JBoss Identity SVN: r885 - in identity-federation/trunk: jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-29 14:17:54 -0400 (Thu, 29 Oct 2009)
New Revision: 885
Added:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java
identity-federation/trunk/parent/pom.xml
Log:
add mock test
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java 2009-10-28 22:21:18 UTC (rev 884)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/mock/MockCatalinaResponse.java 2009-10-29 18:17:54 UTC (rev 885)
@@ -22,6 +22,7 @@
package org.jboss.test.identity.federation.bindings.mock;
import java.io.IOException;
+import java.io.PrintWriter;
import java.io.Writer;
import java.util.HashMap;
import java.util.Map;
@@ -39,7 +40,7 @@
private int status;
public String redirectString;
@SuppressWarnings("unused")
- private Writer mywriter;
+ private PrintWriter mywriter;
@Override
public void setCharacterEncoding(String charset)
@@ -78,6 +79,28 @@
public void setWriter(Writer w)
{
- this.mywriter = w;
- }
+ this.mywriter = (PrintWriter) w;
+ }
+
+
+ @Override
+ public PrintWriter getWriter() throws IOException
+ {
+ return this.mywriter;
+ }
+
+ @Override
+ public void setContentLength(int length)
+ {
+ }
+
+ @Override
+ public void setContentType(String arg0)
+ {
+ }
+
+ @Override
+ public void recycle()
+ {
+ }
}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2PostTomcatWorkflowUnitTestCase.java 2009-10-29 18:17:54 UTC (rev 885)
@@ -0,0 +1,200 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.workflow;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintWriter;
+import java.net.URL;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionEvent;
+
+import junit.framework.TestCase;
+
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve;
+import org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.IdentityServer;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.test.identity.federation.bindings.mock.MockCatalinaContext;
+import org.jboss.test.identity.federation.bindings.mock.MockCatalinaContextClassLoader;
+import org.jboss.test.identity.federation.bindings.mock.MockCatalinaRealm;
+import org.jboss.test.identity.federation.bindings.mock.MockCatalinaRequest;
+import org.jboss.test.identity.federation.bindings.mock.MockCatalinaResponse;
+import org.jboss.test.identity.federation.bindings.mock.MockCatalinaSession;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 29, 2009
+ */
+public class SAML2PostTomcatWorkflowUnitTestCase extends TestCase
+{
+ private String profile = "saml2/post";
+ private ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+
+ private String employee = "http://localhost:8080/employee/";
+ private String identity = "http://localhost:8080/idp/";
+
+ public void testSAML2Post() throws Exception
+ {
+ String id = IDGenerator.create("ID_");
+ SAML2Request saml2Request = new SAML2Request();
+ AuthnRequestType art = saml2Request.createAuthnRequestType(id,
+ employee, identity, employee);
+
+ MockCatalinaContext servletContext = new MockCatalinaContext();
+
+ //First we go to the employee application
+ MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
+ Thread.currentThread().setContextClassLoader(mclSPEmp);
+ SPPostFormAuthenticator spEmpl = new SPPostFormAuthenticator();
+
+ MockCatalinaContext context = new MockCatalinaContext();
+ spEmpl.setContainer(context);
+ spEmpl.testStart();
+
+ MockCatalinaRequest catalinaRequest = new MockCatalinaRequest();
+
+ MockCatalinaResponse catalinaResponse = new MockCatalinaResponse();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ catalinaResponse.setWriter(new PrintWriter(baos));
+
+ LoginConfig loginConfig = new LoginConfig();
+ spEmpl.authenticate(catalinaRequest, catalinaResponse, loginConfig);
+
+ String spResponse = new String(baos.toByteArray());
+ Document spHTMLResponse = DocumentUtil.getDocument(spResponse);
+ NodeList nodes = spHTMLResponse.getElementsByTagName("INPUT");
+ Element inputElement = (Element)nodes.item(0);
+ String idpResponse = inputElement.getAttributeNode("VALUE").getValue();
+ @SuppressWarnings("unused")
+ String relayState = null;
+ if(nodes.getLength() > 1)
+ relayState = ((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ //Lets call the IDPServlet
+
+ MockCatalinaSession session = new MockCatalinaSession();
+ servletContext = new MockCatalinaContext();
+ session.setServletContext(servletContext);
+ IdentityServer server = this.getIdentityServer(session);
+ servletContext.setAttribute("IDENTITY_SERVER", server);
+
+
+ MockCatalinaContextClassLoader mclIDP = setupTCL(profile + "/idp");
+ Thread.currentThread().setContextClassLoader(mclIDP);
+
+ MockCatalinaRequest request = new MockCatalinaRequest();
+ request.addHeader("Referer", "http://localhost:8080/employee/");
+
+ request.setParameter(GeneralConstants.USERNAME_FIELD, "anil");
+ request.setParameter(GeneralConstants.PASS_FIELD, "anil");
+
+
+ MockCatalinaResponse response = new MockCatalinaResponse();
+ baos = new ByteArrayOutputStream();
+ response.setWriter(new PrintWriter(baos));
+
+ context = new MockCatalinaContext();
+ IDPWebBrowserSSOValve idp = new IDPWebBrowserSSOValve();
+ idp.setContainer(context);
+ idp.setSignOutgoingMessages(false);
+ idp.start();
+
+ String samlAuth = DocumentUtil.getDocumentAsString(saml2Request.convert(art));
+
+ String samlMessage = Base64.encodeBytes(samlAuth.getBytes());
+
+ MockCatalinaRealm realm = new MockCatalinaRealm("anil", "test", new Principal()
+ {
+ public String getName()
+ {
+ return "anil";
+ }
+ });
+
+ List<String> roles = new ArrayList<String>();
+ roles.add("manager");
+ roles.add("employee");
+
+ request = new MockCatalinaRequest();
+ request.setRemoteAddr(employee);
+ request.setSession(session);
+ request.setParameter("SAMLRequest", samlMessage);
+ request.setUserPrincipal(new GenericPrincipal(realm, "anil", "test", roles) );
+ request.setMethod("POST");
+
+ //Lets start the workflow with post
+ idp.invoke(request, response);
+
+ String idpResponseString = new String(baos.toByteArray());
+ Document idpHTMLResponse = DocumentUtil.getDocument(idpResponseString);
+ nodes = idpHTMLResponse.getElementsByTagName("INPUT");
+ inputElement = (Element)nodes.item(0);
+ idpResponse = inputElement.getAttributeNode("VALUE").getValue();
+ relayState = null;
+ if(nodes.getLength() > 1)
+ relayState = ((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ byte[] samlIDPResponse = PostBindingUtil.base64Decode(idpResponse);
+
+ SAML2Response saml2Response = new SAML2Response();
+ ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlIDPResponse));
+
+ assertEquals("Match Identity URL:" , this.identity, rt.getIssuer().getValue());
+ }
+
+ private MockCatalinaContextClassLoader setupTCL(String resource)
+ {
+ URL[] urls = new URL[] {tcl.getResource(resource)};
+
+ MockCatalinaContextClassLoader mcl = new MockCatalinaContextClassLoader(urls);
+ mcl.setDelegate(tcl);
+ mcl.setProfile(resource);
+ return mcl;
+ }
+
+
+ //Get the Identity server
+ private IdentityServer getIdentityServer(HttpSession session)
+ {
+ IdentityServer server = new IdentityServer();
+ server.sessionCreated(new HttpSessionEvent(session));
+ return server;
+ }
+}
Modified: identity-federation/trunk/parent/pom.xml
===================================================================
--- identity-federation/trunk/parent/pom.xml 2009-10-28 22:21:18 UTC (rev 884)
+++ identity-federation/trunk/parent/pom.xml 2009-10-29 18:17:54 UTC (rev 885)
@@ -134,7 +134,7 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbossxacml</artifactId>
- <version>2.0.4.SP1</version>
+ <version>2.0.4</version>
</dependency>
<dependency>
<groupId>org.openid4java</groupId>
14 years, 6 months
JBoss Identity SVN: r884 - identity-federation/trunk/parent.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-28 18:21:18 -0400 (Wed, 28 Oct 2009)
New Revision: 884
Modified:
identity-federation/trunk/parent/pom.xml
Log:
bump up xacml
Modified: identity-federation/trunk/parent/pom.xml
===================================================================
--- identity-federation/trunk/parent/pom.xml 2009-10-27 23:21:01 UTC (rev 883)
+++ identity-federation/trunk/parent/pom.xml 2009-10-28 22:21:18 UTC (rev 884)
@@ -134,7 +134,7 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbossxacml</artifactId>
- <version>2.0.3.SP2</version>
+ <version>2.0.4.SP1</version>
</dependency>
<dependency>
<groupId>org.openid4java</groupId>
14 years, 6 months
JBoss Identity SVN: r883 - identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 19:21:01 -0400 (Tue, 27 Oct 2009)
New Revision: 883
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
Log:
JBID-205: active sessions logged
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-27 23:20:21 UTC (rev 882)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-27 23:21:01 UTC (rev 883)
@@ -46,6 +46,7 @@
private static Logger log = Logger.getLogger(IdentityServer.class);
private boolean trace = log.isTraceEnabled();
+ //Configurable count for the active session count
private static int count = AccessController.doPrivileged(new PrivilegedAction<Integer>()
{
public Integer run()
14 years, 6 months
JBoss Identity SVN: r882 - identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 19:20:21 -0400 (Tue, 27 Oct 2009)
New Revision: 882
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
Log:
JBID-205: active sessions logged
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-27 22:20:57 UTC (rev 881)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-27 23:20:21 UTC (rev 882)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.web.core;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
import java.util.Stack;
@@ -31,6 +33,7 @@
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
+import org.apache.log4j.Logger;
import org.jboss.identity.federation.web.constants.GeneralConstants;
/**
@@ -40,6 +43,18 @@
*/
public class IdentityServer implements HttpSessionListener
{
+ private static Logger log = Logger.getLogger(IdentityServer.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private static int count = AccessController.doPrivileged(new PrivilegedAction<Integer>()
+ {
+ public Integer run()
+ {
+ String val = System.getProperty("identity.server.log.count", "100");
+ return Integer.parseInt(val);
+ }
+ });
+
private static int activeSessionCount = 0;
private STACK stack = new STACK();
@@ -206,7 +221,15 @@
