JBoss Identity SVN: r972 - migration/picketlink/federation/trunk.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-17 17:39:59 -0500 (Tue, 17 Nov 2009)
New Revision: 972
Added:
migration/picketlink/federation/trunk/picketlink-identity-bindings-jboss/
Removed:
migration/picketlink/federation/trunk/jboss-identity-bindings-jboss/
Log:
rename
Copied: migration/picketlink/federation/trunk/picketlink-identity-bindings-jboss (from rev 971, migration/picketlink/federation/trunk/jboss-identity-bindings-jboss)
16 years, 6 months
JBoss Identity SVN: r971 - migration/picketlink/federation/trunk.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-17 17:36:32 -0500 (Tue, 17 Nov 2009)
New Revision: 971
Added:
migration/picketlink/federation/trunk/picketlink-identity-bindings/
Removed:
migration/picketlink/federation/trunk/jboss-identity-bindings/
Log:
rename
Copied: migration/picketlink/federation/trunk/picketlink-identity-bindings (from rev 970, migration/picketlink/federation/trunk/jboss-identity-bindings)
16 years, 6 months
JBoss Identity SVN: r970 - migration/picketlink/federation.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-17 17:18:01 -0500 (Tue, 17 Nov 2009)
New Revision: 970
Added:
migration/picketlink/federation/trunk/
Log:
copy trunk
Copied: migration/picketlink/federation/trunk (from rev 969, identity-federation/trunk)
16 years, 6 months
JBoss Identity SVN: r969 - migration/picketlink.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-17 17:13:58 -0500 (Tue, 17 Nov 2009)
New Revision: 969
Added:
migration/picketlink/consolidated-build/
migration/picketlink/federation/
migration/picketlink/idm/
Log:
sub projects
16 years, 6 months
JBoss Identity SVN: r968 - migration.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-17 17:12:15 -0500 (Tue, 17 Nov 2009)
New Revision: 968
Added:
migration/picketlink/
Log:
main dir
16 years, 6 months
JBoss Identity SVN: r967 - /.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-17 17:10:02 -0500 (Tue, 17 Nov 2009)
New Revision: 967
Added:
migration/
Log:
for migration
16 years, 6 months
JBoss Identity SVN: r966 - identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust.
by jboss-identity-commits@lists.jboss.org
Author: sguilhen(a)redhat.com
Date: 2009-11-17 10:26:04 -0500 (Tue, 17 Nov 2009)
New Revision: 966
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java
Log:
JBID-212: added renew token test to JBossSTSUnitTestCase
Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java 2009-11-17 15:13:59 UTC (rev 965)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java 2009-11-17 15:26:04 UTC (rev 966)
@@ -26,9 +26,8 @@
import java.util.List;
import java.util.Map;
-import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.DatatypeConstants;
import javax.xml.namespace.QName;
import javax.xml.transform.Source;
import javax.xml.ws.EndpointReference;
@@ -68,6 +67,7 @@
import org.jboss.identity.federation.ws.policy.AppliesTo;
import org.jboss.identity.federation.ws.trust.BinarySecretType;
import org.jboss.identity.federation.ws.trust.EntropyType;
+import org.jboss.identity.federation.ws.trust.RenewTargetType;
import org.jboss.identity.federation.ws.trust.RequestedProofTokenType;
import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
@@ -297,7 +297,7 @@
.parseRequestSecurityTokenResponse(responseMessage);
// validate the security token response.
- this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_BEARER_URI);
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_BEARER_URI);
}
/**
@@ -354,7 +354,8 @@
.parseRequestSecurityTokenResponse(responseMessage);
// validate the security token response.
- AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_BEARER_URI);
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext",
+ SAMLUtil.SAML2_BEARER_URI);
// in this scenario, the conditions section should have an audience restriction.
ConditionsType conditions = assertion.getConditions();
@@ -397,7 +398,7 @@
.parseRequestSecurityTokenResponse(responseMessage);
// validate the security token response.
- this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// check if the response contains the STS-generated key.
RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
@@ -451,7 +452,7 @@
.parseRequestSecurityTokenResponse(responseMessage);
// validate the security token response.
