jboss-identity-commits
November 2009
jboss-identity-commits@lists.jboss.org
- 1 participants
- 196 discussions
JBoss Identity SVN: r902 - in idm/trunk: idm-doc/ReferenceGuide/en and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-11-03 07:08:04 -0500 (Tue, 03 Nov 2009)
New Revision: 902
Modified:
idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml
idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml
idm/trunk/idm-ldap/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
idm/trunk/pom.xml
Log:
- docs update
Modified: idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml
===================================================================
--- idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml 2009-11-03 09:41:59 UTC (rev 901)
+++ idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml 2009-11-03 12:08:04 UTC (rev 902)
@@ -3,4 +3,5 @@
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<authorgroup>
<corpauthor>Bolesław Dawidowicz</corpauthor>
+ <corpauthor>Jeff Yu</corpauthor>
</authorgroup>
Modified: idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml
===================================================================
--- idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml 2009-11-03 09:41:59 UTC (rev 901)
+++ idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml 2009-11-03 12:08:04 UTC (rev 902)
@@ -13,39 +13,36 @@
<xi:include href="Author_Group.xml"
xmlns:xi="http://www.w3.org/2001/XInclude"/>
- <releaseinfo>
- 1.0.0.Beta4
- </releaseinfo>
+ <releaseinfo>
+ 1.0.0.Beta4
+ </releaseinfo>
</bookinfo>
- <!--<preface>-->
- <!--<title>What this Book Covers</title>-->
+ <preface>
+ <title>What this Book Covers</title>
+ <para>This book aims to help you become familiar with JBoss Identity
+ IDM component</para>
+ <para>Part I 'Design and Architecture' introduces the the main concepts behind framework design</para>
+ <para>Part II 'Concepts behind API to SPI mappings' describes framework concepts in a more detailed way and explains
+ relationship between API and SPI layer.</para>
+ <para>Part III 'Quick Start' provides a reader with best way to start playing with the framework</para>
+ <para>Part IV 'Configuration' describes framework configuration.
+ </para>
+ <para>Part VI 'IdentityStore Implementations' provides detailed view on provided IdentityStore implementations.
+ </para>
+ <para>Part VII 'IdentityStoreRepository Implementations' provides detailed view on provided IdentityStoreRepository
+ implementations.
+ </para>
+ <para>Part VIII 'Attributes' describes how attributes can be used in the API.
+ </para>
+ <para>Part IX 'Credentials' describes how credentials can be used in the API.
+ </para>
+ <para>Part X 'Deployment' provides additional insight on how IDM component can be leveraged inside JEE container.
+ </para>
+ </preface>
- <!--<para>This book aims to help you become familiar with JBoss Identity-->
- <!--Federation in order that you can use it to build your own Federated-->
- <!--Identity based services or applications.</para>-->
-
- <!--<para>Part I 'Getting Started' introduces the federated identity-->
- <!--technologies that are provided in this product. It also indicates-->
- <!--the libraries required for the installation.</para>-->
-
- <!--<para>Part II 'Simple Usage' describes SAML v2 Web Browser based -->
- <!--Single Sign On (SSO).</para>-->
-
- <!--<para>Part III 'Advanced Usage' describes SAML v2 Web Browser based SSO -->
- <!--with advanced features such as Trust Management and XML-->
- <!--Digital Signatures.</para>-->
- <!---->
- <!--<para>Part IV 'Trouble Shooting' describes some basic-->
- <!--troubleshooting tips when things do not work the way they were intended.-->
- <!--</para>-->
- <!---->
- <!--<para>Part V 'Resources' provides additional resources.-->
- <!--</para>-->
- <!--</preface>-->
-
<part>
<title>Design and Architecture</title>
@@ -54,12 +51,12 @@
<para>JBoss Identity IDM aims to provide a common identity model for various JBoss projects.
As every project has it's own specific needs it's hard to design a common API and identity model that will
- fit all of them. Therefore JBoss Identity architecture consists of two main parts:</para>
+ fit all of them. Therefore JBoss Identity IDM architecture consists of two main parts:</para>
<itemizedlist>
<listitem>
- <para><emphasis role="bold">Core SPI</emphasis> with an abstract identity model that provides the flexibility for defining different identity
- object types and possible relationships between them.</para>
+ <para><emphasis role="bold">Core SPI</emphasis> with an abstract identity model that provides the
+ flexibility for defining different identity object types and possible relationships between them.</para>
</listitem>
<listitem>
@@ -92,39 +89,62 @@
</para>
<itemizedlist>
<listitem>
- <para> org.jboss.identity.idm.api.IdentityType - is a parent interface for Group and Identity
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.IdentityType</emphasis>
+ - is a parent interface for Group and Identity
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.Identity - represents Identity which can be a user (within organization) or a machine (in authentication or security use case)
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.Identity</emphasis>
+ - represents Identity which can be a user
+ (within organization) or a machine (in authentication or security use case)
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.Group - represents typed Group
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.Group</emphasis>
+ - represents typed Group
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.GroupType - represents type of a Group. It can be an organization, organization unit, administration group, global role, community or any other entity.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.GroupType</emphasis>
+ - represents type of a Group. It can be an organization, organization unit, administration group,
+ global role, community or any other entity.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.Role - represents one to one relationship between Identity and Group. Role has a type. The idea behind the concept is described below.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.Role</emphasis>
+ - represents one to one relationship between Identity and Group. Role has a type.
+ The idea behind the concept is described below.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.RoleType - represents type of a Role.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.RoleType</emphasis>
+ - represents type of a Role.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.Attribute - represents attribute connected with IdentityType (Group or Identity). Can have many complex type values (text or binary). AttributeDescription describes such properties of Attribute like: name, type of values, readonly, multivalued, required.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.Attribute</emphasis>
+ - represents attribute connected with IdentityType (Group or Identity).
+ Can have many complex type values (text or binary). AttributeDescription describes such
+ properties of Attribute like: name, type of values, readonly, multivalued, required.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.Credential - represents credential connected with Identity.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.Credential</emphasis>
+ - represents credential connected with Identity.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.api.CredentialType - represents type of a Credential. For example it can be text password or binary certificate.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.api.CredentialType</emphasis>
+ - represents type of a Credential. For example it can be text password or binary certificate.
</para>
</listitem>
@@ -144,7 +164,8 @@
</para>
<para>
Roles are direct typed connections between Identity and Group objects. If you think about a sentence:
- "John is the Manager of XX Team" what matters is the context. So "John (Identity) is the Manager (RoleType)
+ "<emphasis role="bold">John</emphasis> is the <emphasis role="bold">Manager</emphasis> of
+ <emphasis role="bold">XX Team"</emphasis> what matters is the context. So "John (Identity) is the Manager (RoleType)
of XX Team (Group)". The whole sentence describes the Role that John has. This type of information is hard
to map with typical Group object as John can be a manager of several different groups and other identities
(Marry, Jack, Stan...) can have the same RoleType in context of different groups (XY Team, YY Team).
@@ -163,38 +184,50 @@
</para>
<itemizedlist>
<listitem>
- <para> org.jboss.identity.idm.spi.model.IdentityObject - represents identity object. Contains information
- about object name and type (IdentityObjectType). Name and IdentityObjectType pair should be unique
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObject</emphasis>
+ - represents identity object. Contains information
+ about object name and type (IdentityObjectType). Name and IdentityObjectType pair should be unique
within realm.
</para>
</listitem>
<listitem>
- <para>org.jboss.identity.idm.spi.model.IdentityObjectType - represents identity object type. Name of
- IdentityType is unique.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObjectType</emphasis>
+ - represents identity object type. Name of IdentityType is unique.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.spi.model.IdentityObjectAttribute - attribute assigned to IdentityObject
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObjectAttribute</emphasis>
+ - attribute assigned to IdentityObject
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.spi.model.IdentityObjectCredential - credential assigned to IdentityObject
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObjectCredential</emphasis>
+ - credential assigned to IdentityObject
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.spi.model.IdentityObjectCredentialType - represents type of
- IdentityObjectCredential.
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObjectCredentialType</emphasis>
+ - represents type of IdentityObjectCredential.
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.spi.model.IdentityObjectRelationship - Directional relationship between
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObjectRelationship</emphasis>
+ - Directional relationship between
two IdentityObject objects. Relationship is directional as it keeps information about from and to
IdentityObject. Each IdentityObjectRelationship has a type (IdentityObjectRelationshipType) and can
have a name (not required).
</para>
</listitem>
<listitem>
- <para> org.jboss.identity.idm.spi.model.IdentityObjectRelationshipType - named type of relationship
+ <para>
+ <emphasis role="bold">org.jboss.identity.idm.spi.model.IdentityObjectRelationshipType</emphasis>
+ - named type of relationship
</para>
</listitem>
</itemizedlist>
@@ -234,41 +267,52 @@
<itemizedlist>
<listitem>
<para>
- Realm - described later in this document. Groups configuration of several identity stores and exposes all of them with one consistent identity model.
+ <emphasis role="bold">Realm</emphasis>
+ - described later in this document. Groups configuration of several identity stores and exposes
+ all of them with one consistent identity model.
</para>
</listitem>
<listitem>
<para>
- IdentitySessionFactory - Main entry point in the API. Enables to create/get IdentitySession for a given Realm
+ <emphasis role="bold">IdentitySessionFactory</emphasis>
+ - Main entry point in the API. Enables to create/get IdentitySession for a given Realm
</para>
</listitem>
<listitem>
<para>
- IdentitySession - Session that groups all identity management operation. Contains transaction support and exposes four managers that handle all identity management operations.
+ <emphasis role="bold">IdentitySession</emphasis> - Session that groups all identity management
+ operation. Contains transaction support and exposes four managers that handle all identity management operations.
</para>
</listitem>
<listitem>
<para>
- PersistenceManager - Operates witin IdentitySession. Performs all operations on Identity and Group objects. Create/Remove/Find
+ <emphasis role="bold">PersistenceManager</emphasis>
+ - Operates witin IdentitySession. Performs all operations on Identity and Group objects. Create/Remove/Find
</para>
</listitem>
<listitem>
<para>
- RelationshipManager - Operates witin IdentitySession. Associate and deassociate Identity and Group objects. Find Idenity and Group objects depending on their relationships
+ <emphasis role="bold">RelationshipManager</emphasis>
+ - Operates witin IdentitySession. Associate and deassociate Identity and Group objects.
+ Find Idenity and Group objects depending on their relationships
</para>
</listitem>
<listitem>
<para>
- RoleManager - Operates witin IdentitySession. Operations on Role objects. Optional feature.
+ <emphasis role="bold">RoleManager</emphasis> - Operates witin IdentitySession. Operations on Role objects.
+ Optional feature.
</para>
</listitem>
<listitem>
<para>
- AttributeManager - Operates witin IdentitySession. Manages Identity and Group (IdentityType objects) attributes. Each configured attribute is described with AttributeDescription interface
+ <emphasis role="bold">AttributeManager</emphasis> - Operates witin IdentitySession. Manages Identity
+ and Group (IdentityType objects) attributes. Each configured attribute is described with AttributeDescription interface
</para>
</listitem>
<listitem>
- <para>IdentitySearchControl - Enables to apply additional conditions to search operations. May be leveraged to receive results sorted, paginated or filtered with attributes.</para>
+ <para>
+ <emphasis role="bold">SearchCriteria</emphasis> - Enables to apply additional conditions to search operations.