{
activeSessionCount++;
+ if(activeSessionCount % count == 0)
+ log.info("Active Session Count=" + activeSessionCount);
+
HttpSession session = sessionEvent.getSession();
+
+ if(trace)
+ log.trace("Session Created with id=" + session.getId() +
+ "::active session count=" + activeSessionCount);
+
//Ensure that the IdentityServer instance is set on the servlet context
ServletContext servletContext = session.getServletContext();
@@ -231,6 +254,11 @@
public void sessionDestroyed(HttpSessionEvent sessionEvent)
{
--activeSessionCount;
- stack.remove(sessionEvent.getSession().getId());
+
+ String id = sessionEvent.getSession().getId();
+ if(trace)
+ log.trace("Session Destroyed with id=" + id + "::active session count="
+ + activeSessionCount);
+ stack.remove(id);
}
}
\ No newline at end of file
14 years, 6 months
JBoss Identity SVN: r881 - in identity-federation/trunk/jboss-identity-web/src: test/java/org/jboss/test/identity/federation/web/integration and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 18:20:57 -0400 (Tue, 27 Oct 2009)
New Revision: 881
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/integration/IdentityServerUnitTestCase.java
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
Log:
JBID-205: active sessions
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-27 21:56:43 UTC (rev 880)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-27 22:20:57 UTC (rev 881)
@@ -40,6 +40,8 @@
*/
public class IdentityServer implements HttpSessionListener
{
+ private static int activeSessionCount = 0;
+
private STACK stack = new STACK();
public class STACK
@@ -178,6 +180,14 @@
}
}
+ /**
+ * Return the active session count
+ * @return
+ */
+ public int getActiveSessionCount()
+ {
+ return activeSessionCount;
+ }
/**
* Return a reference to the internal stack
@@ -193,7 +203,9 @@
* @see HttpSessionListener#sessionCreated(HttpSessionEvent)
*/
public void sessionCreated(HttpSessionEvent sessionEvent)
- {
+ {
+ activeSessionCount++;
+
HttpSession session = sessionEvent.getSession();
//Ensure that the IdentityServer instance is set on the servlet context
ServletContext servletContext = session.getServletContext();
@@ -218,6 +230,7 @@
*/
public void sessionDestroyed(HttpSessionEvent sessionEvent)
{
+ --activeSessionCount;
stack.remove(sessionEvent.getSession().getId());
}
}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/integration/IdentityServerUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/integration/IdentityServerUnitTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/integration/IdentityServerUnitTestCase.java 2009-10-27 22:20:57 UTC (rev 881)
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.integration;
+
+import javax.servlet.http.HttpSessionEvent;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.web.core.IdentityServer;
+import org.jboss.test.identity.federation.web.mock.MockHttpSession;
+import org.jboss.test.identity.federation.web.mock.MockServletContext;
+
+/**
+ * Unit test the Identity Server
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 27, 2009
+ */
+public class IdentityServerUnitTestCase extends TestCase
+{
+ public void testActiveSessionCount()
+ {
+ IdentityServer server = new IdentityServer();
+ assertEquals(0,server.getActiveSessionCount());
+
+ MockHttpSession session = new MockHttpSession();
+ session.setServletContext(new MockServletContext());
+ HttpSessionEvent event = new HttpSessionEvent(session);
+ server.sessionCreated(event);
+ assertEquals(1,server.getActiveSessionCount());
+
+ server.sessionDestroyed(event);
+ assertEquals(0,server.getActiveSessionCount());
+ //6 sessions created and 1 destroyed
+ server.sessionCreated(event);
+ server.sessionCreated(event);
+ server.sessionCreated(event);
+ server.sessionCreated(event);
+ server.sessionCreated(event);
+ server.sessionCreated(event);
+
+ server.sessionDestroyed(event);
+ assertEquals(5,server.getActiveSessionCount());
+ }
+}
\ No newline at end of file
14 years, 6 months
JBoss Identity SVN: r880 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp and 4 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 17:56:43 -0400 (Tue, 27 Oct 2009)
New Revision: 880
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
Log:
refactor into constants
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -52,6 +52,7 @@
import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.jboss.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.jboss.identity.federation.saml.v2.metadata.RoleDescriptorType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.jboss.identity.federation.web.util.ConfigurationUtil;
import org.jboss.identity.xmlsec.w3.xmldsig.KeyInfoType;
@@ -69,7 +70,7 @@
private static Logger log = Logger.getLogger(MetadataServlet.class);
private boolean trace = log.isTraceEnabled();
- private String configFileLocation = "/WEB-INF/jboss-idfed.xml";
+ private String configFileLocation = GeneralConstants.CONFIG_FILE_LOCATION;
private transient MetadataProviderType metadataProviderType = null;
private transient IMetadataProvider<?> metadataProvider = null;
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -509,7 +509,7 @@
lifecycle.fireLifecycleEvent(START_EVENT, null);
started = true;
- String configFile = "/WEB-INF/jboss-idfed.xml";
+ String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
Context context = (Context) getContainer();
InputStream is = context.getServletContext().getResourceAsStream(configFile);
if(is == null)
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -776,7 +776,8 @@
//Get the chain from config
chain = new DefaultSAML2HandlerChain();
- String configFile = "/WEB-INF/jboss-idfed.xml";
+ String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
+
context = (Context) getContainer();
InputStream is = context.getServletContext().getResourceAsStream(configFile);
if(is == null)
@@ -796,7 +797,8 @@
this.attribManager.setDelegate(delegate);
}
//Get the handlers
- handlers = ConfigurationUtil.getHandlers(context.getServletContext().getResourceAsStream("/WEB-INF/jbid-handlers.xml"));
+ String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
+ handlers = ConfigurationUtil.getHandlers(context.getServletContext().getResourceAsStream(handlerConfigFileName));
chain.addAll(HandlerUtil.getHandlers(handlers));
Map<String, Object> chainConfigOptions = new HashMap<String, Object>();
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -60,7 +60,7 @@
protected String serviceURL = null;
protected String identityURL = null;
- protected String configFile = "/WEB-INF/jboss-idfed.xml";
+ protected String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
protected transient SAML2HandlerChain chain = null;
@@ -132,7 +132,8 @@
try
{
//Get the handlers
- handlers = ConfigurationUtil.getHandlers(servletContext.getResourceAsStream("/WEB-INF/jbid-handlers.xml"));
+ String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
+ handlers = ConfigurationUtil.getHandlers(servletContext.getResourceAsStream(handlerConfigFileName));
chain.addAll(HandlerUtil.getHandlers(handlers));
Map<String, Object> chainConfigOptions = new HashMap<String, Object>();
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -74,7 +74,7 @@
private boolean trace = log.isTraceEnabled();
private boolean jbossEnv = false;
- private String logOutPage = "/logout.jsp";
+ private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
public SPPostFormAuthenticator()
{
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -82,7 +82,7 @@
private boolean jbossEnv = false;
- private String logOutPage = "/logout.jsp";
+ private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
public SPRedirectFormAuthenticator()
{
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -35,15 +35,20 @@
String ATTIBUTE_MANAGER = "ATTRIBUTE_MANAGER";
String CONFIGURATION = "CONFIGURATION";
+ String CONFIG_FILE_LOCATION = "/WEB-INF/jboss-idfed.xml";
String GLOBAL_LOGOUT = "GLO";
+
+ String HANDLER_CONFIG_FILE_LOCATION = "/WEB-INF/jbid-handlers.xml";
+
String IDENTITY_SERVER = "IDENTITY_SERVER";
String IGNORE_SIGNATURES = "IGNORE_SIGNATURES";
String KEYPAIR = "KEYPAIR";
String LOGOUT_PAGE = "LOGOUT_PAGE";
+ String LOGOUT_PAGE_NAME = "/logout.jsp";
String PRINCIPAL_ID = "jboss_identity.principal";
String RELAY_STATE = "RelayState";
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -120,7 +120,7 @@
private boolean trace = log.isTraceEnabled();
protected SPType spConfiguration = null;
- protected String configFile = "/WEB-INF/jboss-idfed.xml";
+ protected String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
protected String serviceURL = null;
protected String identityURL = null;
@@ -134,7 +134,7 @@
private IRoleValidator roleValidator = new DefaultRoleValidator();
- private String logOutPage = "/logout.jsp";
+ private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
public void destroy()
{
@@ -417,12 +417,9 @@
if(trace)
log.trace("Server Exception:", e);
throw new ServletException("Server Exception");
- }
-
- }
-
- }
-
+ }
+ }
+ }
}
public void init(FilterConfig filterConfig) throws ServletException
@@ -473,7 +470,8 @@
try
{
//Get the handlers
- Handlers handlers = ConfigurationUtil.getHandlers(context.getResourceAsStream("/WEB-INF/jbid-handlers.xml"));
+ String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
+ Handlers handlers = ConfigurationUtil.getHandlers(context.getResourceAsStream(handlerConfigFileName));
chain.addAll(HandlerUtil.getHandlers(handlers));
Map<String, Object> chainConfigOptions = new HashMap<String, Object>();
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-10-27 21:40:24 UTC (rev 879)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-10-27 21:56:43 UTC (rev 880)
@@ -128,7 +128,8 @@
{
Handlers handlers = null;
super.init(config);
- String configFile = "/WEB-INF/jboss-idfed.xml";
+ String configFile = GeneralConstants.CONFIG_FILE_LOCATION;
+
context = config.getServletContext();
InputStream is = context.getResourceAsStream(configFile);
@@ -155,7 +156,8 @@
}
//Get the handlers
- handlers = ConfigurationUtil.getHandlers(context.getResourceAsStream("/WEB-INF/jbid-handlers.xml"));
+ String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
+ handlers = ConfigurationUtil.getHandlers(context.getResourceAsStream(handlerConfigFileName));
chain.addAll(HandlerUtil.getHandlers(handlers));
Map<String, Object> chainConfigOptions = new HashMap<String, Object>();