- this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
@@ -459,11 +460,11 @@
assertNotNull("Unexpected null proof token", proofToken);
assertTrue(proofToken.getAny() instanceof JAXBElement);
JAXBElement<?> proofElement = (JAXBElement<?>) proofToken.getAny();
-
+
// proof token should contain only the computed key algorithm.
assertEquals("Unexpected proof token content", "ComputedKey", proofElement.getName().getLocalPart());
assertEquals("Unexpected computed key algorithm", WSTrustConstants.CK_PSHA1, proofElement.getValue());
-
+
// server entropy must have been included in the response to allow reconstruction of the computed key.
EntropyType serverEntropy = response.getEntropy();
assertNotNull("Unexpected null server entropy");
@@ -487,7 +488,7 @@
*/
public void testInvokeSAML20Validate() throws Exception
{
- // create a simple token request, this time using the applies to get to the token type.
+ // create a simple token request.
RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
SAMLUtil.SAML2_TOKEN_TYPE, null);
@@ -499,7 +500,8 @@
Source responseMessage = this.tokenService.invoke(requestMessage);
BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage);
- // get the SAML assertion from the request.
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_BEARER_URI);
RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
.getAny();
@@ -546,6 +548,64 @@
/**
* <p>
+ * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust renew message to the STS to get
+ * the assertion renewed (i.e. get a new assertion with an updated lifetime).
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ public void testInvokeSAML20Renew() throws Exception
+ {
+ // create a simple token request, using applies-to to identify the token type.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+
+ // use the factory to marshall the request.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ Source requestMessage = factory.marshallRequestSecurityToken(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage);
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+ .getRequestedSecurityToken().getAny();
+
+ // now construct a WS-Trust renew request with the generated assertion.
+ request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, SAMLUtil.SAML2_TOKEN_TYPE, null);
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.setAny(assertionElement);
+ request.setRenewTarget(renewTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(factory.marshallRequestSecurityToken(request));
+ baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage);
+
+ // validate the renew response contents and get the renewed token.
+ this.validateSAMLAssertionResponse(baseResponse, "renewcontext", SAMLUtil.SAML2_BEARER_URI);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element renewedAssertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+ .getRequestedSecurityToken().getAny();
+
+ // compare the assertions, checking if the lifetime has been updated.
+ AssertionType originalAssertion = SAMLUtil.fromElement(assertionElement);
+ AssertionType renewedAssertion = SAMLUtil.fromElement(renewedAssertionElement);
+
+ // assertions should have different ids and lifetimes.
+ assertFalse("Renewed assertion should have a unique id", originalAssertion.getID().equals(
+ renewedAssertion.getID()));
+ assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotBefore().compare(
+ renewedAssertion.getConditions().getNotBefore()));
+ assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotOnOrAfter().compare(
+ renewedAssertion.getConditions().getNotOnOrAfter()));
+ }
+
+ /**
+ * <p>
* This test tries to request a token of an unknown type, checking if an exception is correctly thrown by the
* security token service.
* </p>
@@ -633,7 +693,7 @@
* @throws Exception
* if one of the validation performed fail.
*/
- private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse baseResponse,
+ private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse baseResponse, String context,
String confirmationMethod) throws Exception
{
@@ -644,7 +704,7 @@
RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
- assertEquals("Unexpected response context", "testcontext", response.getContext());
+ assertEquals("Unexpected response context", context, response.getContext());
assertEquals("Unexpected token type", SAMLUtil.SAML2_TOKEN_TYPE, response.getTokenType().toString());
Lifetime lifetime = response.getLifetime();
assertNotNull("Unexpected null token lifetime", lifetime);
@@ -668,11 +728,7 @@
assertNotNull("Unexpected null requested security token", requestedToken);
// unmarshall the SAMLV2.0 assertion.
- JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- JAXBElement<?> assertionElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) requestedToken.getAny());
- assertEquals("Unexpected assertion type", AssertionType.class, assertionElement.getDeclaredType());
- AssertionType assertion = (AssertionType) assertionElement.getValue();
+ AssertionType assertion = SAMLUtil.fromElement((Element) requestedToken.getAny());
// verify the contents of the unmarshalled assertion.
assertNotNull("Invalid null assertion ID", assertion.getID());
@@ -708,7 +764,7 @@
.getDeclaredType());
KeyInfoType keyInfo = (KeyInfoType) keyInfoElement.getValue();
assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
-
+
// if they key is a symmetric key, the KeyInfo should contain an encrypted element.
if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(response.getKeyType().toString()))
{
@@ -716,14 +772,15 @@
assertEquals("Unexpected key info content type", EncryptedKeyType.class, encKeyElement.getDeclaredType());
}
// if the key is a public key, the KeyInfo should contain an encoded certificate.