+ May be leveraged to receive results sorted, paginated or filtered with attributes.</para>
</listitem>
</itemizedlist>
<para>
@@ -277,25 +321,46 @@
</para>
<itemizedlist>
<listitem>
- <para>IdentityStoreSession - Session that groups all identity management operations within identity persistence stores.</para>
+ <para>
+ <emphasis role="bold">IdentityStoreSession</emphasis>
+ - Session that groups all identity management operations within identity persistence stores.</para>
</listitem>
<listitem>
- <para>IdentityStoreSessionFactory - Entry point in the SPI to initialize IdentityStoreSession inside IdentityStore or AttributeStore.</para>
+ <para>
+ <emphasis role="bold">IdentityStoreSessionFactory</emphasis>
+ - Entry point in the SPI to initialize IdentityStoreSession inside IdentityStore or AttributeStore.</para>
</listitem>
<listitem>
- <para>IdentityStoreInvocationContext - IdentityStoreSession aware context object that is passed during any invocation of AttributeStore or IdentityStore methods. Thanks to this actual store implementation doesn't need to be aware of current session state. Therefore one instance of AttributeStore or IdentityStore can be invoked by different realms at the same time.</para>
+ <para>
+ <emphasis role="bold">IdentityStoreInvocationContext</emphasis>
+ - IdentityStoreSession aware context object that is passed during any invocation of AttributeStore
+ or IdentityStore methods. Thanks to this actual store implementation doesn't need to be aware of
+ current session state. Therefore one instance of AttributeStore or IdentityStore can be invoked by
+ different realms at the same time.</para>
</listitem>
<listitem>
- <para>AttributeStore - Exposes operations on identity store with attributes. This is a separate interface as in multi store configuration scenario, profile may need to be stored outside of actual data store for a given identity (LDAP + DB)</para>
+ <para>
+ <emphasis role="bold">AttributeStore</emphasis> - Exposes operations on identity store with attributes.
+ This is a separate interface as in multi store configuration scenario, profile may need to be
+ stored outside of actual data store for a given identity (LDAP + DB)</para>
</listitem>
<listitem>
- <para>IdentityStore - Extends AttributeStore. Implementation of this interface performs operations on the real data store.</para>
+ <para>
+ <emphasis role="bold">IdentityStore</emphasis> - Extends AttributeStore. Implementation of
+ this interface performs operations on the real data store.</para>
</listitem>
<listitem>
- <para>IdentityStoreRepository - Extends IdentityStore. Groups several IdentityStore objects and exposes operations on them within single interface for the API. The implementation is responsible for aggregate identity objects from many configured underlaying IdentityStore objects and map different IdentityObjectTypes between them. The place where the whole magic happens </para>
+ <para>
+ <emphasis role="bold">IdentityStoreRepository</emphasis> - Extends IdentityStore. Groups
+ several IdentityStore objects and exposes operations on them within single interface for the
+ API. The implementation is responsible for aggregate identity objects from many configured
+ underlaying IdentityStore objects and map different IdentityObjectTypes between them.
+ The place where the whole magic happens </para>
</listitem>
<listitem>
- <para>IdentityObjectSearchControl - Enables to apply additional conditions to search operations. May be leveraged to receive results sorted, paginated or filtered withattributes.</para>
+ <para>
+ <emphasis role="bold">IdentityObjectSearchControl</emphasis> - Enables to apply additional conditions to
+ search operations. May be leveraged to receive results sorted, paginated or filtered withattributes.</para>
</listitem>
</itemizedlist>
@@ -312,7 +377,8 @@
<mediaobject>
<imageobject>
- <imagedata fileref="./images/IDM-global-realm.png" format="PNG" contentwidth="6in" contentdepth="6in"/>
+ <imagedata fileref="./images/IDM-global-realm.png" format="PNG" contentwidth="6in"
+ contentdepth="6in"/>
</imageobject>
<caption align="right">
<para>
@@ -366,11 +432,11 @@
<imageobject>
<imagedata fileref="./images/SPI1.png" format="PNG"/>
</imageobject>
- <!--<caption align="right">-->
- <!--<para>-->
- <!--<emphasis role="bold"></emphasis>-->
- <!--</para>-->
- <!--</caption>-->
+ <!--<caption align="right">-->
+ <!--<para>-->
+ <!--<emphasis role="bold"></emphasis>-->
+ <!--</para>-->
+ <!--</caption>-->
</mediaobject>
</chapter>
@@ -398,11 +464,11 @@
<imageobject>
<imagedata fileref="./images/SPI2.png" format="PNG"/>
</imageobject>
- <!--<caption align="right">-->
- <!--<para>-->
- <!--<emphasis role="bold"></emphasis>-->
- <!--</para>-->
- <!--</caption>-->
+ <!--<caption align="right">-->
+ <!--<para>-->
+ <!--<emphasis role="bold"></emphasis>-->
+ <!--</para>-->
+ <!--</caption>-->
</mediaobject>
</chapter>
<chapter>
@@ -438,11 +504,11 @@
<imageobject>
<imagedata fileref="./images/SPI3.png" format="PNG"/>
</imageobject>
- <!--<caption align="right">-->
- <!--<para>-->
- <!--<emphasis role="bold"></emphasis>-->
- <!--</para>-->
- <!--</caption>-->
+ <!--<caption align="right">-->
+ <!--<para>-->
+ <!--<emphasis role="bold"></emphasis>-->
+ <!--</para>-->
+ <!--</caption>-->
</mediaobject>
<para>
What is important to note about the Role concept is that it is not natural in all kinds of
@@ -486,17 +552,17 @@
<part>
<title>Quick Start</title>
- <!--<para>-->
- <!--Please read JBossIdentity IDM Design and Architecture to understand all concepts behind the framework.-->
- <!--</para>-->
+ <!--<para>-->
+ <!--Please read JBossIdentity IDM Design and Architecture to understand all concepts behind the framework.-->
+ <!--</para>-->
- <chapter>
+ <chapter>
<title>Test Cases</title>
<para>
One of the best ways to get familiar with the JBoss Identity IDM component is to look at the source code.
You will find link to the subversion repository in the project webpage.
There are couple of quite meaningful testcases there. One of the best to start with is
- org.jboss.identity.idm.impl.api.OrganizationTest. It contains two example identity structures.
+ org.jboss.identity.idm.impl.api.OrganizationTest under 'idm-testsuite' module . It contains two example identity structures.
One mapping hierarchical organization of Red Hat and JBoss projects and the other describes theoretical
portal tree for ACME company.
</para>
@@ -526,7 +592,178 @@
</para>
</chapter>
<chapter>
- <title></title>
+ <title>Needed files</title>
+ <para>Although the best way to start playing with the framework is to look at Maven2 sample project
+ mentioned above lets list minimal set of configuration files. To setup the basic framework core depending
+ on hibernate IdentityStore two files will be needed</para>
+ <para>
+ <emphasis role="bold">idm-config.xml</emphasis> - that will set proper configuration for all
+ framework components described in section above. Sample one below.
+ </para>
+ <programlisting>
+ <![CDATA[
+<?xml version="1.0" encoding="UTF-8"?>
+<jboss-identity xmlns="urn:jboss:identity:idm:config:v1_0_beta"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:identity:idm:config:v1_0_beta identity-config.xsd">
+ <realms>
+ <realm>
+ <id>realm://JBossIdentityExample/SampleRealm</id>
+ <repository-id-ref>Sample Repository</repository-id-ref>
+ <identity-type-mappings>
+ <user-mapping>USER</user-mapping>
+ </identity-type-mappings>
+ </realm>
+ </realms>
+ <repositories>
+ <repository>
+ <id>Sample Repository</id>
+ <class>org.jboss.identity.idm.impl.repository.WrapperIdentityStoreRepository</class>
+ <external-config/>
+ <default-identity-store-id>Sample DB Store</default-identity-store-id>
+ <default-attribute-store-id>Sample DB Store</default-attribute-store-id>
+ </repository>
+ </repositories>
+ <stores>
+ <attribute-stores/>
+ <identity-stores>
+ <identity-store>
+ <id>Sample DB Store</id>
+ <class>org.jboss.identity.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+ <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types>
+ <identity-object-type>
+ <name>USER</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
+ <identity-object-type-ref>GROUP</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials>
+ <credential-type>PASSWORD</credential-type>
+ </credentials>
+ <attributes>
+ <attribute>
+ <name>picture</name>
+ <mapping>user.picture</mapping>
+ <type>binary</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ </attributes>
+ <options/>
+ </identity-object-type>
+ <identity-object-type>
+ <name>ORGANIZATION</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
+ <identity-object-type-ref>USER</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>USER</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>GROUP</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials/>
+ <attributes/>
+ <options/>
+ </identity-object-type>
+ <identity-object-type>
+ <name>GROUP</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
+ <identity-object-type-ref>USER</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>USER</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>GROUP</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials/>
+ <attributes/>
+ <options/>
+ </identity-object-type>
+ </supported-identity-object-types>
+ <options>
+ <option>
+ <name>hibernateConfiguration</name>
+ <value>hibernate-jboss-identity.cfg.xml</value>
+ </option>
+ <option>
+ <name>populateRelationshipTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>populateIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>isRealmAware</name>
+ <value>true</value>
+ </option>
+ </options>
+ </identity-store>
+ </identity-stores>
+ </stores>
+</jboss-identity>
+ ]]>
+ </programlisting>
+
+ <para>
+ <emphasis role="bold">hibernate.cfg.xml</emphasis> - hibernate SessionFactory setup
+ </para>
+
+ <programlisting>
+ <![CDATA[
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+<hibernate-configuration>
+ <session-factory>
+
+
+ <property name="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</property>
+
+ <property name="show_sql">false</property>
+ <property name="cache.use_second_level_cache">true</property>
+ <property name="cache.use_query_cache">true</property>
+
+
+ <property name="current_session_context_class">thread</property>
+
+ <!--<property name="connection.datasource"></property>-->
+
+ <property name="hibernate.connection.url">jdbc:hsqldb:mem:unit-testing-jpa1</property>
+ <property name="hibernate.connection.driver_class">org.hsqldb.jdbcDriver</property>
+ <property name="hibernate.dialect">org.hibernate.dialect.HSQLDialect</property>
+ <property name="hibernate.hbm2ddl.auto">create-drop</property>
+ <property name="hibernate.connection.username">sa</property>
+ <property name="hibernate.connection.password"></property>
+
+ </session-factory>
+</hibernate-configuration>
+ ]]>
+ </programlisting>
</chapter>
</part>
@@ -574,18 +811,24 @@
<para>Identity XML configuration can be divided into three parts:</para>
<itemizedlist>
<listitem>
- <para><![CDATA[<stores/>]]> - defines IdentityStore and AttributeStore instances</para>
+ <para><emphasis role="bold"><![CDATA[<stores/>]]></emphasis>
+ - defines IdentityStore and AttributeStore instances</para>
</listitem>
<listitem>
- <para><![CDATA[<repositories/>]]> - defines IdentityStoreRepository instances</para>
+ <para><emphasis role="bold"><![CDATA[<repositories/>]]></emphasis>
+ - defines IdentityStoreRepository instances</para>
</listitem>
<listitem>
- <para><![CDATA[<realms/>]]> - defines identity realms</para>
+ <para><emphasis role="bold"><![CDATA[<realms/>]]></emphasis>
+ - defines identity realms</para>
</listitem>
</itemizedlist>
</chapter>
<chapter>
- <title>IdentityStore <![CDATA[<stores><identity-store>...]]></title>
+ <title>IdentityStore</title>
+ <para>This part is represented by
+ <emphasis role="bold"><![CDATA[<stores><identity-store>...]]></emphasis>
+ element</para>
<programlisting>
<![CDATA[
<stores>
@@ -598,8 +841,11 @@
]]>
</programlisting>
<note>
- <para><![CDATA[<stores/>]]> element contains <![CDATA[<identity-store>]]> and <![CDATA[<attribute-store>]]>
- elements. Currently <![CDATA[<attribute-store>]]> configuration is ignored so only <![CDATA[<identity-store>]]>
+ <para><emphasis role="bold"><![CDATA[<stores/>]]></emphasis>
+ element contains <emphasis role="bold"><![CDATA[<identity-store>]]></emphasis>
+ and <emphasis role="bold"><![CDATA[<attribute-store>]]></emphasis>
+ elements. Currently <emphasis role="bold"><![CDATA[<attribute-store>]]></emphasis>
+ configuration is ignored so only <emphasis role="bold"><![CDATA[<identity-store>]]></emphasis>
elements can be configured.</para></note>
<programlisting>
<![CDATA[
@@ -643,29 +889,32 @@
]]>
</programlisting>
- <para><![CDATA[<identity-store>]]> element:
+ <para><emphasis role="bold"><![CDATA[<identity-store>]]></emphasis> element:
</para>
<itemizedlist>
<listitem>
- <para>id - IdentityStore id</para>
+ <para><emphasis role="bold">id</emphasis> - IdentityStore id</para>
</listitem>
<listitem>
- <para>class - IdentityStore class name</para>
+ <para><emphasis role="bold">class</emphasis> - IdentityStore class name</para>
</listitem>
<listitem>
- <para>external-config - external configuration file used by IdentityStore</para>
+ <para><emphasis role="bold">external-config</emphasis> - external configuration file used by IdentityStore</para>
</listitem>
<listitem>
- <para>supported-relationship-types - IdentityObjectRelationshipType names that are supported by this
+ <para><emphasis role="bold">supported-relationship-types</emphasis>
+ - IdentityObjectRelationshipType names that are supported by this
IdentityStore. JBOSS_IDENTITY_MEMBERSHIP is standard value used by default framework implementation
for membership type relationships (between two Group objects) and JBOSS_IDENTITY_ROLE is standard
value for Role type memberships (named relationships)</para>
</listitem>
<listitem>
- <para>supported-identity-object-types - configuration of IdentityObjectType objects mapped by IdentityStore</para>
+ <para><emphasis role="bold">supported-identity-object-types</emphasis>
+ - configuration of IdentityObjectType objects mapped by IdentityStore</para>
</listitem>
<listitem>
- <para>options - other IdentityStore configuration options</para>
+ <para>
+ <emphasis role="bold">options</emphasis> - other IdentityStore configuration options</para>
</listitem>
</itemizedlist>
@@ -734,62 +983,67 @@
</para>
<itemizedlist>
<listitem>
- <para>name - IdentityObjectType name</para>
+ <para><emphasis role="bold">name</emphasis>- IdentityObjectType name</para>
</listitem>
<listitem>
- <para>relationships - relationships in which IdentityObjectType can be parent side.