@@ -168,8 +170,7 @@
for(SAML2Handler handler: samlHandlers)
{
handler.initChainConfig(handlerChainConfig);
- }
-
+ }
}
catch (Exception e)
{
14 years, 6 months
JBoss Identity SVN: r879 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp and 11 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 17:40:24 -0400 (Tue, 27 Oct 2009)
New Revision: 879
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/FileBasedEntityMetadataProvider.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
Log:
clean up the thrown exceptions
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/FileBasedEntityMetadataProvider.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/FileBasedEntityMetadataProvider.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/FileBasedEntityMetadataProvider.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -43,7 +43,9 @@
private static final String FILENAME_KEY = "FileName";
private String fileName;
private InputStream metadataFileStream;
+ @SuppressWarnings("unused")
private PublicKey encryptionKey;
+ @SuppressWarnings("unused")
private PublicKey signingKey;
@Override
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -287,7 +287,8 @@
return request.getParameter(GeneralConstants.SAML_REQUEST_KEY) != null;
}
- private RequestAbstractType getSAMLRequest(Request request) throws ParsingException, IOException
+ private RequestAbstractType getSAMLRequest(Request request)
+ throws ParsingException, ConfigurationException, ProcessingException
{
String samlMessage = getSAMLMessage(request);
InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.bindings.tomcat.idp;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
@@ -34,9 +36,6 @@
import javax.crypto.SecretKey;
import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
@@ -61,9 +60,6 @@
import org.xml.sax.SAXException;
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
-
-
/**
* Valve at the Identity Provider that supports
* SAML2 HTTP/Redirect binding with digital signature support
@@ -229,23 +225,7 @@
catch (SAXException e)
{
throw new ParsingException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new ConfigurationException(e);
- }
- catch (IOException e)
- {
- throw new ProcessingException(e);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
+ }
catch (Exception e)
{
throw new ProcessingException(e);
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -30,8 +30,6 @@
import java.util.Set;
import javax.servlet.RequestDispatcher;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
@@ -290,31 +288,17 @@
* @param willSendRequest are we sending Request or Response to IDP
* @throws ProcessingException
* @throws ConfigurationException
+ * @throws IOException
*/
protected void sendRequestToIDP(
String destination, Document samlDocument,String relayState, Response response,
boolean willSendRequest)
- throws ProcessingException, ConfigurationException
+ throws ProcessingException, ConfigurationException, IOException
{
- try
- {
- String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
+ String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
samlMessage = PostBindingUtil.base64Encode(samlMessage);
PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
- response, willSendRequest);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
- catch (IOException e)
- {
- throw new ProcessingException(e);
- }
+ response, willSendRequest);
}
/**
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -21,14 +21,14 @@
*/
package org.jboss.identity.federation.bindings.tomcat.sp;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.xml.bind.JAXBException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
@@ -51,9 +51,6 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
-
/**
* Tomcat Authenticator for the HTTP/Redirect binding with Signature support
* @author Anil.Saldhana(a)redhat.com
@@ -183,14 +180,6 @@
{
throw new ConfigurationException(e);
}
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ParsingException(e);
- }
catch (Exception e)
{
throw new GeneralSecurityException(e);
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -59,6 +59,7 @@
* @author Anil.Saldhana(a)redhat.com
* @since Oct 21, 2009
*/
+@SuppressWarnings("unused")
public class SAML2LogoutTomcatWorkflowUnitTestCase extends TestCase
{
private String profile = "saml2/logout";
@@ -244,8 +245,6 @@
System.out.println("Logout Response from SP=" + logoutResponse);
stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse);
-
- SAML2Response saml2Response = new SAML2Response();
StatusResponseType statusResponse =
(StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream);
assertEquals("Match IDP URL", IDP, destination);
@@ -274,7 +273,7 @@
System.out.println("LogO=" + logoutResponse);
stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse);
- saml2Response = new SAML2Response();
+ SAML2Response saml2Response = new SAML2Response();
statusResponse =
(StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream);
assertEquals("Match IDP URL", IDP, destination);
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -37,6 +37,7 @@
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
@@ -120,25 +121,14 @@
* @throws ParsingException
*/
@SuppressWarnings("unchecked")
- public SAML2Object getSAML2ObjectFromStream(InputStream is) throws IOException, ParsingException
+ public SAML2Object getSAML2ObjectFromStream(InputStream is)
+ throws ConfigurationException, ParsingException,
+ ProcessingException
{
if(is == null)
throw new IllegalStateException("InputStream is null");
- Document samlDocument = null;
- //First parse the Document
- try
- {
- samlDocument = DocumentUtil.getDocument(is);
- }
- catch (ParserConfigurationException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
+ Document samlDocument = DocumentUtil.getDocument(is);
try
{
@@ -157,36 +147,23 @@
/**
* Get a Request Type from Input Stream
* @param is
- * @return
- * @throws SAXException
- * @throws JAXBException
- * @throws IOException
+ * @return
+ * @throws ProcessingException
+ * @throws ConfigurationException
* @throws
* @throws IllegalArgumentException inputstream is null
*/
@SuppressWarnings("unchecked")
- public RequestAbstractType getRequestType(InputStream is) throws ParsingException, IOException
+ public RequestAbstractType getRequestType(InputStream is)
+ throws ParsingException, ConfigurationException, ProcessingException
{
if(is == null)
throw new IllegalStateException("InputStream is null");
- Document samlDocument = null;
- //First parse the Document
+ Document samlDocument = DocumentUtil.getDocument(is);
+
try
{
- samlDocument = DocumentUtil.getDocument(is);
- }
- catch (ParserConfigurationException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
-
- try
- {
Binder<Node> binder = getBinder();
JAXBElement<RequestAbstractType> jaxbAuthnRequestType = (JAXBElement<RequestAbstractType>) binder.unmarshal(samlDocument);
RequestAbstractType requestType = jaxbAuthnRequestType.getValue();
@@ -304,7 +281,7 @@
* @throws ParserConfigurationException
*/
public Document convert(RequestAbstractType rat)
- throws SAXException, IOException, JAXBException, ParserConfigurationException
+ throws SAXException, IOException, JAXBException, ConfigurationException
{
JAXBContext jaxb = JAXBUtil.getJAXBContext(RequestAbstractType.class);
Binder<Node> binder = jaxb.createBinder();
@@ -321,7 +298,7 @@
* @throws JAXBException
* @throws ParserConfigurationException
*/
- public Document convert(ResponseType responseType) throws JAXBException, ParserConfigurationException
+ public Document convert(ResponseType responseType) throws JAXBException, ConfigurationException
{
JAXBContext jaxb = JAXBUtil.getJAXBContext(ResponseType.class);
Binder<Node> binder = jaxb.createBinder();
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -21,7 +21,6 @@
*/
package org.jboss.identity.federation.api.saml.v2.response;
-import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
@@ -40,6 +39,7 @@
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
@@ -260,31 +260,16 @@
* @throws ConfigurationException
*/
@SuppressWarnings("unchecked")
- public ResponseType getResponseType(InputStream is) throws ParsingException, ConfigurationException
+ public ResponseType getResponseType(InputStream is)
+ throws ParsingException, ConfigurationException, ProcessingException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
- Document samlResponseDocument = null;
- //Read the DOM
+ Document samlResponseDocument = DocumentUtil.getDocument(is);
+
try
{
- samlResponseDocument = DocumentUtil.getDocument(is);
- }
- catch (ParserConfigurationException e)
- {
- throw new ConfigurationException(e);
- }
- catch (IOException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
- try
- {
Binder<Node> binder = getBinder();
JAXBElement<ResponseType> jaxbResponseType = (JAXBElement<ResponseType>) binder.unmarshal(samlResponseDocument);
ResponseType responseType = jaxbResponseType.getValue();
@@ -304,33 +289,18 @@
* @return
* @throws ParsingException
* @throws ConfigurationException
+ * @throws ProcessingException
*/
@SuppressWarnings("unchecked")
- public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException
+ public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException, ProcessingException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
- Document samlResponseDocument = null;
- //Read the DOM
+ Document samlResponseDocument = DocumentUtil.getDocument(is);
+
try
{
- samlResponseDocument = DocumentUtil.getDocument(is);
- }
- catch (ParserConfigurationException e)
- {
- throw new ConfigurationException(e);
- }
- catch (IOException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
- try
- {
Binder<Node> binder = getBinder();
JAXBElement<SAML2Object> saml2Object = (JAXBElement<SAML2Object>) binder.unmarshal(samlResponseDocument);
SAML2Object responseType = saml2Object.getValue();
@@ -351,7 +321,7 @@
* @throws ParserConfigurationException
*/
public Document convert(EncryptedElementType encryptedElementType)
- throws JAXBException, ParserConfigurationException
+ throws JAXBException, ConfigurationException
{
JAXBContext jaxb = JAXBUtil.getJAXBContext(EncryptedElementType.class);
Binder<Node> binder = jaxb.createBinder();
@@ -379,7 +349,7 @@
* @throws JAXBException
* @throws ParserConfigurationException
*/
- public Document convert(StatusResponseType responseType) throws JAXBException, ParserConfigurationException