- else if(WSTrustConstants.KEY_TYPE_PUBLIC.equals(response.getKeyType().toString()))
+ else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(response.getKeyType().toString()))
{
JAXBElement<?> x509DataElement = (JAXBElement<?>) keyInfo.getContent().get(0);
assertEquals("Unexpected key info content type", X509DataType.class, x509DataElement.getDeclaredType());
X509DataType x509Data = (X509DataType) x509DataElement.getValue();
- assertEquals("Unexpected X509 data content size", 1, x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().
- size());
- JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0);
+ assertEquals("Unexpected X509 data content size", 1, x509Data
+ .getX509IssuerSerialOrX509SKIOrX509SubjectName().size());
+ JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()
+ .get(0);
assertEquals("Unexpected X509 data content type", byte[].class, x509CertElement.getDeclaredType());
}
}
16 years, 6 months
JBoss Identity SVN: r965 - idm/trunk/idm-testsuite/src/test/resources/datasources.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-11-17 10:13:59 -0500 (Tue, 17 Nov 2009)
New Revision: 965
Modified:
idm/trunk/idm-testsuite/src/test/resources/datasources/hibernates.xml
Log:
- postgres 8.3.7
Modified: idm/trunk/idm-testsuite/src/test/resources/datasources/hibernates.xml
===================================================================
--- idm/trunk/idm-testsuite/src/test/resources/datasources/hibernates.xml 2009-11-17 14:31:10 UTC (rev 964)
+++ idm/trunk/idm-testsuite/src/test/resources/datasources/hibernates.xml 2009-11-17 15:13:59 UTC (rev 965)
@@ -248,6 +248,15 @@
</property>
</properties>
</configuration>
+ <configuration>
+ <configuration-name>postgresql8-3-7</configuration-name>
+ <properties>
+ <property>
+ <name>hibernate.dialect</name>
+ <value>org.hibernate.dialect.PostgreSQLDialect</value>
+ </property>
+ </properties>
+ </configuration>
<configuration>
<configuration-name>postgresql8-local</configuration-name>
<properties>
16 years, 6 months
JBoss Identity SVN: r964 - in idm/trunk: parent and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-11-17 09:31:10 -0500 (Tue, 17 Nov 2009)
New Revision: 964
Modified:
idm/trunk/idm-testsuite/src/test/resources/datasources/datasources.xml
idm/trunk/parent/pom.xml
Log:
- postgres 8.3.7
Modified: idm/trunk/idm-testsuite/src/test/resources/datasources/datasources.xml
===================================================================
--- idm/trunk/idm-testsuite/src/test/resources/datasources/datasources.xml 2009-11-17 11:33:50 UTC (rev 963)
+++ idm/trunk/idm-testsuite/src/test/resources/datasources/datasources.xml 2009-11-17 14:31:10 UTC (rev 964)
@@ -125,6 +125,14 @@
</datasource>
<datasource>
+ <datasource-name>postgresql8-3-7</datasource-name>
+ <connection-url>jdbc:postgresql://vmg03.mw.lab.eng.bos.redhat.com:5432:identity</connection-url>
+ <driver-class>org.postgresql.Driver</driver-class>
+ <user-name>identity</user-name>
+ <password>identity</password>
+ </datasource>
+
+ <datasource>
<datasource-name>sqlserver2005-jtds</datasource-name>
<connection-url>jdbc:jtds:sqlserver://dev30.qa.atl.jboss.com:3918/identity</connection-url>
<driver-class>net.sourceforge.jtds.jdbc.Driver</driver-class>
Modified: idm/trunk/parent/pom.xml
===================================================================
--- idm/trunk/parent/pom.xml 2009-11-17 11:33:50 UTC (rev 963)
+++ idm/trunk/parent/pom.xml 2009-11-17 14:31:10 UTC (rev 964)
@@ -333,6 +333,25 @@
</dependencies>
</profile>
+ <profile>
+ <id>hudson-postgresql8-3-7</id>
+ <activation>
+ <property>
+ <name>dataSourceName</name>
+ <value>postgresql8-3-7</value>
+ </property>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>postgresql</groupId>
+ <artifactId>postgresql</artifactId>
+ <version>8.3-604</version>
+ <classifier>jdbc3</classifier>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </profile>
+
<!--MySQL-->
<profile>
16 years, 6 months
JBoss Identity SVN: r963 - in identity-federation/trunk/jboss-identity-fed-core/src: test/java/org/jboss/identity/federation/core/wstrust and 2 other directories.