- <![CDATA[<relationship-type-ref>]]> must point to one of values from
- <![CDATA[<supported-relationship-types>]]>. <![CDATA[<identity-object-type-ref>]]>
- must be one of <![CDATA[<identity-object-type><name>]]> values configured in this IdentityStore.</para>
+ <para><emphasis role="bold">relationships</emphasis>
+ - relationships in which IdentityObjectType can be parent side.
+ <emphasis role="bold"><![CDATA[<relationship-type-ref>]]></emphasis> must point to one of values from
+ <emphasis role="bold"><![CDATA[<supported-relationship-types>]]></emphasis>
+ . <emphasis role="bold"><![CDATA[<identity-object-type-ref>]]></emphasis>
+ must be one of <emphasis role="bold"><![CDATA[<identity-object-type><name>]]></emphasis>
+ values configured in this IdentityStore.</para>
</listitem>
<listitem>
- <para>credentials - IdentityObjectCredentialType names allowed for this IdentityObjectType</para>
+ <para><emphasis role="bold">credentials</emphasis>
+ - IdentityObjectCredentialType names allowed for this IdentityObjectType</para>
</listitem>
<listitem>
- <para>attributes - allowed attribute mappings. Each contains:
+ <para><emphasis role="bold">attributes</emphasis> - allowed attribute mappings. Each contains:
<itemizedlist>
<listitem>
<para>
- name - attribute name
+ <emphasis role="bold">name</emphasis> - attribute name
</para>
</listitem>
<listitem>
<para>
- mapping - real name to be used inside IdentityStore. For example LDAP attribute name
+ <emphasis role="bold">mapping</emphasis> - real name to be used inside IdentityStore. For example LDAP attribute name
</para>
</listitem>
<listitem>
<para>
- type - either "binary" or "text" value
+ <emphasis role="bold">type</emphasis> - either "binary" or "text" value
</para>
</listitem>
<listitem>
<para>
- isRequired - if attribute cannot have no values
+ <emphasis role="bold">isRequired</emphasis> - if attribute cannot have no values
</para>
</listitem>
<listitem>
<para>
- isMultivalued - if attribute can have many values
+ <emphasis role="bold">isMultivalued</emphasis> - if attribute can have many values
</para>
</listitem>
<listitem>
<para>
- isReadonly - if attribute values can be modified
+ <emphasis role="bold">isReadonly</emphasis> - if attribute values can be modified
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
- <para>options - other options for IdentityObjectType configuration</para>
+ <para><emphasis role="bold">options</emphasis> - other options for IdentityObjectType configuration</para>
</listitem>
</itemizedlist>
</chapter>
<chapter>
- <title>IdentityStoreRepository / <![CDATA[<repositories><repository>]]></title>
-
+ <title>IdentityStoreRepository</title>
+ <para>This section is represented by <emphasis role="bold"> <![CDATA[<repositories><repository>]]></emphasis>
+ element</para>
<programlisting>
<![CDATA[
<repositories>
@@ -859,31 +1113,36 @@
</programlisting>
- <para><![CDATA[<repository>]]> element contains:
+ <para><emphasis role="bold"><![CDATA[<repository>]]></emphasis> element contains:
</para>
<itemizedlist>
<listitem>
- <para>id - IdentityStoreRepository id.</para>
+ <para><emphasis role="bold">id</emphasis> - IdentityStoreRepository id.</para>
</listitem>
<listitem>
- <para>class - class name of IdentityStoreRepository implementation.</para>
+ <para><emphasis role="bold">class</emphasis> - class name of IdentityStoreRepository implementation.</para>
</listitem>
<listitem>
- <para>external-config - external configuration file used by IdentityStoreRepository.</para>
+ <para><emphasis role="bold">external-config</emphasis> - external configuration file used by
+ IdentityStoreRepository.</para>
</listitem>
<listitem>
- <para>default-identity-store-id - id of configured IdentityStore to be used by default.</para>
+ <para><emphasis role="bold">default-identity-store-id</emphasis> - id of configured IdentityStore
+ to be used by default.</para>
</listitem>
<listitem>
- <para>default-attribute-store-id - id of configured AttributeStore (or IdentityStore) to be used by default</para>
+ <para><emphasis role="bold">default-attribute-store-id</emphasis> - id of configured AttributeStore
+ (or IdentityStore) to be used by default</para>
</listitem>
<listitem>
- <para>identity-store-mappings - optional element. Mappings between IdentityObjectType names and IdentityStore ids. </para>
+ <para><emphasis role="bold">identity-store-mappings</emphasis> - optional element. Mappings between
+ IdentityObjectType names and IdentityStore ids. </para>
</listitem>
</itemizedlist>
</chapter>
<chapter>
- <title>Realm / <![CDATA[<realms><realm>]]></title>
+ <title>Realm</title>
+ <para>This section is represented by <emphasis role="bold"><![CDATA[<realms><realm>]]></emphasis> element</para>
<programlisting>
<![CDATA[
@@ -899,20 +1158,21 @@
</programlisting>
<para>
- <![CDATA[<realm>]]> element contains:
+ <emphasis role="bold"><![CDATA[<realm>]]></emphasis> element contains:
</para>
<itemizedlist>
<listitem>
- <para>id - realm id</para>
+ <para><emphasis role="bold">id</emphasis> - realm id</para>
</listitem>
<listitem>
- <para>repository-id-ref - id of configured IdentityStoreRepository </para>
+ <para><emphasis role="bold">repository-id-ref</emphasis> - id of configured IdentityStoreRepository </para>
</listitem>
<listitem>
- <para>identity-type-mappings
+ <para><emphasis role="bold">identity-type-mappings</emphasis>
<itemizedlist>
<listitem>
- <para>identity-mapping - name of IdentityObjectType that should be maped as Identity
+ <para><emphasis role="bold">identity-mapping</emphasis>
+ - name of IdentityObjectType that should be maped as Identity
object on the API side</para>
</listitem>
</itemizedlist>
@@ -958,32 +1218,68 @@
<itemizedlist>
<listitem>
- <para>persistenceUnit - The name of persistence unit with proper Hibernate entities.
- See example below.</para>
+ <para><emphasis role="bold">hibernateConfiguration</emphasis>
+ - the hibernate configuration file that will be used to
+ create SessionFactory</para>
</listitem>
<listitem>
- <para>populateRelationshipTypes - true/false - Populate configured <![CDATA[<supported-relationship-types>]]>
+ <para>
+ <emphasis role="bold">hibernateSessionFactoryJNDIName</emphasis>
+ - JNDI name of hibernate SessionFactory that will be used
+ to obtain it</para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis role="bold">hibernateSessionFactoryRegistryName</emphasis>
+ - name of hibernate SessionFactory placed in the
+ IdentityConfigurationRegistry that will be used to obtain it</para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis role="bold">addMappedClasses</emphasis>
+ - of set to true all annotated hibernate model classes will be added
+ to the hibernate configuration before SessionFactory is created</para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">populateRelationshipTypes</emphasis>
+ - true/false - Populate configured <![CDATA[<supported-relationship-types>]]>
(IdentityObjectRelationshipType in SPI model) during IdentityStore initialization.