+ public Document convert(StatusResponseType responseType) throws JAXBException, ConfigurationException
{
JAXBContext jaxb = JAXBUtil.getJAXBContext(StatusResponseType.class);
Binder<Node> binder = jaxb.createBinder();
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -31,21 +31,24 @@
import java.io.StringWriter;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
+import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPathException;
import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -90,10 +93,18 @@
* @return
* @throws ParserConfigurationException
*/
- public static Document createDocument() throws ParserConfigurationException
+ public static Document createDocument() throws ConfigurationException
{
DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
+ DocumentBuilder builder;
+ try
+ {
+ builder = factory.newDocumentBuilder();
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
return builder.newDocument();
}
@@ -105,7 +116,8 @@
* @throws SAXException
* @throws ParserConfigurationException
*/
- public static Document getDocument(String docString) throws ParserConfigurationException, SAXException, IOException
+ public static Document getDocument(String docString)
+ throws ConfigurationException,ParsingException, ProcessingException
{
return getDocument(new StringReader(docString));
}
@@ -114,16 +126,32 @@
* Parse a document from a reader
* @param reader
* @return
+ * @throws ParsingException
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
*/
public static Document getDocument(Reader reader)
- throws ParserConfigurationException, SAXException, IOException
+ throws ConfigurationException, ProcessingException, ParsingException
{
- DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(new InputSource(reader));
+ try
+ {
+ DocumentBuilderFactory factory = getDocumentBuilderFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(new InputSource(reader));
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
}
/**
@@ -134,11 +162,27 @@
* @throws IOException
* @throws SAXException
*/
- public static Document getDocument(File file) throws ParserConfigurationException, SAXException, IOException
+ public static Document getDocument(File file)
+ throws ConfigurationException, ProcessingException, ParsingException
{
DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(file);
+ try
+ {
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(file);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
}
/**
@@ -149,12 +193,27 @@
* @throws IOException
* @throws SAXException
*/
- public static Document getDocument(InputStream is) throws ParserConfigurationException, SAXException, IOException
+ public static Document getDocument(InputStream is)
+ throws ConfigurationException, ProcessingException, ParsingException
{
DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
-
- return builder.parse(is);
+ try
+ {
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(is);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
}
/**
@@ -164,7 +223,8 @@
* @throws TransformerFactoryConfigurationError
* @throws TransformerException
*/
- public static String getDocumentAsString(Document signedDoc) throws TransformerFactoryConfigurationError, TransformerException
+ public static String getDocumentAsString(Document signedDoc)
+ throws ProcessingException, ConfigurationException
{
Source source = new DOMSource(signedDoc);
StringWriter sw = new StringWriter();
@@ -172,7 +232,14 @@
Result streamResult = new StreamResult(sw);
// Write the DOM document to the stream
Transformer xformer = getTransformer();
- xformer.transform(source, streamResult);
+ try
+ {
+ xformer.transform(source, streamResult);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
return sw.toString();
}
@@ -185,7 +252,7 @@
* @throws TransformerException
*/
public static String getDOMElementAsString(Element element)
- throws TransformerFactoryConfigurationError, TransformerException
+ throws ProcessingException, ConfigurationException
{
Source source = new DOMSource(element);
StringWriter sw = new StringWriter();
@@ -193,7 +260,14 @@
Result streamResult = new StreamResult(sw);
// Write the DOM document to the file
Transformer xformer = getTransformer();
- xformer.transform(source, streamResult);
+ try
+ {
+ xformer.transform(source, streamResult);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
return sw.toString();
}
@@ -206,7 +280,7 @@
* @throws TransformerException
*/
public static InputStream getNodeAsStream(Node node)
- throws TransformerFactoryConfigurationError, TransformerException
+ throws ConfigurationException, ProcessingException
{
Source source = new DOMSource(node);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -214,7 +288,14 @@
Result streamResult = new StreamResult(baos);
// Write the DOM document to the stream
Transformer transformer = getTransformer();
- transformer.transform(source, streamResult);
+ try
+ {
+ transformer.transform(source, streamResult);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
@@ -225,11 +306,12 @@
* Stream a DOM Node as a String
* @param node
* @return
+ * @throws ProcessingException
* @throws TransformerFactoryConfigurationError
* @throws TransformerException
*/
public static String getNodeAsString(Node node)
- throws TransformerFactoryConfigurationError, TransformerException
+ throws ConfigurationException, ProcessingException
{
Source source = new DOMSource(node);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -237,7 +319,14 @@
Result streamResult = new StreamResult(baos);
// Write the DOM document to the stream
Transformer transformer = getTransformer();
- transformer.transform(source, streamResult);
+ try
+ {
+ transformer.transform(source, streamResult);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
return new String(baos.toByteArray());
}
@@ -339,10 +428,22 @@
return factory;
}
- private static Transformer getTransformer() throws TransformerConfigurationException,
- TransformerFactoryConfigurationError
+ private static Transformer getTransformer()
+ throws ProcessingException, ConfigurationException
{
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ Transformer transformer;
+ try
+ {
+ transformer = TransformerFactory.newInstance().newTransformer();
+ }
+ catch (TransformerConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.setOutputProperty(OutputKeys.INDENT, "no");
return transformer;
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -30,6 +30,8 @@
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
@@ -68,7 +70,7 @@
* @throws JAXBException
*/
public static XACMLAuthzDecisionQueryType getXACMLQueryType(Element samlRequest)
- throws TransformerFactoryConfigurationError, TransformerException, JAXBException
+ throws ConfigurationException, ProcessingException, JAXBException
{
//We reparse it because the document may have issues with namespaces
String elementString = DocumentUtil.getDOMElementAsString(samlRequest);
Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -25,8 +25,7 @@
import java.net.URISyntaxException;
import java.util.Map;
-import javax.xml.parsers.ParserConfigurationException;
-
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.wstrust.SecurityToken;
@@ -105,7 +104,7 @@
SecurityToken token = new StandardSecurityToken(tokenType.toString(), root, id);
context.setSecurityToken(token);
}
- catch (ParserConfigurationException pce)
+ catch (ConfigurationException pce)
{
pce.printStackTrace();
}
Modified: identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
===================================================================
--- identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -29,6 +29,7 @@
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -55,7 +56,6 @@
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
@@ -258,14 +258,10 @@
{
responseType = saml2Response.getResponseType(is);
}
- catch (ParsingException e)
+ catch (GeneralSecurityException e)
{
throw new RuntimeException(e);
- }
- catch (ConfigurationException e)
- {
- throw new RuntimeException(e);
- }
+ }
if (signatureRequired && !validateSignature(saml2Response.getSamlDocumentHolder()))
{
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.web.filters;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -51,8 +53,6 @@
import javax.xml.bind.JAXBException;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
@@ -84,7 +84,7 @@
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.HandlerUtil;
@@ -108,8 +108,6 @@
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
-
/**
* A service provider filter for web container agnostic
* providers
@@ -571,19 +569,7 @@
boolean request)
throws IOException, SAXException, JAXBException,GeneralSecurityException
{
- String samlMessage;
- try
- {
- samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ProcessingException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
+ String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
response, request);
}
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -28,8 +28,6 @@
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
@@ -117,19 +115,7 @@
}
else
{
- String samlMsg;
- try
- {
- samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
+ String samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
String base64Request = RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
String destinationURL = destination +
@@ -152,32 +138,18 @@
* @param willSendRequest are we sending Request or Response to IDP
* @throws ProcessingException
* @throws ConfigurationException
+ * @throws IOException
*/
protected void sendRequestToIDP(
String destination, Document samlDocument,String relayState,
HttpServletResponse response,
boolean willSendRequest)
- throws ProcessingException, ConfigurationException
+ throws ProcessingException, ConfigurationException, IOException
{
- try
- {
- String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
+ String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
samlMessage = PostBindingUtil.base64Encode(samlMessage);
PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
response, willSendRequest);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
- catch (IOException e)
- {
- throw new ProcessingException(e);
- }
}
private String getDestination(String urlEncodedRequest, String urlEncodedRelayState,