by jboss-identity-commits@lists.jboss.org
Author: beve
Date: 2009-11-17 06:33:50 -0500 (Tue, 17 Nov 2009)
New Revision: 963
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
Removed:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
Log:
Work for https://jira.jboss.org/jira/browse/JBID-215 "STSSecurityHandler: Enable the username/password to be retreived from the SOAPMessageContext."
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java 2009-11-16 20:55:38 UTC (rev 962)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java 2009-11-17 11:33:50 UTC (rev 963)
@@ -24,7 +24,9 @@
import static org.jboss.identity.federation.core.wstrust.WSTrustConstants.SAML2_ASSERTION_NS;
import javax.xml.namespace.QName;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+
/**
* A concrete implementation of {@link STSSecurityHandler} that can handle SAML
* version 2.0 Assertion inside of {@link WSTrustConstants#WSSE_NS} elements.
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-11-16 20:55:38 UTC (rev 962)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-11-17 11:33:50 UTC (rev 963)
@@ -96,19 +96,40 @@
* </env-entry>
* }</pre>
*
+ * Username and password for the STS can be configured as shown above in the sts-client.properties file. But it may also
+ * be specified by a handler earlier in the handlerchain. Such a handler is expected to extract the username and password
+ * for the desired location and put these values into the SOAPMessageContext using:
+ * <br/>
+ * {@link #USERNAME_MSG_CONTEXT_PROPERTY}
+ * <br/>
+ * {@link #PASSWORD_MSG_CONTEXT_PROPERTY}
+ * <br/>
+ * These will then be used when contacting the STS, overriding any such values that were parsed from the configuration file.
+ *
+ *
* @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
*/
public abstract class STSSecurityHandler implements SOAPHandler<SOAPMessageContext>
{
/**
+ * Constant that can be used by handlers to set the username in the SOAPMessageContext.
+ */
+ public static final String USERNAME_MSG_CONTEXT_PROPERTY = "org.jboss.identity.federation.core.wstrust.handlers.username";
+
+ /**
+ * Constant that can be used by handlers to set the password in the SOAPMessageContext.
+ */
+ public static final String PASSWORD_MSG_CONTEXT_PROPERTY = "org.jboss.identity.federation.core.wstrust.handlers.password";
+
+ /**
* The path to the jboss-sts-client.properties file.
*/
private String configFile = STSClientConfig.DEFAULT_CONFIG_FILE;
/**
- * The {@link STSClient client} that will call the STS.
+ * The STSClient configuration builder.
*/
- private STSClient wsTrustClient;
+ private STSClientConfig.Builder configBuilder;
/**
* Subclasses can return the QName of the Security header element in usage.
@@ -131,20 +152,9 @@
* @throws WebServiceException
*/
@PostConstruct
- public void createWSTrustClient()
+ public void parseSTSConfig()
{
- if (wsTrustClient == null)
- {
- try
- {
- final STSClientConfig config = new STSClientConfig.Builder(configFile).build();
- wsTrustClient = STSClientFactory.getInstance().create(config);
- }
- catch (final ParsingException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- }
+ configBuilder = new STSClientConfig.Builder(configFile);
}
/**
@@ -158,22 +168,22 @@
public boolean handleMessage(final SOAPMessageContext messageContext)
{
if (isOutBound(messageContext))
- {
return true;
- }
try
{
final Element securityToken = extractSecurityToken(messageContext, getSecurityElementQName(), getTokenElementQName());
- if (wsTrustClient.validateToken(securityToken))
+ setUsernameFromMessageContext(messageContext, configBuilder);
+ setPasswordFromMessageContext(messageContext, configBuilder);
+ final STSClient stsClient = createSTSClient(configBuilder);
+ final boolean valid = stsClient.validateToken(securityToken);
+ if (valid)
{
return true;
}
- else
- {
- throw new WebServiceException("Could not validate security token "+ securityToken);
- }
+
+ throw new WebServiceException("Could not validate security token "+ securityToken);
}
catch (final SOAPException e)
{
@@ -183,18 +193,66 @@
{
throw new WebServiceException(e.getMessage(), e);
}
+ catch (ParsingException e)
+ {
+ throw new WebServiceException(e.getMessage(), e);
+ }
}
+ @SuppressWarnings("unchecked")
+ private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException
+ {
+ if (securityQName == null)
+ throw new IllegalStateException("securityQName from subclass cannot be null!");
+ if (tokenQName == null)
+ throw new IllegalStateException("tokenQName from subclass cannot be null!");
+
+ final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
+ final Iterator securityHeaders = soapHeader.getChildElements(securityQName);
+ while (securityHeaders.hasNext())
+ {
+ final SOAPHeaderElement elem = (SOAPHeaderElement) securityHeaders.next();
+ // Check if the header is equal to the one this Handler is configured for.