Default value is 'false'</para>
</listitem>
<listitem>
- <para>populateIdentityObjectTypes - true/false - Populate configured <![CDATA[<supported-identity-object-types>]]>
+ <para><emphasis role="bold">populateIdentityObjectTypes</emphasis>
+ - true/false - Populate configured <![CDATA[<supported-identity-object-types>]]>
(IdentityObjectType in SPI model) during IdentityStore initialization. Default value is 'false'</para>
</listitem>
<listitem>
- <para>allowNotDefinedAttributes - true/false - Allow to set IdentityObject attributes that
+ <para><emphasis role="bold">allowNotDefinedAttributes</emphasis>
+ - true/false - Allow to set IdentityObject attributes that
are not specified in <![CDATA[<identity-object-type>]]> configuration. Such attributes
are assumed to have "text" type and many values. Default value is 'false'.</para>
</listitem>
<listitem>
- <para>isRealmAware - true/false - If set to true HibernateIdentityStoreImpl will create
+ <para><emphasis role="bold">isRealmAware</emphasis>
+ - true/false - If set to true HibernateIdentityStoreImpl will create
separate namespaces for different Realms from which method invocations come. This means
that each IdentityObject, IdentityObjectRelationship and IdentityObjectRelationshipName
will be connected and only accessible with a realm name in which it was created. Entities
representing IdentityObjectType, IdentityObjectCredentialType and IdentityObjectRelationshipType
are always same for all realms and not affected with this option. Default value is 'false'. </para>
</listitem>
- <listitem><para></para></listitem>
+ <listitem>
+ <para><emphasis role="bold">manageTransactionDuringBootstrap</emphasis>
+ - true/false - indicate that transactions should be managed
+ manually during store bootstrap when initial entities are created. </para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">allowNotDefinedIdentityObjectTypes</emphasis>
+ - true/false - indicate that store won't check
+ for a given IdentityObjectType configuration and if one is not specified it will be just
+ lazily created. This option enables to have minimal xml config without definition of all
+ constraints in relationship between types. </para>
+ </listitem>
</itemizedlist>
</para>
</sect1>
@@ -1003,12 +1299,7 @@
<supported-identity-object-types>
<identity-object-type>
<name>IDENTITY</name>
- <relationships>
- <relationship>
- <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
- <identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
- </relationship>
- </relationships>
+ <relationships/>
<credentials>
<credential-type>PASSWORD</credential-type>
</credentials>
@@ -1043,6 +1334,10 @@
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
</relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
+ <identity-object-type-ref>IDENTITY</identity-object-type-ref>
+ </relationship>
</relationships>
<credentials/>
<attributes/>
@@ -1051,8 +1346,8 @@
</supported-identity-object-types>
<options>
<option>
- <name>persistenceUnit</name>
- <value>jboss-identity-model-xxx</value>
+ <name>hibernateConfiguration</name>
+ <value>hibernate-jboss-identity.cfg.xml</value>
</option>
<option>
<name>populateRelationshipTypes</name>
@@ -1079,29 +1374,22 @@
]]>
</programlisting>
<para>
- Persistence unit need to map all needed hibernate entities. For example:
+ In case 'addMappedClasses' option is not set to true hibernate configuration need to list all
+ annotated model classes:
</para>
<programlisting>
<![CDATA[
-<persistence-unit name="sample-persistence-unit" transaction-type="RESOURCE_LOCAL">
-
- <provider>org.hibernate.ejb.HibernatePersistence</provider>
-
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateRealm</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObject</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectCredential</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectAttribute</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectType</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationship</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType</class>
- <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName</class>
-
- ....
- ....
- ....
-
-</persistence-unit>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateRealm"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObject"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectCredential"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectAttribute"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectTextAttribute"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectBinaryAttribute"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectType"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType"/>
+<mapping class="org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName"/>
]]>
</programlisting>
@@ -1134,49 +1422,112 @@
<para><![CDATA[<identity-object-type><options>]]></para>
<itemizedlist>
<listitem>
- <para>idAttributeName - attribute name under which IdentityObject name is specified. Required.</para>
+ <para><emphasis role="bold">idAttributeName</emphasis>
+ - attribute name under which IdentityObject name is specified. Required.</para>
</listitem>
<listitem>
- <para>passwordAttributeName - attribute name under which IdentityObject password is specified. Optional.</para>
+ <para><emphasis role="bold">passwordAttributeName</emphasis>
+ - attribute name under which IdentityObject password is specified. Optional.</para>
</listitem>
<listitem>
- <para>ctxDNs - DN that will be used as context for IdentityObject searches. More than one value can be specified.</para>
+ <para><emphasis role="bold">ctxDNs</emphasis>
+ - DN that will be used as context for IdentityObject searches. More than one value can be specified.</para>
</listitem>
<listitem>
- <para>allowCreateEntry - true/false - Specify if new IdentityObject can be created.</para>
+ <para><emphasis role="bold">allowCreateEntry</emphasis>
+ - true/false - Specify if new IdentityObject can be created.</para>
</listitem>
<listitem>
- <para>createEntryAttributeValues - defines a set of ldap attributes that will be set on IdentityObject entry creation. Values are in "name=value" format. This enables to fulfill LDAP schema requirements.Default is false</para>
+ <para><emphasis role="bold">createEntryAttributeValues</emphasis>
+ - defines a set of ldap attributes that will be set on IdentityObject entry creation. Values
+ are in "name=value" format. This enables to fulfill LDAP schema requirements.Default is false</para>
</listitem>
<listitem>
- <para>membershipAttributeName - LDAP attribute that defines children of IdentityObject. This will be used to retrieved relationships from IdentityObject entry. Option is required if IdentityObjectType can be part of relationship.</para>
+ <para><emphasis role="bold">parentMembershipAttributeName</emphasis>
+ - LDAP attribute that defines children of IdentityObject. This will be used to retrieved
+ relationships from IdentityObject entry. Option is required if IdentityObjectType can be part of relationship.</para>
</listitem>
<listitem>
- <para>isMembershipAttributeDN - defines if values of attribute defined in membershipAttributeID are fully qualified LDAP DNs.</para>
+ <para><emphasis role="bold">isParentMembershipAttributeDN</emphasis>
+ - defines if values of attribute defined in parentMembershipAttributeName are fully qualified LDAP DNs.</para>
</listitem>
<listitem>
- <para>allowEmptyMemberships - defines if IdentityObject entry can have no members. Sometimes it is not allowed by LDAP schema.</para>
+ <para><emphasis role="bold">allowEmptyMemberships</emphasis>
+ - defines if IdentityObject entry can have no members. Sometimes it is not allowed by LDAP schema.</para>
</listitem>
<listitem>
- <para>entrySearchFilter - ldap filter to search IdentityObject with. {0} will be substitute with IdentityObject name. Example filter can look like this: "(uid={0})". This substitution behavior comes from the standard DirContext.search(Name, String, Object, SearchControls cons) method</para>
+ <para><emphasis role="bold">parentMembershipAttributePlaceholder</emphasis>
+ - if LDAP schema doesn't allow empty memberships this value will be used as a placeholder. IdentityObject
+ specified here won't be recognized as a member and ignored</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">childMembershipAttributeName</emphasis>
+ - LDAP attribute that defines parents of IdentityObject. This will be used to retrieved
+ relationships from IdentityObject entry. Good example of such attribute in LDAP schema is 'memberOf'</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">childMembershipAttributeDN</emphasis>
+ - defines if values of attribute defined in childMembershipAttributeName are fully qualified LDAP DNs.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">childMembershipAttributeVirtual</emphasis>
+ - specifies if attribute defined in 'childMembershipAttributeName' is a real attribute that
+ can be updated or virtual one which value is managed by a directory and should not be updated</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">entrySearchFilter</emphasis>
+ - ldap filter to search IdentityObject with. {0} will be substitute with IdentityObject name.
+ Example filter can look like this: "(uid={0})". This substitution behavior comes from the
+ standard DirContext.search(Name, String, Object, SearchControls cons) method</para>
</listitem>
+ <listitem>
+ <para><emphasis role="bold">enclosePasswordWith</emphasis>
+ - if specified password will be surunted with a given chars before update</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">passwordEncoding</emphasis>
+ - if specified password will be encoded before update. For example Microsoft Active Directory
+ requires password to be enclosed with '"' and encoded using 'UTF-16LE' for update.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">passwordUpdateAttributeValues</emphasis>
+ - list of attributes that should be changed during password update</para>
+ </listitem>
+
</itemizedlist>
- <para><![CDATA[<identity-store><options>]]></para>
+ <para><emphasis role="bold"><![CDATA[<identity-store><options>]]></emphasis></para>
<itemizedlist>
<listitem>
- <para>providerURL - LDAP connection URL. For example "ldap://localhost:389"</para>
+ <para><emphasis role="bold">providerURL</emphasis>
+ - LDAP connection URL. For example "ldap://localhost:389"</para>
</listitem>
<listitem>
- <para>adminDN - LDAP entry used to connect to the server.</para>
+ <para><emphasis role="bold">adminDN</emphasis>
+ - LDAP entry used to connect to the server.</para>
</listitem>
<listitem>
- <para>adminPassword - password related to adminDN</para>
+ <para><emphasis role="bold">adminPassword</emphasis>
+ - password related to adminDN</para>
</listitem>
<listitem>
- <para>searchTimeLimit -searchTimeLimit for LDAP search operations in miliseconds. Default value is 10000.</para>
+ <para><emphasis role="bold">searchTimeLimit</emphasis>
+ -searchTimeLimit for LDAP search operations in miliseconds. Default value is 10000.</para>
</listitem>
-
+ <listitem>
+ <para><emphasis role="bold">customJNDIConnectionParameters</emphasis>
+ - list of additional 'key=value' parameters that will be used to create JNDI context. Can be
+ usefull to use additional JNDI options.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">customSystemProperties</emphasis>
+ - list of 'key=value' properties that will be added using System.setProperty() method. This
+ can be used to configure LDAP JNDI connection pooling which is set per JVM</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">externalJNDIContext</emphasis>
+ - name that will be used to perform JDNI lookup to grab JNDI connection context </para>
+ </listitem>
</itemizedlist>
</sect1>
@@ -1325,6 +1676,92 @@
</programlisting>
</sect1>
</chapter>
+ <chapter>
+ <title>Minimal Configuration</title>
+ <para>The main role of configuration is to define relationship between separate framework components. It also
+ enables to specify a lot of meta data information describing possible connections between IdentityObject types.