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.web.util;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -36,8 +38,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
@@ -47,6 +47,7 @@
import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.interfaces.AttributeManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
@@ -67,8 +68,6 @@
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
-
/**
* Request Util
* <b> Not thread safe</b>
@@ -117,7 +116,7 @@
}
public SAMLDocumentHolder getSAMLDocumentHolder(String samlMessage)
- throws ParsingException, IOException
+ throws ParsingException, ConfigurationException, ProcessingException
{
InputStream is = null;
SAML2Request saml2Request = new SAML2Request();
@@ -145,7 +144,7 @@
}
public RequestAbstractType getSAMLRequest(String samlMessage)
- throws ParsingException, IOException
+ throws ParsingException, ConfigurationException, ProcessingException
{
InputStream is = null;
SAML2Request saml2Request = new SAML2Request();
@@ -319,38 +318,26 @@
}
}
- /**
+ /**
* Send a response
* @param responseDoc
* @param relayState
- * @param response
- * @throws IOException
+ * @param response
* @throws GeneralSecurityException
+ * @throws IOException
*/
public void send(Document responseDoc, String destination,
String relayState,
HttpServletResponse response,
boolean supportSignature,
PrivateKey signingKey,
- boolean sendRequest) throws IOException, GeneralSecurityException
+ boolean sendRequest) throws GeneralSecurityException, IOException
{
if(responseDoc == null)
throw new IllegalArgumentException("responseType is null");
- byte[] responseBytes = null;
- try
- {
- responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
- }
- catch (TransformerFactoryConfigurationError e)
- {
- if(trace) log.trace(e);
- }
- catch (TransformerException e)
- {
- if(trace) log.trace(e);
- }
-
+ byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
+
if(redirectProfile)
{
String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.web.util;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
@@ -30,15 +32,9 @@
import java.security.PublicKey;
import javax.xml.bind.JAXBException;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
@@ -46,8 +42,6 @@
import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
-
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
/**
@@ -98,41 +92,18 @@
* @return
* @throws IOException
* @throws GeneralSecurityException
+ * @throws JAXBException
*/
public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
+ PrivateKey signingKey) throws IOException, GeneralSecurityException, JAXBException
{
SAML2Response saml2Response = new SAML2Response();
- Document responseDoc = null;
-
- try
- {
- responseDoc = saml2Response.convert(responseType);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new ParsingException(e);
- }
+ Document responseDoc = saml2Response.convert(responseType);
+
//URL Encode the Request
- String responseString;
- try
- {
- responseString = DocumentUtil.getDocumentAsString(responseDoc);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
+ String responseString = DocumentUtil.getDocumentAsString(responseDoc);
String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseString);
Modified: identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java 2009-10-27 21:08:12 UTC (rev 878)
+++ identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java 2009-10-27 21:40:24 UTC (rev 879)
@@ -58,7 +58,8 @@
return params.get(arg0);
}
- public Enumeration<?> getInitParameterNames()
+ @SuppressWarnings("unchecked")
+ public Enumeration getInitParameterNames()
{
throw new RuntimeException("NYI");
}
14 years, 6 months
JBoss Identity SVN: r878 - in identity-federation/trunk: jboss-identity-web/src/main/java/org/jboss/identity/federation/web and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 17:08:12 -0400 (Tue, 27 Oct 2009)
New Revision: 878
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
Log:
refactor into separate classes
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27 20:59:22 UTC (rev 877)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27 21:08:12 UTC (rev 878)
@@ -24,7 +24,6 @@
import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
import java.io.IOException;
-import java.io.InputStream;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
@@ -41,31 +40,24 @@
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.interfaces.ProtocolContext;
import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
-import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.saml.v2.SAML2Object;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.process.ServiceProviderBaseProcessor;
+import org.jboss.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
+import org.jboss.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.jboss.identity.federation.web.util.ServerDetector;
import org.w3c.dom.Document;
@@ -109,56 +101,42 @@
//If we have already authenticated the user and there is no request from IDP or logout from user
if(principal != null && !(logOutRequest || isNotNull(samlRequest) || isNotNull(samlResponse) ) )
- return true;
+ return true;
- SAML2Request saml2Request = new SAML2Request();
-
Session session = request.getSessionInternal(true);
String relayState = request.getParameter(GeneralConstants.RELAY_STATE);
boolean willSendRequest = false;
-
+ HTTPContext httpContext = new HTTPContext(request, response, context.getServletContext());
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ //General User Request
if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
{
//Neither saml request nor response from IDP
//So this is a user request
-
- //Ask the handler chain to generate the saml request
- Set<SAML2Handler> handlers = chain.handlers();
-
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), null,
- HANDLER_TYPE.SP);
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
- saml2HandlerResponse.setDestination(identityURL);
-
- //Reset the state
+ SAML2HandlerResponse saml2HandlerResponse = null;
try
{
- for(SAML2Handler handler: handlers)
- {
- handler.reset();
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
-
- if(logOutRequest)
- saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
- else
- saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
- handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
- }
+ ServiceProviderBaseProcessor baseProcessor = new ServiceProviderBaseProcessor(true, serviceURL);
+
+ saml2HandlerResponse = baseProcessor.process(httpContext, handlers);
+ saml2HandlerResponse.setDestination(identityURL);
}
catch(ProcessingException pe)
{
+ log.error("Processing Exception:", pe);
throw new RuntimeException(pe);
+ }
+ catch (ParsingException pe)
+ {
+ log.error("Parsing Exception:", pe);
+ throw new RuntimeException(pe);
+ }
+ catch (ConfigurationException pe)
+ {
+ log.error("Config Exception:", pe);
+ throw new RuntimeException(pe);
}
willSendRequest = saml2HandlerResponse.getSendRequest();
@@ -186,7 +164,7 @@
}
}
- //See if we got a response from IDP
+ //Handle a SAML Response from IDP
if(isNotNull(samlResponse) )
{
boolean isValid = false;
@@ -201,45 +179,16 @@
}
if(!isValid)
throw new IOException("Validity check failed");
-
+
+
//deal with SAML response from IDP
- InputStream decodedResponseStream = PostBindingUtil.base64DecodeAsStream(samlResponse);
try
{
- SAML2Response saml2Response = new SAML2Response();
+ ServiceProviderSAMLResponseProcessor responseProcessor =
+ new ServiceProviderSAMLResponseProcessor(true, serviceURL);
+ SAML2HandlerResponse saml2HandlerResponse =
+ responseProcessor.process(samlResponse, httpContext, handlers);
- SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(decodedResponseStream);
- SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();
-
- Set<SAML2Handler> handlers = chain.handlers();
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
- {
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
- }
- else
- {
- handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
- }
- }
-
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
@@ -267,9 +216,8 @@
else
dispatch.forward(request, response);
return false;
- }
+ }
-
//We got a response with the principal
List<String> roles = saml2HandlerResponse.getRoles();
if(principal == null)
@@ -299,9 +247,7 @@
register(request, response, principal, Constants.FORM_METHOD, username, password);
return true;
- }
-
-
+ }
}
catch (Exception e)
{
@@ -309,64 +255,19 @@
log.trace("Server Exception:", e);
throw new IOException("Server Exception");
}
- }
-
-
+ }
+
+ //Handle SAML Requests from IDP
if(isNotNull(samlRequest))
- {
- //we got a logout request
-
- //deal with SAML response from IDP
- InputStream is = PostBindingUtil.base64DecodeAsStream(samlRequest);
-
+ {
try
- {
- SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
- SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder();
-
- Set<SAML2Handler> handlers = chain.handlers();
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
- {
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
- }
- else
- {
- handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
- }
- }
-
- Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
- relayState = saml2HandlerResponse.getRelayState();
-
- String destination = saml2HandlerResponse.getDestination();
-
- willSendRequest = saml2HandlerResponse.getSendRequest();
+ {
+ ServiceProviderSAMLRequestProcessor requestProcessor =
+ new ServiceProviderSAMLRequestProcessor(true, this.serviceURL);
+ boolean result = requestProcessor.process(samlRequest, httpContext, handlers);
-
- if(destination != null &&
- samlResponseDocument != null)
- {
- sendRequestToIDP(destination, samlResponseDocument, relayState, response, willSendRequest);
- return true;
- }
+ if(result)
+ return result;
}
catch (Exception e)
{
@@ -374,7 +275,7 @@
log.trace("Server Exception:", e);
throw new IOException("Server Exception");
}
- }//end else logoutrequest
+ }//end if
//fallback
return super.authenticate(request, response, loginConfig);
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-10-27 20:59:22 UTC (rev 877)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-10-27 21:08:12 UTC (rev 878)
@@ -25,7 +25,6 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Arrays;
@@ -45,31 +44,23 @@
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.interfaces.ProtocolContext;
-import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
-import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