+ if (elem.getElementQName().equals(securityQName))
+ {
+ final Iterator childElements = elem.getChildElements(tokenQName);
+ while (childElements.hasNext())
+ {
+ return (Element) childElements.next();
+ }
+ }
+ }
+ return null;
+ }
+
/**
- * Allows the {@link STSClient} to be injected if required.
+ * If a property was set for the key {@link #USERNAME_MSG_CONTEXT_PROPERTY} it will be
+ * retrieved by this method and set on the passed-in builder instace.
*
- * @param client The WSTrustClient to be used by this handler.
+ * @param context The SOAPMessageContext which might contain a username property.
+ * @param builder The STSClientConfigBuilder which be updated if the SOAPMessageContext contains the username property.
*/
- public void setWSTrustClient(final STSClient client)
+ private void setUsernameFromMessageContext(final SOAPMessageContext context, final STSClientConfig.Builder builder)
{
- wsTrustClient = client;
+ final String username = (String) context.get(USERNAME_MSG_CONTEXT_PROPERTY);
+ if (username != null)
+ configBuilder.username(username);
}
+ /**
+ * If a property was set for the key {@link #PASSWORD_MSG_CONTEXT_PROPERTY} it will be
+ * retrieved by this method and set on the passed-in builder instace.
+ *
+ * @param context The SOAPMessageContext which might contain a password property.
+ * @param builder The STSClientConfigBuilder which be updated if the SOAPMessageContext contains the password property.
+ */
+ private void setPasswordFromMessageContext(final SOAPMessageContext context, final STSClientConfig.Builder builder)
+ {
+ final String password = (String) context.get(PASSWORD_MSG_CONTEXT_PROPERTY);
+ if (password != null)
+ configBuilder.password(password);
+ }
+
public Set<QName> getHeaders()
{
return Collections.singleton(getSecurityElementQName());
@@ -210,7 +268,6 @@
// NoOp.
}
-
/**
* This setter enables the injection of the jboss-sts-client.properties file
* path.
@@ -226,34 +283,18 @@
}
}
- private boolean isOutBound(final SOAPMessageContext messageContext)
+ STSClientConfig.Builder getConfigBuilder()
{
- return ((Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue();
+ return configBuilder;
}
+
+ STSClient createSTSClient(final STSClientConfig.Builder builder) throws ParsingException
+ {
+ return STSClientFactory.getInstance().create(builder.build());
+ }
- @SuppressWarnings("unchecked")
- private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException
+ private boolean isOutBound(final SOAPMessageContext messageContext)
{
- if (securityQName == null)
- throw new IllegalStateException("securityQName from subclass cannot be null!");
- if (tokenQName == null)
- throw new IllegalStateException("tokenQName from subclass cannot be null!");
-
- final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
- final Iterator securityHeaders = soapHeader.getChildElements(securityQName);
- while (securityHeaders.hasNext())
- {
- final SOAPHeaderElement elem = (SOAPHeaderElement) securityHeaders.next();
- // Check if the header is equal to the one this Handler is configured for.
