled())
+ log.debug("Claims have been specified in the request but no processor was found for dialect "
+ + claims.getDialect());
+ }
+
// get the key type and size from the request, setting default values if not specified.
URI keyType = request.getKeyType();
if (keyType == null)
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -23,6 +23,7 @@
import java.security.Principal;
import java.security.PublicKey;
+import java.util.Map;
import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
@@ -51,7 +52,9 @@
private final RequestSecurityToken request;
private KeyInfoType proofTokenInfo;
-
+
+ private Map<String, Object> claimedAttributes;
+
// information supplied by the token provider.
private SecurityToken securityToken;
@@ -159,7 +162,7 @@
{
return this.proofTokenInfo;
}
-
+
/**
* <p>
* Sets the {@code KeyInfoType} that contains the proof-of-possession token.
@@ -171,9 +174,38 @@
{
this.proofTokenInfo = proofTokenInfo;
}
-
+
/**
* <p>
+ * Gets the {@code Map} that contains the attributes claimed by the caller. Token providers use this method to
+ * obtain the attributes that must be inserted in the security token.
+ * </p>
+ *
+ * @return a {@code Map<String, Object>} that contains the caller's attributes keyed by the attribute name.
+ */
+ public Map<String, Object> getClaimedAttributes()
+ {
+ return this.claimedAttributes;
+ }
+
+ /**
+ * <p>
+ * Sets the caller's attributes. The caller uses the {@code Claims} section of the WS-Trust request to specify the
+ * attributes that need to be present in the generated security token. The token service parses this section and
+ * (possibly) interacts with other services to determine the values of the required attributes. After the attributes
+ * have been determined the STS uses this method to set them in the request context and make them available for
+ * token providers.
+ * </p>
+ *
+ * @param attributes a {@code Map<String, Object} that contains the caller's attributes keyed by the attribute name.
+ */
+ public void setClaimedAttributes(Map<String, Object> attributes)
+ {
+ this.claimedAttributes = attributes;
+ }
+
+ /**
+ * <p>
* Obtains the security token set by the token provider.
* </p>
*
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -22,6 +22,7 @@
package org.jboss.identity.federation.core.wstrust;
import java.security.PrivilegedActionException;
+import java.util.Map;
/**
* <p>
@@ -78,20 +79,23 @@
throw new RuntimeException(e.getMessage(), e);
}
}
-
+
/**
* <p>
* Constructs and returns a {@code SecurityTokenProvider} from the specified class name.
* </p>
*
* @param providerClass the FQN of the {@code SecurityTokenProvider} to be instantiated.
+ * @param properties a {@code Map<String, String>} containing the properties that have been configured for the
+ * token provider.
* @return a reference to the constructed {@code SecurityTokenProvider} object.
*/
- public SecurityTokenProvider createTokenProvider(String providerClass)
+ public SecurityTokenProvider createTokenProvider(String providerClass, Map<String, String> properties)
{
try
{
SecurityTokenProvider tokenProvider = (SecurityTokenProvider) SecurityActions.instantiateClass(providerClass);
+ tokenProvider.initialize(properties);
return tokenProvider;
}
catch (PrivilegedActionException pae)
@@ -99,4 +103,29 @@
throw new RuntimeException("Unable to instantiate token provider " + providerClass, pae);
}
}
+
+ /**
+ * <p>
+ * Constructs and returns a {@code ClaimsProcessor} from the specified class name. The processor is initialized
+ * with the specified properties map.
+ * </p>
+ *
+ * @param processorClass the FQN of the {@code ClaimsProcessor} to be instantiated.
+ * @param properties a {@code Map<String, String>} containing the properties that have been configured for the
+ * claims processor.
+ * @return a reference to the constructed {@code ClaimsProcessor} object.
+ */
+ public ClaimsProcessor createClaimsProcessor(String processorClass, Map<String, String> properties)
+ {
+ try
+ {
+ ClaimsProcessor claimsProcessor = (ClaimsProcessor) SecurityActions.instantiateClass(processorClass);
+ claimsProcessor.initialize(properties);
+ return claimsProcessor;
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw new RuntimeException("Unable to instantiate claims processor " + processorClass, pae);
+ }
+ }
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -22,7 +22,9 @@
package org.jboss.identity.federation.core.wstrust.plugins.saml;
import java.security.Principal;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBElement;
@@ -33,6 +35,7 @@
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.saml.v2.util.StatementUtil;
import org.jboss.identity.federation.core.wstrust.SecurityToken;
import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
import org.jboss.identity.federation.core.wstrust.StandardSecurityToken;
@@ -46,6 +49,7 @@
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.identity.federation.ws.policy.AppliesTo;
@@ -240,12 +244,19 @@
NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName);
SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
- // TODO: add SAML statements that corresponds to the claims provided by the requester.