+ It is however possible to not define all those meta data information and let the framework to be maximum permissive
+ about allowed operations and lazily create not defined types:</para>
+
+ <programlisting>
+ <![CDATA[
+<?xml version="1.0" encoding="UTF-8"?>
+<jboss-identity xmlns="urn:jboss:identity:idm:config:v1_0_beta"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:identity:idm:config:v1_0_beta identity-config.xsd">
+ <realms>
+ <realm>
+ <id>realm://FlexibleRealm</id>
+ <repository-id-ref>Flexible Repo</repository-id-ref>
+ <identity-type-mappings>
+ <user-mapping>USER</user-mapping>
+ </identity-type-mappings>
+ </realm>
+ </realms>
+ <repositories>
+ <repository>
+ <id>Flexible Repo</id>
+ <class>org.jboss.identity.idm.impl.repository.WrapperIdentityStoreRepository</class>
+ <external-config/>
+ <default-identity-store-id>Hibernate Identity Store</default-identity-store-id>
+ <default-attribute-store-id>Hibernate Identity Store</default-attribute-store-id>
+ <options>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ </options>
+ </repository>
+ </repositories>
+ <stores>
+ <attribute-stores/>
+ <identity-stores>
+ <identity-store>
+ <id>Hibernate Identity Store</id>
+ <class>org.jboss.identity.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+ <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types/>
+ <options>
+ <option>
+ <name>hibernateSessionFactoryJNDIName</name>
+ <value>java:/jbossidentity/HibernateStoreSessionFactory</value>
+ </option>
+ <option>
+ <name>populateRelationshipTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>populateIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>isRealmAware</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ </options>
+ </identity-store>
+ </identity-stores>
+ </stores>
+</jboss-identity>
+ ]]>
+ </programlisting>
+ </chapter>
</part>
<part>
@@ -1354,6 +1791,7 @@
]]>
</programlisting>
</sect1>
+
</chapter>
<chapter>
<title>FallbackIdentityStoreRepository</title>
@@ -1372,7 +1810,8 @@
<title>Configuration Options</title>
<itemizedlist>
<listitem>
- <para>allowNotDefinedAttributes - if mapped IdentityStore doesn't support any attribute that was
+ <para><emphasis role="bold">allowNotDefinedAttributes</emphasis>
+ - if mapped IdentityStore doesn't support any attribute that was
passed in method invocation FallbackIdentityStoreRepository will try to store it in
defaultAttributeStore. If this option is set to true such attribute will be passed to
defaultAttributeStore even if it is not mapped there.</para>
@@ -1433,80 +1872,80 @@
AttributeDescription that contains its properties such as:</para>
<itemizedlist>
<listitem>
- <para>name - attribute name</para>
+ <para><emphasis role="bold">name</emphasis> - attribute name</para>
</listitem>
<listitem>
- <para>readonly - if attribute values can be changed</para>
+ <para><emphasis role="bold">readonly</emphasis> - if attribute values can be changed</para>
</listitem>
<listitem>
- <para>multivalued - if attribute can have many values</para>
+ <para><emphasis role="bold">multivalued</emphasis> - if attribute can have many values</para>
</listitem>
<listitem>
- <para>required - if attribute can be removed</para>
+ <para><emphasis role="bold">required</emphasis> - if attribute can be removed</para>
</listitem>
<listitem>
- <para>type - type of attribute values. </para>
+ <para><emphasis role="bold">type</emphasis> - type of attribute values. </para>
</listitem>
</itemizedlist>
<para>Default implementation provides two attribute types:</para>
<itemizedlist>
<listitem>
- <para>text - java.lang.String object</para>
+ <para><emphasis role="bold">text</emphasis> - java.lang.String object</para>
</listitem>
<listitem>
- <para>binary - byte[] object</para>
+ <para><emphasis role="bold">binary</emphasis> - byte[] object</para>
</listitem>
</itemizedlist>
<sect1>
<title>Sample operations</title>
<programlisting role="java">
- Identity user = session.getPersistenceManager().
- createIdentity("sampleUser");
+Identity user = session.getPersistenceManager().
+createIdentity("sampleUser");
- // Check that binary attribute 'picture' is mapped
+// Check that binary attribute 'picture' is mapped
- AttributeDescription attributeDescription =
- session.getAttributesManager().
- getAttributeDescription(user, "picture");
- assertNotNull(attributeDescription);
- assertEquals("binary", attributeDescription.getType());
+AttributeDescription attributeDescription =
+session.getAttributesManager().
+getAttributeDescription(user, "picture");
+assertNotNull(attributeDescription);
+assertEquals("binary", attributeDescription.getType());
- // Generate random binary data for binary attribute
+// Generate random binary data for binary attribute
- Random random = new Random();
- byte[] picture = new byte[5120];
- random.nextBytes(picture);
+Random random = new Random();
+byte[] picture = new byte[5120];
+random.nextBytes(picture);
- // User attributes
- Attribute[] userInfo = new Attribute[]
- {
- new SimpleAttribute(P3PConstants.INFO_USER_NAME_GIVEN,
- new String[]{"John"}),
- new SimpleAttribute(P3PConstants.INFO_USER_NAME_FAMILY,
- new String[]{"Doe"}),
- new SimpleAttribute("picture", new byte[][]{picture})
- };
+// User attributes
+Attribute[] userInfo = new Attribute[]
+{
+new SimpleAttribute(P3PConstants.INFO_USER_NAME_GIVEN,
+new String[]{"John"}),
+new SimpleAttribute(P3PConstants.INFO_USER_NAME_FAMILY,
+new String[]{"Doe"}),
+new SimpleAttribute("picture", new byte[][]{picture})
+};
- session.getAttributesManager().
- addAttributes(user, userInfo);
+session.getAttributesManager().
+addAttributes(user, userInfo);
- ....
+....
- AttributesManager attrMgr = session.getAttributesManager();
+AttributesManager attrMgr = session.getAttributesManager();
- attrMgr.addAttribute(anneUser,
- P3PConstants.INFO_USER_NAME_GIVEN, "Anne");
- attrMgr.addAttribute(anneUser,
- P3PConstants.INFO_USER_NAME_FAMILY, "Smith");
- attrMgr.addAttribute(anneUser,
- P3PConstants.INFO_USER_JOB_TITLE, "Senior Software Developer");
- attrMgr.addAttribute(anneUser,
- P3PConstants.INFO_USER_BUSINESS_INFO_ONLINE_EMAIL, "anne.smith(a)acme.com");
- attrMgr.addAttribute(anneUser,
- P3PConstants.INFO_USER_BUSINESS_INFO_TELECOM_MOBILE_NUMBER, "777 777 777 7 77");
+attrMgr.addAttribute(anneUser,
+P3PConstants.INFO_USER_NAME_GIVEN, "Anne");
+attrMgr.addAttribute(anneUser,
+P3PConstants.INFO_USER_NAME_FAMILY, "Smith");
+attrMgr.addAttribute(anneUser,
+P3PConstants.INFO_USER_JOB_TITLE, "Senior Software Developer");
+attrMgr.addAttribute(anneUser,
+P3PConstants.INFO_USER_BUSINESS_INFO_ONLINE_EMAIL, "anne.smith(a)acme.com");
+attrMgr.addAttribute(anneUser,
+P3PConstants.INFO_USER_BUSINESS_INFO_TELECOM_MOBILE_NUMBER, "777 777 777 7 77");
</programlisting>
</sect1>
@@ -1514,31 +1953,32 @@
<chapter>
<title>SPI</title>
<para>On the SPI level IdentityObject can be associated with several IdentityObjectAttribute objects.
- IdentityObjectAttribute is described by IdentityObjectAttributeMetaData object that contains its properties such as:</para>
+ IdentityObjectAttribute is described by IdentityObjectAttributeMetaData object that contains its
+ properties such as:</para>
<itemizedlist>
<listitem>
- <para>name - attribute name</para>
+ <para><emphasis role="bold">name</emphasis> - attribute name</para>
</listitem>
<listitem>
- <para>readonly - if attribute values can be changed</para>
+ <para><emphasis role="bold">readonly</emphasis> - if attribute values can be changed</para>
</listitem>
<listitem>
- <para>multivalued - if attribute can have many values</para>
+ <para><emphasis role="bold">multivalued</emphasis> - if attribute can have many values</para>
</listitem>
<listitem>
- <para>required - if attribute can be removed</para>
+ <para><emphasis role="bold">required</emphasis> - if attribute can be removed</para>
</listitem>
<listitem>
- <para>type - type of attribute values. </para>
+ <para><emphasis role="bold">type</emphasis> - type of attribute values. </para>
</listitem>
</itemizedlist>
<para>IdentityObjectAttribute types supported by default implementations are the same as in the API level:</para>
<itemizedlist>
<listitem>
- <para>text - java.lang.String object</para>
+ <para><emphasis role="bold">text</emphasis> - java.lang.String object</para>
</listitem>
<listitem>
- <para>binary - byte[] object</para>
+ <para><emphasis role="bold">binary</emphasis> - byte[] object</para>
</listitem>
</itemizedlist>
@@ -1559,10 +1999,10 @@
</para>
<itemizedlist>
<listitem>
- <para>PASSWORD - text password represented by java.lang.String object</para>
+ <para><emphasis role="bold">PASSWORD</emphasis> - text password represented by java.lang.String object</para>
</listitem>
<listitem>
- <para>BINARY - binary credential represented by byte[]. For example some kind of certificate.</para>
+ <para><emphasis role="bold">BINARY</emphasis> - binary credential represented by byte[]. For example some kind of certificate.</para>
</listitem>
</itemizedlist>
@@ -1571,10 +2011,12 @@
</para>
<itemizedlist>
<listitem>
- <para>org.jboss.identity.idm.impl.api.BinaryCredential - Credential with BINARY CredentialType</para>
+ <para><emphasis role="bold">org.jboss.identity.idm.impl.api.BinaryCredential</emphasis>
+ - Credential with BINARY CredentialType</para>
</listitem>
<listitem>
- <para>org.jboss.identity.idm.impl.api.PasswordCredential - Credential with PASSWORD CredentialType</para>
+ <para><emphasis role="bold">org.jboss.identity.idm.impl.api.PasswordCredential</emphasis>
+ - Credential with PASSWORD CredentialType</para>
</listitem>
</itemizedlist>
@@ -1586,8 +2028,23 @@
</para>
<programlisting role="java">
- TODO
+User anotherOne = session.getPersistenceManager().createUser("blah1");
+
+session.getAttributesManager().updatePassword(anotherOne, "Password2000");
+assertTrue(session.getAttributesManager().validatePassword(anotherOne, "Password2000"));
+
+Credential password = new PasswordCredential("SuperPassword2345");
+session.getAttributesManager().updateCredential(anotherOne, password);
+assertTrue(session.getAttributesManager().validateCredentials(anotherOne, new Credential[]{password}));
+
+// binary credential
+byte[] cert = new byte[512000];
+random.nextBytes(cert);
+Credential binaryCredential = new BinaryCredential(cert);
+session.getAttributesManager().updateCredential(anotherOne, binaryCredential);
+assertTrue(session.getAttributesManager().validateCredentials(anotherOne, new Credential[]{binaryCredential}));
+
</programlisting>
</chapter>
<chapter>
@@ -1604,23 +2061,161 @@
</para>
<itemizedlist>
<listitem>
- <para>getValue - returns either String for text based credentials or byte[] for binary.
+ <para><emphasis role="bold">getValue</emphasis> - returns either String for text based credentials or
+ byte[] for binary.
True credential value may be needed by different IdentityStore implementations for validation.
For example with LDAP authentication for IdentityObject entry will be performed</para>
</listitem>
<listitem>
- <para>getEncodedValue - Enables to provide IdentityStore with custom credential encoding method.
+ <para><emphasis role="bold">getEncodedValue</emphasis> - Enables to provide IdentityStore with custom
+ credential encoding method.
IdentityStore is not obligated to use encoded value. This should return either String for text
based credentials or byte[] for binary. May return null if credential implementation doesn't
provide encoding mechanism. IdentityStore </para>
</listitem>
-
</itemizedlist>
</chapter>
-
</part>
+ <part>
+ <title>Deployment</title>
+ <chapter>
+ <title>IDM Usage Scenario</title>
+ <para>There are two ways to use the jboss idm:</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Use it as the embedded way
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Deploy it into the container (JBoss AS5), and then all other projects can use it
+ by getting IdentitySessionFactory from JNDI.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ For the 1st case, users need to use the API to start the IdentitySessionFactory, and then use it.
+ The code is as following, which you can find on the example module.
+ </para>
+ <programlisting>
+ <![CDATA[
+IdentitySessionFactory identitySessionFactory = new IdentityConfigurationImpl().
+ configure(new File("src/test/resources/example-db-config.xml")).buildIdentitySessionFactory();
+IdentitySession identitySession = identitySessionFactory.createIdentitySession("realm://JBossIdentityExample/SampleRealm");
+ ]]>
+ </programlisting>
+ <para>
+ And then use the IdentitySession to do the operations etc. So it is very easy to use. We will look closer
+ at the second scenario in the next chapter
+ </para>
+ </chapter>
+ <chapter>
+ <title>JBoss AS 5 Deployment</title>
+ <para>Now, lets look at the second case, by deploying the idm into the JBoss AS 5. By doing this different
+ services can share the identity component, instead of having its own seperate identity component.</para>
+ <para>The jobs that need to be done for the deployment in the container is quite simple:</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Populate the idm schema if neccessary.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Start the IdentitySessionFactory, and then register it into the JNDI.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Before we look at it further, lets see the configuration files that jboss idm needed typically.