- if (elem.getElementQName().equals(securityQName))
- {
- final Iterator childElements = elem.getChildElements(tokenQName);
- while (childElements.hasNext())
- {
- return (Element) childElements.next();
- }
- }
- }
- return null;
+ return ((Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue();
}
}
\ No newline at end of file
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java (from rev 962, identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-11-17 11:33:50 UTC (rev 963)
@@ -0,0 +1,193 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.handlers;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.WebServiceException;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.jboss.identity.federation.core.wstrust.handlers.STSSaml20Handler;
+import org.jboss.identity.federation.core.wstrust.handlers.STSSecurityHandler;
+import org.w3c.dom.Element;
+
+/**
+ * Unit test for {@link STSSaml20Handler}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class STSSaml20HandlerTestCase extends TestCase
+{
+ private SOAPMessageContext soapMessageContext;
+ private SOAPMessage soapMessage;
+ private STSClient wsTrustClient;
+ private STSSaml20Handler samlHandler;
+
+ public void testHandleMessageOutbound()
+ {
+ setOutbound(soapMessageContext, true);
+ assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext));
+ }
+
+ public void testHandleMessageInboundValidToken() throws Exception
+ {
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ // Make the Mocked WSTrustClient validateToken method return true.
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
+
+ final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader);
+ addAssertionElement(samlHandler, securityHeader);
+
+ setOutbound(soapMessageContext, false);
+ setMessageOnContext(soapMessageContext, soapMessage);
+
+ boolean result = samlHandler.handleMessage(soapMessageContext);
+ assertTrue(result);
+ }
+
+ public void testHandleMessageInValidToken() throws Exception
+ {
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ // Make the Mocked WSTrustClient validateToken method return false.
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
+
+ final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader);
+ addAssertionElement(samlHandler, securityHeader);
+
+ setOutbound(soapMessageContext, false);
+ setMessageOnContext(soapMessageContext, soapMessage);
+ try
+ {
+ samlHandler.handleMessage(soapMessageContext);
+ fail("handleMessage should have thrown a exception!");
+ }
+ catch(final Exception e)
+ {
+ assertTrue (e instanceof WebServiceException);
+ }
+ }
+
+ public void testUsernamePasswordFromSOAPMessageContext() throws Exception
+ {
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ // Make the Mocked WSTrustClient validateToken method return true.
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
+ final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader);
+ addAssertionElement(samlHandler, securityHeader);
+
+ setOutbound(soapMessageContext, false);
+ setMessageOnContext(soapMessageContext, soapMessage);
+
+ when(soapMessageContext.get(STSSecurityHandler.USERNAME_MSG_CONTEXT_PROPERTY)).thenReturn("Fletch");
+ when(soapMessageContext.get(STSSecurityHandler.PASSWORD_MSG_CONTEXT_PROPERTY)).thenReturn("letmein");
+
+ samlHandler.handleMessage(soapMessageContext);
+
+ assertEquals("Fletch", samlHandler.getConfigBuilder().getUsername());
+ assertEquals("letmein", samlHandler.getConfigBuilder().getPassword());
+ }
+
+ @Override
+ public void setUp()
+ {
+ // Create a Mock for WSTrustClient.
+ wsTrustClient = mock(STSClient.class);
+
+ samlHandler = new FakeSamlHandler(wsTrustClient);
+ samlHandler.setConfigFile("wstrust/auth/jboss-sts-client.properties");
+ // Simulate the WS Engine calling @PostConstruct.