-
+ // create the attribute statements if necessary.
+ List<StatementAbstractType> statements = null;
+ Map<String, Object> claimedAttributes = context.getClaimedAttributes();
+ if(claimedAttributes != null)
+ {
+ statements = new ArrayList<StatementAbstractType>();
+ statements.add(StatementUtil.createAttributeStatement(claimedAttributes));
+ }
+
// create the SAML assertion.
NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
- conditions, subject, null);
+ conditions, subject, statements);
// convert the constructed assertion to element.
Element assertionElement = null;
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-10-30 19:02:20 UTC (rev 889)
@@ -172,7 +172,7 @@
<sequence>
<element name="KeyProvider" type="tns:KeyProviderType" minOccurs="0"/>
<element name="RequestHandler" type="string" minOccurs="0"/>
- <element name="ClaimProviders" type="tns:ClaimProvidersType" minOccurs="0"/>
+ <element name="ClaimsProcessors" type="tns:ClaimsProcessorsType" minOccurs="0"/>
<element name="TokenProviders" type="tns:TokenProvidersType" minOccurs="0"/>
<element name="ServiceProviders" type="tns:ServiceProvidersType" minOccurs="0"/>
</sequence>
@@ -182,22 +182,22 @@
<attribute name="EncryptToken" default="false" type="boolean" use="optional"/>
</complexType>
- <complexType name="ClaimProvidersType">
+ <complexType name="ClaimsProcessorsType">
<annotation>
<documentation>
- The claim providers specify the classes that are capable of handling specific claims dialects.
+ The claims processors specify the classes that are capable of processing specific claims dialects.
</documentation>
</annotation>
<sequence>
- <element name="ClaimProvider" type="tns:ClaimProviderType" minOccurs="1" maxOccurs="unbounded"/>
+ <element name="ClaimsProcessor" type="tns:ClaimsProcessorType" minOccurs="1" maxOccurs="unbounded"/>
</sequence>
</complexType>
- <complexType name="ClaimProviderType">
+ <complexType name="ClaimsProcessorType">
<sequence>
<element name="Property" type="tns:KeyValueType" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
- <attribute name="ProviderClass" type="string" use="required"/>
+ <attribute name="ProcessorClass" type="string" use="required"/>
<attribute name="Dialect" type="string" use="required"/>
</complexType>
Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -84,18 +84,18 @@
{
WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
SecurityTokenProvider provider = factory
- .createTokenProvider("org.jboss.test.identity.federation.core.wstrust.SpecialTokenProvider");
+ .createTokenProvider("org.jboss.test.identity.federation.core.wstrust.SpecialTokenProvider", null);
assertNotNull("Unexpected null token provider", provider);
assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider);
provider = factory
- .createTokenProvider("org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider");
+ .createTokenProvider("org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider", null);
assertNotNull("Unexpected null token provider", provider);
assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
// try to create an invalid token provider.
try
{
- factory.createTokenProvider("InvalidTokenProvider");
+ factory.createTokenProvider("InvalidTokenProvider", null);
fail("An exception should have been raised");
}
catch (RuntimeException re)
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -212,7 +212,7 @@
//Add information on the roles
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
- AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
+ AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
//Add timed conditions
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-30 19:02:20 UTC (rev 889)
@@ -204,7 +204,7 @@
//Add information on the roles
AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
- AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
+ AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
//Add timed conditions
Modified: identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project 2009-10-30 16:27:01 UTC (rev 888)
+++ identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project 2009-10-30 19:02:20 UTC (rev 889)
@@ -1,5 +1,5 @@
<projectDescription>
- <name>sales-post-sig</name>
+ <name>employee-post-sig</name>
<comment>JBoss Identity Samples contains the samples for Federated Identity Needs.</comment>
<projects/>
<buildSpec>