+ (Say using db back-end, hibernate impl combination)
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>jboss idm configuration file. say jboss.idm.cfg.xml</para>
+ </listitem>
+ <listitem>
+ <para>datasource file, say idm-ds.xml</para>
+ </listitem>
+ <listitem>
+ <para>hibernate cfg file, say jboss.idm.hibernate.cfg.xml.</para>
+ </listitem>
+ </itemizedlist>
-
+ <para>With regard to the detail of jboss idm configuration file, you can refer to the configuration documentation.</para>
+ <para>So, if we want to deploy the idm into container with a specified JNDI name, we need to have a deployment
+ file to define the JNDI and other neccessary properties.</para>
+ <para>
+ For the integration with JBoss AS5, the AS5 has a great deployment feature, we've built our own deployer to
+ extend it, so that the AS can listen on the -jboss-idm.xml suffix file to start the IdentitySessionFactory.
+ </para>
+ <para>
+ Basically, we had two deployer, one is: IDMConfigParsingDeployer class, which is taking responsible for
+ parsing files that ends with the -jboss-idm.xml suffix into Java object. The other is: IDMDeployer class,
+ this one is to do the real job, which means it might populate the schema, initial dataset into target db,
+ and then start the IdentitySessionFactory, register it into the JNDI with the specified name at last.
+ </para>
+ <para>
+ We will see a very typical deployment file looks like. (default-jboss-idm.xml)
+ </para>
+ <programlisting>
+ <![CDATA[
+<?xml version="1.0" encoding="UTF-8"?>
+<jboss-idm-deployer xmlns="urn:jboss:identity:idm:deployer:v1_0_alpha"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:identity:idm:deployer:v1_0_alpha identity-deployer.xsd">
+ <JNDIName>java:/IdentitySessionFactory</JNDIName>
+ <idmConfigFile>jboss.idm.cfg.xml</idmConfigFile>
+ <hibernateDeployer>
+ <hibernateConfiguration>jboss.idm.hibernate.cfg.xml</hibernateConfiguration>
+<hibernateSessionFactoryJNDIName>java:/IDMHibernateSessionFactory</hibernateSessionFactoryJNDIName>
+ </hibernateDeployer>
+ <initializers>
+ <datasource>java:/jbossidmDS</datasource>
+ <sqlInitializer>
+ <sqlFile>idm-sql/jboss.idm.@database@.create.sql</sqlFile>
+ <exitSQL>select * from jbid_io</exitSQL>
+ </sqlInitializer>
+ </initializers>
+</jboss-idm-deployer>
+ ]]>
+ </programlisting>
+
+ <itemizedlist>
+ <listitem>
+ <para>The deployment file must be named -jboss-idm.xml as suffix, otherwise, it won't be recoginzed
+ in the JBoss AS5 container.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The "JNDIName" and "idmConfigFile" attributes are required. The JNDIName is the name for
+ keeping the started IdentitySessionFactory.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The hibernateDeployer is optional, the reason that why we had the hibernateDeployer is that
+ we can reuse the hibernateSessionFactory in the jboss idm configuration file.
+ </para>
+ </listitem>
+ <listitem>
+ <para>The Initializer is optional, it is responsible for populating the db schema
+ and initialized dataset if any.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+ <para>detailed information about the deployment file is specified in the identity-deployer.xsd file.</para>
+ <para>
+ Once you've deployed the idm into JBoss AS5, by using the distribution. It will copy the idm-deployer
+ into the JBoss AS5/server/$config/deployers folder, and the idm folder into the JBoss AS5/server/$config/deploy
+ folder, which contains the default configuration files, like the jboss.idm.cfg.xml, idm-ds.xml etc.
+ </para>
+ </chapter>
+
+ </part>
</book>
Modified: idm/trunk/idm-ldap/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
===================================================================
--- idm/trunk/idm-ldap/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2009-11-03 09:41:59 UTC (rev 901)
+++ idm/trunk/idm-ldap/src/main/java/org/jboss/identity/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2009-11-03 12:08:04 UTC (rev 902)
@@ -89,8 +89,6 @@
public class LDAPIdentityStoreImpl implements IdentityStore
{
- //TODO: external JNDI
- //TODO: more options for connection configuration
//TODO: JNDI connection credentials encoding (pluggable?)
private static Logger log = Logger.getLogger(LDAPIdentityStoreImpl.class.getName());
Modified: idm/trunk/pom.xml
===================================================================
--- idm/trunk/pom.xml 2009-11-03 09:41:59 UTC (rev 901)
+++ idm/trunk/pom.xml 2009-11-03 12:08:04 UTC (rev 902)
@@ -26,6 +26,7 @@
<module>idm-auth</module>
<module>idm-testsuite</module>
<module>integration</module>
+ <module>idm-doc</module>
<module>example/simple</module>
<module>example/auth</module>
<module>example/auth-simple</module>
16 years, 6 months
- 1
- 0
JBoss Identity SVN: r901 - idm/trunk/idm-hibernate.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-11-03 04:41:59 -0500 (Tue, 03 Nov 2009)
New Revision: 901
Modified:
idm/trunk/idm-hibernate/pom.xml
Log:
- fix the build
Modified: idm/trunk/idm-hibernate/pom.xml
===================================================================
--- idm/trunk/idm-hibernate/pom.xml 2009-11-03 01:22:13 UTC (rev 900)
+++ idm/trunk/idm-hibernate/pom.xml 2009-11-03 09:41:59 UTC (rev 901)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.jboss.identity.idm</groupId>
<artifactId>idm-parent</artifactId>
- <version>1.0.0-BETA4-SNAPSHOT</version>
+ <version>1.0.0-Beta4-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
16 years, 6 months
- 1
- 0
JBoss Identity SVN: r900 - in idm/trunk: example/simple and 16 other directories.
by jboss-identity-commits@lists.jboss.org
Author: bdaw
Date: 2009-11-02 20:22:13 -0500 (Mon, 02 Nov 2009)
New Revision: 900
Added:
idm/trunk/example/simple/src/test/resources/ehcache.xml
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/EventListener.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityTypeEventListener.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RelationshipEventListener.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleEventListener.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleTypeEventListener.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/cache/APICacheProvider.java
idm/trunk/idm-doc/
idm/trunk/idm-doc/ReferenceGuide/
idm/trunk/idm-doc/ReferenceGuide/en/
idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml
idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml
idm/trunk/idm-doc/ReferenceGuide/en/images/
idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-api-spi.png
idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-global-arch.png
idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-global-realm.png
idm/trunk/idm-doc/ReferenceGuide/en/images/SPI1.png
idm/trunk/idm-doc/ReferenceGuide/en/images/SPI2.png
idm/trunk/idm-doc/ReferenceGuide/en/images/SPI3.png
idm/trunk/idm-doc/ReferenceGuide/pom.xml
idm/trunk/idm-doc/pom.xml
Removed:
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEvent.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventBroadcaster.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventEmitter.java
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventListener.java
Modified:
idm/trunk/example/simple/pom.xml
idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity-classes.cfg.xml
idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity.cfg.xml
idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/IdentitySession.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/IdentitySessionImpl.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/context/IdentitySessionContext.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AbstractManager.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AttributesManagerImpl.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RelationshipManagerImpl.java
idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RoleManagerImpl.java
idm/trunk/idm-hibernate/pom.xml
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObject.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectAttribute.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttribute.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttributeValue.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredential.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredentialType.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationship.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipName.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipType.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectTextAttribute.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectType.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateRealm.java
idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java
idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity-classes.cfg.xml
idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity.cfg.xml
idm/trunk/integration/jboss5/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMService.java
Log:
- Performance tweaks (incl Viliam work)
- Event API
- Raw draft of docs
Modified: idm/trunk/example/simple/pom.xml
===================================================================
--- idm/trunk/example/simple/pom.xml 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/example/simple/pom.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -72,6 +72,29 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>net.sf.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>1.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-ehcache</artifactId>
+ <version>3.3.0.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>1.3.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.1</version>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
@@ -95,6 +118,32 @@
<version>3.2.76</version>
<scope>test</scope>
</dependency>
+
+ <!--Because of cache usage-->
+ <dependency>
+ <groupId>net.sf.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>1.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-ehcache</artifactId>
+ <version>3.3.0.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>1.3.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.1</version>
+ </dependency>
+
</dependencies>
<build>
Added: idm/trunk/example/simple/src/test/resources/ehcache.xml
===================================================================
--- idm/trunk/example/simple/src/test/resources/ehcache.xml (rev 0)
+++ idm/trunk/example/simple/src/test/resources/ehcache.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,16 @@
+<ehcache>
+
+ <diskStore path="java.io.tmpdir"/>
+
+ <defaultCache
+ maxElementsInMemory="10000"
+ eternal="false"
+ timeToIdleSeconds="120"
+ timeToLiveSeconds="120"
+ overflowToDisk="false"
+ diskPersistent="false"
+ diskExpiryThreadIntervalSeconds="120"
+ memoryStoreEvictionPolicy="LFU"
+ />
+
+</ehcache>
Modified: idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity-classes.cfg.xml
===================================================================
--- idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity-classes.cfg.xml 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity-classes.cfg.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -27,10 +27,11 @@
"http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
+ <property name="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</property>
- <property name="show_sql">false</property>
- <property name="cache.use_second_level_cache">true</property>
- <property name="cache.use_query_cache">false</property>
+ <property name="hibernate.show_sql">false</property>
+ <property name="hibernate.cache.use_second_level_cache">true</property>
+ <property name="hibernate.cache.use_query_cache">true</property>
<property name="current_session_context_class">thread</property>
Modified: idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity.cfg.xml
===================================================================
--- idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity.cfg.xml 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/example/simple/src/test/resources/hibernate-jboss-identity.cfg.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -28,10 +28,14 @@
<hibernate-configuration>
<session-factory>
+
+ <property name="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</property>
+
<property name="show_sql">false</property>
<property name="cache.use_second_level_cache">true</property>
- <property name="cache.use_query_cache">false</property>
+ <property name="cache.use_query_cache">true</property>
+
<property name="current_session_context_class">thread</property>
<!--<property name="connection.datasource"></property>-->
Modified: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/IdentitySession.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/IdentitySession.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/IdentitySession.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -31,6 +31,7 @@
import org.jboss.identity.idm.api.query.UserQueryBuilder;
import org.jboss.identity.idm.api.query.RoleQueryBuilder;
import org.jboss.identity.idm.api.query.QueryException;
+import org.jboss.identity.idm.api.event.EventListener;
import java.util.Collection;
import java.util.List;
@@ -216,6 +217,11 @@
*/
List<Role> list(RoleQuery roleQuery) throws QueryException;
+ /**
+ * Register EventListener
+ *
+ * @param listener
+ */
+ void registerListener(EventListener listener);
-
}
\ No newline at end of file
Added: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/EventListener.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/EventListener.java (rev 0)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/EventListener.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,28 @@
+package org.jboss.identity.idm.api.event;/*
+* JBoss, a division of Red Hat
+* Copyright 2009, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+/**
+ * Parent EventListener
+ */
+public abstract interface EventListener
+{
+}
Deleted: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEvent.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEvent.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEvent.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -1,31 +0,0 @@
-///*
-//* JBoss, a division of Red Hat
-//* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
-//* by the @authors tag. See the copyright.txt in the distribution for a
-//* full listing of individual contributors.