-import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.process.ServiceProviderBaseProcessor;
+import org.jboss.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
+import org.jboss.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.identity.federation.web.util.ServerDetector;
@@ -115,54 +106,42 @@
//If we have already authenticated the user and there is no request from IDP or logout from user
if(principal != null && !(logOutRequest || isNotNull(samlRequest) || isNotNull(samlResponse) ) )
return true;
-
- SAML2Request saml2Request = new SAML2Request();
Session session = request.getSessionInternal(true);
String relayState = request.getParameter(GeneralConstants.RELAY_STATE);
-
+ HTTPContext httpContext = new HTTPContext(request, response, context.getServletContext());
+
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ //General User Request
if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
{
//Neither saml request nor response from IDP
//So this is a user request
-
- //Ask the handler chain to generate the saml request
- Set<SAML2Handler> handlers = chain.handlers();
-
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), null,
- HANDLER_TYPE.SP);
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
- saml2HandlerResponse.setDestination(identityURL);
-
- //Reset the state
+ SAML2HandlerResponse saml2HandlerResponse = null;
try
{
- for(SAML2Handler handler: handlers)
- {
- handler.reset();
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
-
- if(logOutRequest)
- saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
- else
- saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
- handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
- }
+ ServiceProviderBaseProcessor baseProcessor = new ServiceProviderBaseProcessor(false, serviceURL);
+
+ saml2HandlerResponse = baseProcessor.process(httpContext, handlers);
+ saml2HandlerResponse.setDestination(identityURL);
}
catch(ProcessingException pe)
{
+ log.error("Processing Exception:", pe);
throw new RuntimeException(pe);
- }
+ }
+ catch (ParsingException pe)
+ {
+ log.error("Parsing Exception:", pe);
+ throw new RuntimeException(pe);
+ }
+ catch (ConfigurationException pe)
+ {
+ log.error("Config Exception:", pe);
+ throw new RuntimeException(pe);
+ }
+
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
@@ -206,52 +185,19 @@
}
if(!isValid)
throw new IOException("Validity check failed");
-
- //deal with SAML response from IDP
- InputStream base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
-
+
try
{
- SAML2Response saml2Response = new SAML2Response();
+ ServiceProviderSAMLResponseProcessor responseProcessor =
+ new ServiceProviderSAMLResponseProcessor(false, serviceURL);
+ SAML2HandlerResponse saml2HandlerResponse =
+ responseProcessor.process(samlResponse, httpContext, handlers);
- SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(base64DecodedResponse);
- SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();
-
- Set<SAML2Handler> handlers = chain.handlers();
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
- {
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
- }
- else
- {
- handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
- }
- }
-
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
String destination = saml2HandlerResponse.getDestination();
-
-
+
if(destination != null &&
samlResponseDocument != null)
{
@@ -265,8 +211,7 @@
}
else
{
- //See if the session has been invalidated
-
+ //See if the session has been invalidated
boolean sessionValidity = session.isValid();
if(!sessionValidity)
{
@@ -277,9 +222,8 @@
else
dispatch.forward(request, response);
return false;
- }
+ }
-
//We got a response with the principal
List<String> roles = saml2HandlerResponse.getRoles();
if(principal == null)
@@ -311,8 +255,6 @@
return true;
}
-
-
}
catch (Exception e)
{
@@ -320,68 +262,20 @@
log.trace("Server Exception:", e);
throw new IOException("Server Exception");
}
- }
+ }
-
+ //Handle SAML Requests from IDP
if(isNotNull(samlRequest))
{
//we got a logout request
-
- //deal with SAML response from IDP
- InputStream is = RedirectBindingUtil.base64DeflateDecode(samlRequest);
-
try
- {
- SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
- SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder();
+ {
+ ServiceProviderSAMLRequestProcessor requestProcessor =
+ new ServiceProviderSAMLRequestProcessor(false, this.serviceURL);
+ boolean result = requestProcessor.process(samlRequest, httpContext, handlers);
- Set<SAML2Handler> handlers = chain.handlers();
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
-
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
-
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
- {
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
- }
- else
- {
- handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
- }
- }
-
- Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
- relayState = saml2HandlerResponse.getRelayState();
-
- String destination = saml2HandlerResponse.getDestination();
-
-
- if(destination != null &&
- samlResponseDocument != null)
- {
- String samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
-
- String base64Request = RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
- String destinationURL = destination +
- getDestination(base64Request, relayState, saml2HandlerResponse.getSendRequest());
-
- HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
- return true;
- }
+ if(result)
+ return result;
}
catch (Exception e)
{
@@ -389,8 +283,9 @@
log.trace("Server Exception:", e);
throw new IOException("Server Exception");
}
- }//end else logoutrequest
+ }//end if
+
//fallback
return super.authenticate(request, response, loginConfig);
}
Added: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java (rev 0)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java 2009-10-27 21:08:12 UTC (rev 878)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.process;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.web.core.HTTPContext;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 27, 2009
+ */
+public class SAMLHandlerChainProcessor
+{
+ private Set<SAML2Handler> handlers = new HashSet<SAML2Handler>();
+
+ public SAMLHandlerChainProcessor(Set<SAML2Handler> handlers)
+ {
+ this.handlers.addAll(handlers);
+ }
+
+ public void callHandlerChain(SAML2Object samlObject,
+ SAML2HandlerRequest saml2HandlerRequest,
+ SAML2HandlerResponse saml2HandlerResponse,
+ HTTPContext httpContext)
+ throws ProcessingException, IOException
+ {
+ //Deal with handler chains
+ for(SAML2Handler handler : handlers)
+ {
+ if(saml2HandlerResponse.isInError())
+ {
+ httpContext.getResponse().sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if(samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ }
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java (rev 0)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java 2009-10-27 21:08:12 UTC (rev 878)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.process;
+
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 27, 2009
+ */
+public class ServiceProviderBaseProcessor
+{
+ protected static Logger log = Logger.getLogger(ServiceProviderBaseProcessor.class);
+
+ protected boolean postBinding;
+ protected String serviceURL;
+
+ /**
+ * Construct
+ * @param postBinding Whether it is the Post Binding
+ * @param serviceURL Service URL of the SP
+ */
+ public ServiceProviderBaseProcessor(boolean postBinding, String serviceURL)
+ {
+ this.postBinding = postBinding;
+ this.serviceURL = serviceURL;
+ }
+
+ public SAML2HandlerResponse process(HTTPContext httpContext,
+ Set<SAML2Handler> handlers)
+ throws ProcessingException, IOException, ParsingException, ConfigurationException
+ {
+ //Neither saml request nor response from IDP
+ //So this is a user request
+
+ //Ask the handler chain to generate the saml request
+
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(null,httpContext);
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ //Reset the state
+ try
+ {
+ for(SAML2Handler handler: handlers)
+ {
+ handler.reset();
+ if(saml2HandlerResponse.isInError())
+ {
+ httpContext.getResponse().sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+
+ if(isLogOutRequest(httpContext))
+ saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
+ else
+ saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
+ handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ }
+ catch(ProcessingException pe)
+ {
+ log.error("Processing Exception:", pe);
+ throw new RuntimeException(pe);
+ }
+
+ return saml2HandlerResponse;
+ }
+
+ protected SAML2HandlerRequest getSAML2HandlerRequest(SAMLDocumentHolder documentHolder,
+ HTTPContext httpContext)
+ {
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+
+ return
+ new DefaultSAML2HandlerRequest(httpContext,
+ holder.getIssuer(), documentHolder,
+ HANDLER_TYPE.SP);
+ }
+
+ protected boolean isLogOutRequest(HTTPContext httpContext)
+ {
+ HttpServletRequest request = httpContext.getRequest();
+ String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT);
+ return isNotNull(gloStr) && "true".equalsIgnoreCase(gloStr);
+ }
+
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java (rev 0)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-10-27 21:08:12 UTC (rev 878)
@@ -0,0 +1,195 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.process;
+
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.w3c.dom.Document;
+
+/**
+ * Utility Class to handle processing of
+ * an SAML Request Message
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 27, 2009
+ */
+public class ServiceProviderSAMLRequestProcessor extends ServiceProviderBaseProcessor
+{
+
+ /**
+ * Construct
+ * @param postBinding Whether it is the Post Binding
+ * @param serviceURL Service URL of the SP
+ */
+ public ServiceProviderSAMLRequestProcessor(boolean postBinding, String serviceURL)
+ {
+ super(postBinding,serviceURL);
+ }
+
+ public boolean process(String samlRequest, HTTPContext httpContext,
+ Set<SAML2Handler> handlers)
+ throws ProcessingException, IOException, ParsingException, ConfigurationException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ SAML2HandlerResponse saml2HandlerResponse = null;
+ SAML2Object samlObject = null;
+ SAMLDocumentHolder documentHolder = null;
+
+ if(this.postBinding)
+ {
+ //we got a logout request from IDP