+ samlHandler.parseSTSConfig();
+
+ soapMessageContext = mock(SOAPMessageContext.class);
+
+ try
+ {
+ soapMessage = MessageFactory.newInstance().createMessage();
+ }
+ catch (SOAPException e)
+ {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private class FakeSamlHandler extends STSSaml20Handler
+ {
+ private final STSClient stsClient;
+
+ public FakeSamlHandler(final STSClient stsClient)
+ {
+ this.stsClient = stsClient;
+ }
+
+ @Override
+ protected STSClient createSTSClient(Builder builder) throws ParsingException
+ {
+ return stsClient;
+ }
+ }
+
+ private SOAPHeaderElement addSecurityHeader(final STSSecurityHandler handler, final SOAPHeader soapHeader) throws SOAPException
+ {
+ final QName securityQName = handler.getSecurityElementQName();
+ final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse"));
+ soapHeader.addChildElement(securityHeader);
+ return securityHeader;
+ }
+
+ private SOAPElement addAssertionElement(final STSSecurityHandler handler, final SOAPHeaderElement securityHeader) throws SOAPException
+ {
+ final QName tokenElementQName = handler.getTokenElementQName();
+ final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml"));
+ return securityHeader.addChildElement(tokenElement);
+ }
+
+ private void setMessageOnContext(final SOAPMessageContext messageContext, final SOAPMessage soapMessage)
+ {
+ when(messageContext.getMessage()).thenReturn(soapMessage);
+ }
+
+ private void setOutbound(MessageContext messageContext, boolean outbound)
+ {
+ when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(outbound);
+ }
+
+}
+
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-11-16 20:55:38 UTC (rev 962)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-11-17 11:33:50 UTC (rev 963)
@@ -1,154 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.core.wstrust.handlers;
-
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import javax.xml.namespace.QName;
-import javax.xml.soap.MessageFactory;
-import javax.xml.soap.SOAPElement;
-import javax.xml.soap.SOAPException;
-import javax.xml.soap.SOAPHeader;
-import javax.xml.soap.SOAPHeaderElement;
-import javax.xml.soap.SOAPMessage;
-import javax.xml.ws.WebServiceException;
-import javax.xml.ws.handler.MessageContext;
-import javax.xml.ws.handler.soap.SOAPMessageContext;
-
-import junit.framework.TestCase;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.handlers.STSSaml20Handler;
-import org.jboss.identity.federation.core.wstrust.handlers.STSSecurityHandler;
-import org.w3c.dom.Element;
-
-/**
- * Unit test for {@link STSSaml20Handler}.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class STSSaml20HandlerTestCase extends TestCase
-{
- private SOAPMessageContext soapMessageContext;
- private SOAPMessage soapMessage;
- private STSClient wsTrustClient;
- private STSSaml20Handler samlHandler;
-
- public void testHandleMessageOutbound() throws SOAPException
- {
- setOutbound(soapMessageContext, true);
- assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext));
- }
-
- public void testHandleMessageInboundValidToken() throws Exception
- {
- final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
-
- // Make the Mocked WSTrustClient validateToken method return true.
- when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
-
- final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader);
- addAssertionElement(samlHandler, securityHeader);
-
- setOutbound(soapMessageContext, false);
- setMessageOnContext(soapMessageContext, soapMessage);
-
- boolean result = samlHandler.handleMessage(soapMessageContext);
- assertTrue(result);
- }
-
- public void testHandleMessageInValidToken() throws Exception
- {
- final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
-
- // Make the Mocked WSTrustClient validateToken method return false.
- when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
-
- final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader);
- addAssertionElement(samlHandler, securityHeader);
-
- setOutbound(soapMessageContext, false);
- setMessageOnContext(soapMessageContext, soapMessage);
- try
- {
- samlHandler.handleMessage(soapMessageContext);
- fail("handleMessage should have thrown a exception!");
- }
- catch(final Exception e)
- {
- assertTrue (e instanceof WebServiceException);
- }
- }
-
- public void setUp()
- {
- // Create a Mock for WSTrustClient.
- wsTrustClient = mock(STSClient.class);
-
- samlHandler = new STSSaml20Handler();
- // Set the WSTrustClient to our mocked client.
- samlHandler.setWSTrustClient(wsTrustClient);
- // Simulate the WS Engine calling @PostConstruct.
- samlHandler.createWSTrustClient();
-
- soapMessageContext = mock(SOAPMessageContext.class);
-
- try
- {
- soapMessage = MessageFactory.newInstance().createMessage();
- }
- catch (SOAPException e)
- {
- e.printStackTrace();
- fail(e.getMessage());
- }
- }
-
- private SOAPHeaderElement addSecurityHeader(final STSSecurityHandler handler, final SOAPHeader soapHeader) throws SOAPException
- {
- final QName securityQName = handler.getSecurityElementQName();
- final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse"));
- soapHeader.addChildElement(securityHeader);
- return securityHeader;
- }
-
- private SOAPElement addAssertionElement(final STSSecurityHandler handler, final SOAPHeaderElement securityHeader) throws SOAPException
- {
- final QName tokenElementQName = handler.getTokenElementQName();
- final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml"));
- return securityHeader.addChildElement(tokenElement);
- }
-
- private void setMessageOnContext(final SOAPMessageContext messageContext, final SOAPMessage soapMessage)
- {
- when(messageContext.getMessage()).thenReturn(soapMessage);
- }
-
- private void setOutbound(MessageContext messageContext, boolean outbound)
- {
- when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(outbound);
- }
-
-}
-
16 years, 6 months