-//*
-//* This is free software; you can redistribute it and/or modify it
-//* under the terms of the GNU Lesser General Public License as
-//* published by the Free Software Foundation; either version 2.1 of
-//* the License, or (at your option) any later version.
-//*
-//* This software is distributed in the hope that it will be useful,
-//* but WITHOUT ANY WARRANTY; without even the implied warranty of
-//* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-//* Lesser General Public License for more details.
-//*
-//* You should have received a copy of the GNU Lesser General Public
-//* License along with this software; if not, write to the Free
-//* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-//* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-//*/
-//
-//package org.jboss.identity.idm.api.event;
-//
-///**
-// * @author boleslaw dot dawidowicz at redhat anotherdot com
-// * @version : 0.1 $
-// */
-//public class IdentityEvent
-//{
-//}
\ No newline at end of file
Deleted: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventBroadcaster.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventBroadcaster.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventBroadcaster.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -1,41 +0,0 @@
-///******************************************************************************
-// * JBoss, a division of Red Hat *
-// * Copyright 2006, Red Hat Middleware, LLC, and individual *
-// * contributors as indicated by the @authors tag. See the *
-// * copyright.txt in the distribution for a full listing of *
-// * individual contributors. *
-// * *
-// * This is free software; you can redistribute it and/or modify it *
-// * under the terms of the GNU Lesser General Public License as *
-// * published by the Free Software Foundation; either version 2.1 of *
-// * the License, or (at your option) any later version. *
-// * *
-// * This software is distributed in the hope that it will be useful, *
-// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
-// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
-// * Lesser General Public License for more details. *
-// * *
-// * You should have received a copy of the GNU Lesser General Public *
-// * License along with this software; if not, write to the Free *
-// * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
-// * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
-// ******************************************************************************/
-//package org.jboss.identity.idm.api.event;
-//
-//import org.jboss.identity.idm.api.event.IdentityEvent;
-//
-///**
-// * Interface that allow event firing.
-// *
-// * @author <a href="mailto:julien@jboss.org">Julien Viet</a>
-// * @version $Revision: 1.1 $
-// */
-//public interface IdentityEventBroadcaster
-//{
-// /**
-// * Fire an event.
-// *
-// * @param event the event to fire
-// */
-// void fireEvent(IdentityEvent event);
-//}
\ No newline at end of file
Deleted: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventEmitter.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventEmitter.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventEmitter.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -1,48 +0,0 @@
-///******************************************************************************
-// * JBoss, a division of Red Hat *
-// * Copyright 2006, Red Hat Middleware, LLC, and individual *
-// * contributors as indicated by the @authors tag. See the *
-// * copyright.txt in the distribution for a full listing of *
-// * individual contributors. *
-// * *
-// * This is free software; you can redistribute it and/or modify it *
-// * under the terms of the GNU Lesser General Public License as *
-// * published by the Free Software Foundation; either version 2.1 of *
-// * the License, or (at your option) any later version. *
-// * *
-// * This software is distributed in the hope that it will be useful, *
-// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
-// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
-// * Lesser General Public License for more details. *
-// * *
-// * You should have received a copy of the GNU Lesser General Public *
-// * License along with this software; if not, write to the Free *
-// * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
-// * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
-// ******************************************************************************/
-//package org.jboss.identity.idm.api.event;
-//
-//import org.jboss.identity.idm.api.event.IdentityEventListener;
-//
-///**
-// * Interface that allows registration management of identity event listeners.
-// *
-// * @author <a href="mailto:julien@jboss.org">Julien Viet</a>
-// * @version $Revision: 1.1 $
-// */
-//public interface IdentityEventEmitter
-//{
-// /**
-// * Add a listener.
-// *
-// * @param listener the listener for all identity events
-// */
-// void addListener(IdentityEventListener listener);
-//
-// /**
-// * Remove a listener.
-// *
-// * @param listener the listener
-// */
-// void removeListener(IdentityEventListener listener);
-//}
\ No newline at end of file
Deleted: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventListener.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventListener.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityEventListener.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -1,41 +0,0 @@
-///******************************************************************************
-// * JBoss, a division of Red Hat *
-// * Copyright 2006, Red Hat Middleware, LLC, and individual *
-// * contributors as indicated by the @authors tag. See the *
-// * copyright.txt in the distribution for a full listing of *
-// * individual contributors. *
-// * *
-// * This is free software; you can redistribute it and/or modify it *
-// * under the terms of the GNU Lesser General Public License as *
-// * published by the Free Software Foundation; either version 2.1 of *
-// * the License, or (at your option) any later version. *
-// * *
-// * This software is distributed in the hope that it will be useful, *
-// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
-// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
-// * Lesser General Public License for more details. *
-// * *
-// * You should have received a copy of the GNU Lesser General Public *
-// * License along with this software; if not, write to the Free *
-// * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
-// * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
-// ******************************************************************************/
-//package org.jboss.identity.idm.api.event;
-//
-//import org.jboss.identity.idm.api.event.IdentityEvent;
-//
-///**
-// * An event listener.
-// *
-// * @author <a href="mailto:julien@jboss.org">Julien Viet</a>
-// * @version $Revision: 1.1 $
-// */
-//public interface IdentityEventListener
-//{
-// /**
-// * Fire event on the listener.
-// *
-// * @param event the identity event
-// */
-// void onEvent(IdentityEvent event);
-//}
\ No newline at end of file
Added: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityTypeEventListener.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityTypeEventListener.java (rev 0)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/IdentityTypeEventListener.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,113 @@
+package org.jboss.identity.idm.api.event;
+
+import org.jboss.identity.idm.api.IdentityType;
+import org.jboss.identity.idm.api.Attribute;
+import org.jboss.identity.idm.api.User;
+import org.jboss.identity.idm.api.Credential;/*
+* JBoss, a division of Red Hat
+* Copyright 2009, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+/**
+ * EventListener related to actions performed on IdentityType
+ */
+public interface IdentityTypeEventListener extends EventListener
+{
+
+ /**
+ * Method invoked before given IdentityType is created
+ * @param identityType
+ */
+ void preCreate(IdentityType identityType);
+
+ /**
+ * Method invoked after given IdentityType is created
+ * @param identityType
+ */
+ void postCreate(IdentityType identityType);
+
+ /**
+ * Method invoked before given IdentityType is removed
+ * @param identityType
+ */
+ void preRemove(IdentityType identityType);
+
+ /**
+ * Method invoked after given IdentityType is removed
+ * @param identityType
+ */
+ void postRemove(IdentityType identityType);
+
+ /**
+ * Method invoked before attributes are added for a given IdentityType
+ * @param identityType
+ * @param attributes
+ */
+ void preAttributesAdd(IdentityType identityType, Attribute[] attributes);
+
+ /**
+ * Method invoked after attributes are added for a given IdentityType
+ * @param identityType
+ * @param attributes
+ */
+ void postAttributesAdd(IdentityType identityType, Attribute[] attributes);
+
+ /**
+ * Method invoked before attributes are removed for a given IdentityType
+ * @param identityType
+ * @param attributes
+ */
+ void preAttributesRemove(IdentityType identityType, String[] attributes);
+
+ /**
+ * Method invoked after attributes are removed for a given IdentityType
+ * @param identityType
+ * @param attributes
+ */
+ void postAttributesRemove(IdentityType identityType, String[] attributes);
+
+ /**
+ * Method invoked before attributes are updated for a given IdentityType
+ * @param identityType
+ * @param attributes
+ */
+ void preAttributesUpdate(IdentityType identityType, Attribute[] attributes);
+
+ /**
+ * Method invoked after attributes are updated for a given IdentityType
+ * @param identityType
+ * @param attributes
+ */
+ void postAttributesUpdate(IdentityType identityType, Attribute[] attributes);
+
+ /**
+ * Method invoked before credential is updated for a given User
+ * @param user
+ * @param credential
+ */
+ void preCredentialUpdate(User user, Credential credential);
+
+ /**
+ * Method invoked after credential is updated for a given User
+ * @param user
+ * @param credential
+ */
+ void postCredentialUpdate(User user, Credential credential);
+}
Added: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RelationshipEventListener.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RelationshipEventListener.java (rev 0)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RelationshipEventListener.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,93 @@
+package org.jboss.identity.idm.api.event;
+
+import org.jboss.identity.idm.api.Group;
+import org.jboss.identity.idm.api.User;/*
+* JBoss, a division of Red Hat
+* Copyright 2009, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+/**
+ * EventListener related to relationships operations
+ */
+public interface RelationshipEventListener extends EventListener
+{
+
+ /**
+ * Method invoked before association is created between Group and User
+ * @param parent
+ * @param member
+ */
+ void preUserAssociationCreate(Group parent, User member);
+
+ /**
+ * Method invoked before association is created between Groups
+ * \
+ * @param parent
+ * @param member
+ */
+ void preGroupAssociationCreate(Group parent, Group member);
+
+ /**
+ * Method invoked after association is created between Group and User
+ *
+ * @param parent
+ * @param member
+ */
+ void postUserAssociationCreate(Group parent, User member);
+
+ /**
+ * Method invoked after association is created between Groups
+ *
+ * @param parent
+ * @param member
+ */
+ void postGroupAssociationCreate(Group parent, Group member);
+
+ /**
+ * Method invoked before association is removed between Group and User
+ * @param parent
+ * @param member
+ */
+ void preUserAssociationRemove(Group parent, User member);
+
+ /**
+ * Method invoked before association is removed between Groups
+ * @param parent
+ * @param member
+ */
+ void preGroupAssociationRemove(Group parent, Group member);
+
+ /**
+ * Method invoked after association is removed between Group and User
+ *
+ * @param parent
+ * @param member
+ */
+ void postUserAssociationRemove(Group parent, User member);
+
+ /**
+ * Method invoked after association is removed between Groups
+ *
+ * @param parent
+ * @param member
+ */
+ void postGroupAssociationRemove(Group parent, Group member);
+
+}
Added: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleEventListener.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleEventListener.java (rev 0)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleEventListener.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,86 @@
+package org.jboss.identity.idm.api.event;
+
+import org.jboss.identity.idm.api.Role;
+
+import java.util.Map;
+import java.util.Collection;/*
+* JBoss, a division of Red Hat
+* Copyright 2009, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+/**
+ * EventListener related to actions performed on a Role
+ */
+public interface RoleEventListener extends EventListener
+{
+
+ /**
+ * Method invoked before Role is created
+ * @param role
+ */
+ void preCreate(Role role);
+
+ /**
+ * Method invoked after Role is created
+ * @param role
+ */
+ void postCreate(Role role);
+
+ /**
+ * Method invoked before Role is created
+ * @param role
+ */
+ void preRemove(Role role);
+
+ /**
+ * Method invoked after Role is created
+ * @param role
+ */
+ void postRemove(Role role);
+
+ /**
+ * Method invoked before properties are set
+ * @param role
+ * @param properties
+ */
+ void prePropertiesSet(Role role, Map<String, String> properties);
+
+ /**
+ * Method invoked after properties are set
+ * @param role
+ * @param properties
+ */
+ void postPropertiesSet(Role role, Map<String, String> properties);
+
+ /**
+ * Method invoked before properties are removed
+ * @param role
+ * @param names
+ */
+ void prePropertiesRemove(Role role, Collection<String> names);
+
+ /**
+ * Method invoked after properties are removed
+ * @param role
+ * @param names
+ */
+ void postPropertiesRemove(Role role, Collection<String> names);
+
+}
Added: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleTypeEventListener.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleTypeEventListener.java (rev 0)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/api/event/RoleTypeEventListener.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,88 @@
+package org.jboss.identity.idm.api.event;
+
+import org.jboss.identity.idm.api.RoleType;
+
+import java.util.Map;
+import java.util.Collection;/*
+* JBoss, a division of Red Hat
+* Copyright 2009, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+/**
+ * EventListener related to actions performed on a RoleType
+ */
+public interface RoleTypeEventListener extends EventListener
+{
+
+ /**
+ * Method invoked before RoleType is created
+ * @param roleType
+ */
+ void preCreate(RoleType roleType);
+
+ /**
+ * Method invoked after RoleType is created
+ * @param roleType
+ */
+ void postCreate(RoleType roleType);
+
+ /**
+ * Method invoked before RoleType is created
+ * @param roleType
+ */
+ void preRemove(RoleType roleType);
+
+ /**
+ * Method invoked after RoleType is created
+ * @param roleType
+ */
+ void postRemove(RoleType roleType);
+
+ /**
+ * Method invoked before properties are set
+ * @param roleType
+ * @param properties
+ */
+ void prePropertiesSet(RoleType roleType, Map<String, String> properties);
+
+ /**
+ * Method invoked after properties are set
+ * @param roleType
+ * @param properties
+ */
+ void postPropertiesSet(RoleType roleType, Map<String, String> properties);
+
+ /**
+ * Method invoked before properties are removed
+ * @param roleType
+ * @param names
+ */
+ void prePropertiesRemove(RoleType roleType, Collection<String> names);
+
+ /**
+ * Method invoked after properties are removed
+ * @param roleType
+ * @param names
+ */
+ void postPropertiesRemove(RoleType roleType, Collection<String> names);
+
+
+
+}
Added: idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/cache/APICacheProvider.java
===================================================================
--- idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/cache/APICacheProvider.java (rev 0)
+++ idm/trunk/idm-api/src/main/java/org/jboss/identity/idm/cache/APICacheProvider.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,156 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.identity.idm.cache;
+
+import org.jboss.identity.idm.api.Attribute;
+import org.jboss.identity.idm.api.Group;
+import org.jboss.identity.idm.api.IdentitySearchCriteria;
+import org.jboss.identity.idm.api.Role;
+import org.jboss.identity.idm.api.User;
+import org.jboss.identity.idm.api.query.GroupQuery;
+import org.jboss.identity.idm.api.query.RoleQuery;
+import org.jboss.identity.idm.api.query.UserQuery;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Cache provider for Identity API. Namespaces enable flexible use (per realm or per session)
+ *
+ * @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
+ * @version : 0.1 $
+ */
+public interface APICacheProvider
+{
+
+ /**
+ * Generate realm namespace.