+ InputStream is = PostBindingUtil.base64DecodeAsStream(samlRequest);
+ samlObject = saml2Request.getSAML2ObjectFromStream(is);
+ }
+ else
+ {
+ InputStream is = RedirectBindingUtil.base64DeflateDecode(samlRequest);
+ samlObject = saml2Request.getSAML2ObjectFromStream(is);
+ }
+
+ documentHolder = saml2Request.getSamlDocumentHolder();
+
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(documentHolder, httpContext);
+ saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ SAMLHandlerChainProcessor chainProcessor = new SAMLHandlerChainProcessor(handlers);
+
+ chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest,
+ saml2HandlerResponse, httpContext);
+
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ String relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+ boolean willSendRequest = saml2HandlerResponse.getSendRequest();
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
+ if(postBinding)
+ {
+ sendRequestToIDP(destination, samlResponseDocument, relayState,
+ httpContext.getResponse(), willSendRequest);
+ }
+ else
+ {
+ String samlMsg;
+ try
+ {
+ samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+
+ String base64Request = RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
+ String destinationURL = destination +
+ getDestination(base64Request, relayState, saml2HandlerResponse.getSendRequest());
+
+ HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, httpContext.getResponse());
+ }
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Send the request to the IDP
+ * @param destination idp url
+ * @param samlDocument request or response document
+ * @param relayState
+ * @param response
+ * @param willSendRequest are we sending Request or Response to IDP
+ * @throws ProcessingException
+ * @throws ConfigurationException
+ */
+ protected void sendRequestToIDP(
+ String destination, Document samlDocument,String relayState,
+ HttpServletResponse response,
+ boolean willSendRequest)
+ throws ProcessingException, ConfigurationException
+ {
+ try
+ {
+ String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
+ samlMessage = PostBindingUtil.base64Encode(samlMessage);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState),
+ response, willSendRequest);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+
+ private String getDestination(String urlEncodedRequest, String urlEncodedRelayState,
+ boolean sendRequest)
+ {
+ StringBuilder sb = new StringBuilder();
+ if(sendRequest)
+ sb.append("?SAMLRequest=").append(urlEncodedRequest);
+ else
+ sb.append("?SAMLResponse=").append(urlEncodedRequest);
+ if(isNotNull(urlEncodedRelayState))
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java (rev 0)
+++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2009-10-27 21:08:12 UTC (rev 878)
@@ -0,0 +1,97 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.process;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Set;
+
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+
+/**
+ * Utility Class to handle processing of
+ * an SAML Request Message
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 27, 2009
+ */
+public class ServiceProviderSAMLResponseProcessor extends ServiceProviderBaseProcessor
+{
+ /**
+ * Construct
+ * @param postBinding Whether it is the Post Binding
+ * @param serviceURL Service URL of the SP
+ */
+ public ServiceProviderSAMLResponseProcessor(boolean postBinding, String serviceURL)
+ {
+ super(postBinding, serviceURL);
+ }
+
+ public SAML2HandlerResponse process(String samlResponse, HTTPContext httpContext,
+ Set<SAML2Handler> handlers)
+ throws ProcessingException, IOException, ParsingException, ConfigurationException
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ SAMLDocumentHolder documentHolder = null;
+ SAML2Object samlObject = null;
+
+ if(this.postBinding)
+ {
+ //we got a logout request
+ //deal with SAML response from IDP
+ InputStream is = PostBindingUtil.base64DecodeAsStream(samlResponse);
+
+ samlObject = saml2Response.getSAML2ObjectFromStream(is);
+ documentHolder = saml2Response.getSamlDocumentHolder();
+ }
+ else
+ {
+ //deal with SAML response from IDP
+ InputStream base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse);
+
+ samlObject = saml2Response.getSAML2ObjectFromStream(base64DecodedResponse);
+ documentHolder = saml2Response.getSamlDocumentHolder();
+ }
+
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest = getSAML2HandlerRequest(documentHolder, httpContext);
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ SAMLHandlerChainProcessor chainProcessor = new SAMLHandlerChainProcessor(handlers);
+
+ chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest,
+ saml2HandlerResponse, httpContext);
+
+ return saml2HandlerResponse;
+ }
+}
\ No newline at end of file
14 years, 6 months
JBoss Identity SVN: r877 - in identity-federation/trunk: jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust and 5 other directories.
by jboss-identity-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2009-10-27 16:59:22 -0400 (Tue, 27 Oct 2009)
New Revision: 877
Removed:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/jboss-sts.xml
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
Log:
JBID-204: removed PropertyType as we already had KeyValueType for key-value associations.
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -27,7 +27,7 @@
* <complexContent>
* <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* <sequence>
- * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}PropertyType" maxOccurs="unbounded" minOccurs="0"/>
+ * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}KeyValueType" maxOccurs="unbounded" minOccurs="0"/>
* </sequence>
* <attribute name="ProviderClass" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
* <attribute name="Dialect" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
@@ -45,7 +45,7 @@
public class ClaimProviderType {
@XmlElement(name = "Property")
- protected List<PropertyType> property;
+ protected List<KeyValueType> property;
@XmlAttribute(name = "ProviderClass", required = true)
protected String providerClass;
@XmlAttribute(name = "Dialect", required = true)
@@ -69,13 +69,13 @@
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link PropertyType }
+ * {@link KeyValueType }
*
*
*/
- public List<PropertyType> getProperty() {
+ public List<KeyValueType> getProperty() {
if (property == null) {
- property = new ArrayList<PropertyType>();
+ property = new ArrayList<KeyValueType>();
}
return this.property;
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -125,15 +125,6 @@
}
/**
- * Create an instance of {@link PropertyType }
- *
- */
-
- public PropertyType createPropertyType() {
- return new PropertyType();
- }
-
- /**
* Create an instance of {@link KeyValueType }
*
*/
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -1,92 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2009.09.03 at 01:21:42 PM BRT
-//
-
-
-package org.jboss.identity.federation.core.config;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * <p>Java class for PropertyType complex type.
- *
- * <p>The following schema fragment specifies the expected content contained within this class.
- *
- * <pre>
- * <complexType name="PropertyType">
- * <complexContent>
- * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- * <attribute name="Name" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
- * <attribute name="Value" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
- * </restriction>
- * </complexContent>
- * </complexType>
- * </pre>
- *
- *
- */
-(a)XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "PropertyType")
-public class PropertyType {
-
- @XmlAttribute(name = "Name", required = true)
- protected String name;
- @XmlAttribute(name = "Value", required = true)
- protected String value;
-
- /**
- * Gets the value of the name property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
- public String getName() {
- return name;
- }
-
- /**
- * Sets the value of the name property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setName(String value) {
- this.name = value;
- }
-
- /**
- * Gets the value of the value property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
- public String getValue() {
- return value;
- }
-
- /**
- * Sets the value of the value property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setValue(String value) {
- this.value = value;
- }
-
-}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -27,7 +27,7 @@
* <complexContent>
* <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* <sequence>
- * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}PropertyType" maxOccurs="unbounded" minOccurs="0"/>
+ * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}KeyValueType" maxOccurs="unbounded" minOccurs="0"/>
* </sequence>
* <attribute name="ProviderClass" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
* <attribute name="TokenType" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
@@ -47,7 +47,7 @@
public class TokenProviderType {
@XmlElement(name = "Property")
- protected List<PropertyType> property;
+ protected List<KeyValueType> property;
@XmlAttribute(name = "ProviderClass", required = true)
protected String providerClass;
@XmlAttribute(name = "TokenType", required = true)
@@ -75,13 +75,13 @@
*
* <p>
* Objects of the following type(s) are allowed in the list
- * {@link PropertyType }
+ * {@link KeyValueType }
*
*
*/
- public List<PropertyType> getProperty() {
+ public List<KeyValueType> getProperty() {
if (property == null) {
- property = new ArrayList<PropertyType>();
+ property = new ArrayList<KeyValueType>();
}
return this.property;
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -28,13 +28,12 @@
import java.util.Map;
import org.jboss.identity.federation.core.config.KeyProviderType;
-import org.jboss.identity.federation.core.config.PropertyType;
+import org.jboss.identity.federation.core.config.KeyValueType;
import org.jboss.identity.federation.core.config.STSType;
import org.jboss.identity.federation.core.config.ServiceProviderType;
import org.jboss.identity.federation.core.config.ServiceProvidersType;
import org.jboss.identity.federation.core.config.TokenProviderType;
import org.jboss.identity.federation.core.config.TokenProvidersType;
-import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
/**
@@ -94,8 +93,8 @@
// create and initialize the token provider.
SecurityTokenProvider tokenProvider = serviceFactory.createTokenProvider(provider.getProviderClass());
Map<String, String> properties = new HashMap<String, String>();
- for (PropertyType propertyType : provider.getProperty())
- properties.put(propertyType.getName(), propertyType.getValue());
+ for (KeyValueType propertyType : provider.getProperty())
+ properties.put(propertyType.getKey(), propertyType.getValue());
tokenProvider.initialize(properties);
// token providers can be keyed by the token type and by token element + namespace.
this.tokenProviders.put(provider.getTokenType(), tokenProvider);
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-10-27 20:59:22 UTC (rev 877)
@@ -195,7 +195,7 @@
<complexType name="ClaimProviderType">
<sequence>
- <element name="Property" type="tns:PropertyType" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="Property" type="tns:KeyValueType" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="ProviderClass" type="string" use="required"/>
<attribute name="Dialect" type="string" use="required"/>
@@ -216,7 +216,7 @@
<complexType name="TokenProviderType">
<sequence>
- <element name="Property" type="tns:PropertyType" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="Property" type="tns:KeyValueType" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="ProviderClass" type="string" use="required"/>
<attribute name="TokenType" type="string" use="required"/>
@@ -251,8 +251,4 @@
<element name="JBossSTS" type="tns:STSType"/>
- <complexType name="PropertyType">
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Value" type="string" use="required"/>
- </complexType>
</schema>
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -33,7 +33,6 @@
import org.jboss.identity.federation.core.config.IDPType;
import org.jboss.identity.federation.core.config.KeyProviderType;
import org.jboss.identity.federation.core.config.KeyValueType;
-import org.jboss.identity.federation.core.config.PropertyType;
import org.jboss.identity.federation.core.config.SPType;
import org.jboss.identity.federation.core.config.STSType;
import org.jboss.identity.federation.core.config.ServiceProviderType;
@@ -160,7 +159,7 @@
assertEquals("Unexpected token type", "specialToken", tokenProvider.getTokenType());
assertEquals("Unexpected token element name", "SpecialToken", tokenProvider.getTokenElement());
assertEquals("Unexpected token namespace", "http://www.tokens.org", tokenProvider.getTokenElementNS());
- List<PropertyType> properties = tokenProvider.getProperty();
+ List<KeyValueType> properties = tokenProvider.getProperty();
assertEquals("Invalid number of properties", 2, properties.size());
// configuration of the service providers.
ServiceProvidersType serviceProviders = stsType.getServiceProviders();
Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml 2009-10-27 20:59:22 UTC (rev 877)
@@ -12,8 +12,8 @@
TokenType="specialToken"
TokenElement="SpecialToken"
TokenElementNS="http://www.tokens.org">
- <Property Name="Property1" Value="Value1"/>
- <Property Name="Property2" Value="Value2"/>
+ <Property Key="Property1" Value="Value1"/>
+ <Property Key="Property2" Value="Value2"/>
</TokenProvider>
</TokenProviders>
<ServiceProviders>
Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/jboss-sts.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/jboss-sts.xml 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/jboss-sts.xml 2009-10-27 20:59:22 UTC (rev 877)
@@ -14,8 +14,8 @@
TokenType="http://www.tokens.org/SpecialToken"
TokenElement="SpecialToken"
TokenElementNS="http://www.tokens.org">
- <Property Name="Property1" Value="Value1"/>
- <Property Name="Property2" Value="Value2"/>
+ <Property Key="Property1" Value="Value1"/>
+ <Property Key="Property2" Value="Value2"/>
</TokenProvider>
<TokenProvider ProviderClass="org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
Modified: identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
===================================================================
--- identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java 2009-10-27 20:13:07 UTC (rev 876)
+++ identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java 2009-10-27 20:59:22 UTC (rev 877)
@@ -58,7 +58,7 @@
return params.get(arg0);
}
- public Enumeration getInitParameterNames()
+ public Enumeration<?> getInitParameterNames()
{
throw new RuntimeException("NYI");
}
14 years, 6 months
JBoss Identity SVN: r876 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust.
by jboss-identity-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2009-10-27 16:13:07 -0400 (Tue, 27 Oct 2009)
New Revision: 876
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
Log:
JBID-138: added logic to create a KeyInfo with a certificate when assymetric proof of possession tokens are to be used
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java 2009-10-27 17:28:26 UTC (rev 875)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/JBossSTSConfiguration.java 2009-10-27 20:13:07 UTC (rev 876)
@@ -23,6 +23,7 @@
import java.security.KeyPair;
import java.security.PublicKey;
+import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.Map;
@@ -33,6 +34,7 @@
import org.jboss.identity.federation.core.config.ServiceProvidersType;
import org.jboss.identity.federation.core.config.TokenProviderType;
import org.jboss.identity.federation.core.config.TokenProvidersType;
+import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
/**
@@ -92,7 +94,7 @@
// create and initialize the token provider.
SecurityTokenProvider tokenProvider = serviceFactory.createTokenProvider(provider.getProviderClass());
Map<String, String> properties = new HashMap<String, String>();
- for(PropertyType propertyType : provider.getProperty())
+ for (PropertyType propertyType : provider.getProperty())
properties.put(propertyType.getName(), propertyType.getValue());
tokenProvider.initialize(properties);
// token providers can be keyed by the token type and by token element + namespace.
@@ -213,7 +215,7 @@
{
return this.tokenProviders.get(tokenLocalName + "$" + tokenNamespace);
}
-
+
/*
* (non-Javadoc)
*
@@ -240,12 +242,12 @@
{
// try using the truststore alias from the service provider metadata.
ServiceProviderType provider = this.spMetadata.get(serviceName);
- if(provider != null && provider.getTruststoreAlias() != null)
+ if (provider != null && provider.getTruststoreAlias() != null)
{
key = this.trustManager.getPublicKey(provider.getTruststoreAlias());
}
// if there was no truststore alias or no PKC under that alias, use the KeyProvider mapping.
- if(key == null)
+ if (key == null)
{
key = this.trustManager.getValidatingKey(serviceName);
}
@@ -279,4 +281,23 @@
return keyPair;
}
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getCertificate(java.lang.String)
+ */
+ public Certificate getCertificate(String alias)
+ {
+ Certificate certificate = null;
+ if(this.trustManager != null)
+ {
+ try{
+ certificate = trustManager.getCertificate(alias);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Error obtaining public key certificate", e);
+ }
+ }
+ return certificate;
+ }
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-10-27 17:28:26 UTC (rev 875)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-10-27 20:13:07 UTC (rev 876)
@@ -23,6 +23,7 @@
import java.security.KeyPair;
import java.security.PublicKey;
+import java.security.cert.Certificate;
/**
* <p>
@@ -151,4 +152,14 @@
* @return a reference to the provider's {@code PublicKey}
*/
public PublicKey getServiceProviderPublicKey(String serviceName);
+
+ /**
+ * <p>
+ * Obtains the certificate identified by the specified alias.
+ * </p>
+ *
+ * @param alias the alias associated with the certificate in the keystore.
+ * @return the {@code Certificate} obtained from the keystore, or {@code null} if no certificate was found.
+ */
+ public Certificate getCertificate(String alias);
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-10-27 17:28:26 UTC (rev 875)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-10-27 20:13:07 UTC (rev 876)
@@ -27,6 +27,7 @@
import java.security.PublicKey;
import java.security.cert.Certificate;
+import javax.xml.bind.JAXBElement;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
@@ -42,6 +43,8 @@
import org.jboss.identity.federation.ws.trust.RequestedProofTokenType;
import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.UseKeyType;
+import org.jboss.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -83,9 +86,9 @@
public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal callerPrincipal)
throws WSTrustException
{
- if(trace)
+ if (trace)
log.trace("Issuing token for principal " + callerPrincipal);
-
+
Document rstDocument = request.getRSTDocument();
if (rstDocument == null)
throw new IllegalArgumentException("Request does not contain the DOM Document");
@@ -134,7 +137,7 @@
URI keyType = request.getKeyType();
if (keyType == null)
{
- if(log.isDebugEnabled())
+ if (log.isDebugEnabled())
log.debug("No key type could be found in the request. Using the default BEARER type.");
keyType = URI.create(WSTrustConstants.KEY_TYPE_BEARER);
request.setKeyType(keyType);
@@ -199,10 +202,23 @@
}
else if (WSTrustConstants.KEY_TYPE_PUBLIC.equalsIgnoreCase(keyType.toString()))
{
- // TODO: get the client certificate from a metadata provider or from the UseKey section of the WS-T request.
- Certificate certificate = null;
+ // try to locate the client cert in the keystore using the caller principal as the alias.
+ Certificate certificate = this.configuration.getCertificate(callerPrincipal.getName());
if (certificate != null)
requestContext.setProofTokenInfo(WSTrustUtil.createKeyInfo(certificate));
+ // if no certificate was found in the keystore, check the UseKey contents.
+ else if (request.getUseKey() != null)
+ {
+ UseKeyType useKeyType = request.getUseKey();
+ Object value = useKeyType.getAny();
+ if (value instanceof JAXBElement<?> || value instanceof Element)
+ {
+ //TODO: parse the token properly. If it is a X509 cert, we should create a X509DataType with it.
+ KeyInfoType keyInfo = new KeyInfoType();
+ keyInfo.getContent().add(value);
+ requestContext.setProofTokenInfo(keyInfo);
+ }
+ }
else
throw new WSTrustException("Unable to locate client public key");
}
@@ -386,11 +402,11 @@
}
else
{
- if(trace)
- log.trace("Security Token digital signature has NOT been verified. Either the STS has been configured" +
- "not to sign tokens or the STS key pair has not been properly specified.");
+ if (trace)
+ log.trace("Security Token digital signature has NOT been verified. Either the STS has been configured"
+ + "not to sign tokens or the STS key pair has not been properly specified.");
}
-
+
// if the signature is valid, then let the provider perform any additional validation checks.
if (status == null)
{
14 years, 6 months