+ *
+ * @param realmId - if null will generate root namespace
+ * @return
+ */
+ String getNamespace(String realmId);
+
+ /**
+ * Generate namespace based on realm and session ids.
+ *
+ * @param realmId if null will generate root namespace
+ * @param sessionId if null will generate realm namespace
+ * @return
+ */
+ String getNamespace(String realmId, String sessionId);
+
+
+ // Persistence Manager
+
+
+ void putUser(String ns, User user);
+
+ User getUser(String ns, String id);
+
+ void removeUser(String ns, String id);
+
+ void putUsers(String ns, IdentitySearchCriteria criteria, Collection<User> users);
+
+ Collection<User> getUsers(String ns, IdentitySearchCriteria criteria);
+
+ void invalidateUsers(String ns);
+
+ void putUserCount(String ns, int count);
+
+ int getUserCount(String ns);
+
+ void invalidateUserCount(String ns);
+
+ //
+
+ void putGroup(String ns, Group group);
+
+ Group getGroup(String ns, String groupType, String groupName);
+
+ void removeGroup(String ns, String groupType, String groupName);
+
+ void putGroups(String ns, IdentitySearchCriteria criteria, Collection<Group> groups);
+
+ void invalidateGroups(String ns);
+
+ void putGroupCount(String ns, String groupType, int count);
+
+ int getGroupCount(String ns, String groupType);
+
+ void invalidateGroupCount(String ns, String groupType);
+
+
+ // Attribute
+ void putAttributes(String ns, String id, Map<String, Attribute> attributes);
+
+ Map<String, Attribute> getAttributes(String ns, String id);
+
+
+ // Queries
+
+ void putUserQuery(String ns, UserQuery q, Collection<User> results);
+
+ void putUserQueryList(String ns, UserQuery q, List<User> results);
+
+ void putUserQueryUnique(String ns, UserQuery q, User user);
+
+ Collection<User> getUserQuery(String ns, UserQuery q, Collection<User> results);
+
+ List<User> getUserQueryList(String ns, UserQuery q, List<User> results);
+
+ User getUserQueryUnique(String ns, UserQuery q, User user);
+
+ void invalidateUserQueries(String ns);
+
+ //
+ void putGroupQuery(String ns, GroupQuery q, Collection<Group> results);
+
+ void putGroupQueryList(String ns, GroupQuery q, List<Group> results);
+
+ void putGroupQueryUnique(String ns, GroupQuery q, Group group);
+
+ Collection<Group> getGroupQuery(String ns, GroupQuery q, Collection<Group> results);
+
+ List<Group> getGroupQueryList(String ns, GroupQuery q, List<Group> results);
+
+ Group getGroupQueryUnique(String ns, GroupQuery q, Group group);
+
+ void invalidateGroupQueries(String ns);
+
+ //
+ void putRoleQuery(String ns, RoleQuery q, Collection<Role> results);
+
+ void putRoleQueryList(String ns, RoleQuery q, List<Role> results);
+
+ void putRoleQueryUnique(String ns, RoleQuery q, Role role);
+
+ Collection<Role> getRoleQuery(String ns, RoleQuery q, Collection<Role> results);
+
+ List<Role> getRoleQueryList(String ns, RoleQuery q, List<Role> results);
+
+ Role getRoleQueryUnique(String ns, RoleQuery q, Role role);
+
+ void invalidateRoleQueries(String ns);
+
+}
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/IdentitySessionImpl.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/IdentitySessionImpl.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/IdentitySessionImpl.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -25,6 +25,7 @@
import java.io.Serializable;
import java.util.Collection;
import java.util.List;
+import java.util.LinkedList;
import org.jboss.identity.idm.api.IdentitySession;
import org.jboss.identity.idm.api.Transaction;
@@ -35,6 +36,7 @@
import org.jboss.identity.idm.api.User;
import org.jboss.identity.idm.api.Group;
import org.jboss.identity.idm.api.Role;
+import org.jboss.identity.idm.api.event.EventListener;
import org.jboss.identity.idm.api.query.UserQuery;
import org.jboss.identity.idm.api.query.GroupQuery;
import org.jboss.identity.idm.api.query.RoleQuery;
@@ -94,6 +96,8 @@
private final RoleQueryExecutorImpl roleQueryExecutor;
+ private final Collection<EventListener> listeners = new LinkedList<EventListener>();
+
public IdentitySessionContext getSessionContext()
{
return sessionContext;
@@ -262,4 +266,14 @@
{
return roleQueryExecutor.list((RoleQueryImpl)roleQuery);
}
+
+ public void registerListener(EventListener listener)
+ {
+ listeners.add(listener);
+ }
+
+ public Collection<EventListener> getListeners()
+ {
+ return listeners;
+ }
}
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/context/IdentitySessionContext.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/context/IdentitySessionContext.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/context/IdentitySessionContext.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -39,4 +39,6 @@
IdentityStoreInvocationContext resolveStoreInvocationContext();
+
+
}
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AbstractManager.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AbstractManager.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AbstractManager.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -22,22 +22,15 @@
package org.jboss.identity.idm.impl.api.session.managers;
-import org.jboss.identity.idm.api.IdentitySession;
-import org.jboss.identity.idm.api.User;
-import org.jboss.identity.idm.api.Group;
-import org.jboss.identity.idm.api.IdentityType;
-import org.jboss.identity.idm.api.Attribute;
-import org.jboss.identity.idm.api.IdentitySearchCriteria;
-import org.jboss.identity.idm.api.Role;
+import org.jboss.identity.idm.api.*;
+import org.jboss.identity.idm.api.event.*;
import org.jboss.identity.idm.spi.repository.IdentityStoreRepository;
import org.jboss.identity.idm.spi.store.IdentityStoreInvocationContext;
import org.jboss.identity.idm.spi.model.IdentityObject;
import org.jboss.identity.idm.spi.model.IdentityObjectType;
import org.jboss.identity.idm.spi.model.IdentityObjectAttribute;
-import org.jboss.identity.idm.spi.model.IdentityObjectRelationship;
import org.jboss.identity.idm.spi.search.IdentityObjectSearchCriteria;
import org.jboss.identity.idm.impl.types.SimpleIdentityObject;
-import org.jboss.identity.idm.impl.types.SimpleIdentityObjectRelationship;
import org.jboss.identity.idm.impl.api.session.context.IdentitySessionContext;
import org.jboss.identity.idm.impl.api.session.IdentitySessionImpl;
import org.jboss.identity.idm.impl.api.model.SimpleUser;
@@ -47,16 +40,19 @@
import org.jboss.identity.idm.impl.api.IdentitySearchCriteriaImpl;
import java.io.Serializable;
+import java.util.Collection;
+import java.util.Map;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
* @version : 0.1 $
*/
-public abstract class AbstractManager implements Serializable
+public abstract class AbstractManager
+ implements Serializable, IdentityTypeEventListener, RelationshipEventListener, RoleTypeEventListener, RoleEventListener
{
- protected final IdentitySession identitySession;
+ protected final IdentitySessionImpl identitySession;
- protected AbstractManager(IdentitySession session)
+ protected AbstractManager(IdentitySessionImpl session)
{
this.identitySession = session;
}
@@ -278,4 +274,399 @@
}
}
+ public void preCreate(IdentityType identityType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).preCreate(identityType);
+ }
+ }
+ }
+
+ public void postCreate(IdentityType identityType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).postCreate(identityType);
+ }
+ }
+ }
+
+ public void preRemove(IdentityType identityType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).preRemove(identityType);
+ }
+ }
+ }
+
+ public void postRemove(IdentityType identityType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).postRemove(identityType);
+ }
+ }
+ }
+
+ public void preAttributesAdd(IdentityType identityType, Attribute[] attributes)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).preAttributesAdd(identityType, attributes);
+ }
+ }
+ }
+
+ public void postAttributesAdd(IdentityType identityType, Attribute[] attributes)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).postAttributesAdd(identityType, attributes);
+ }
+ }
+ }
+
+ public void preAttributesRemove(IdentityType identityType, String[] attributes)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).preAttributesRemove(identityType, attributes);
+ }
+ }
+ }
+
+ public void postAttributesRemove(IdentityType identityType, String[] attributes)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).postAttributesRemove(identityType, attributes);
+ }
+ }
+ }
+
+ public void preAttributesUpdate(IdentityType identityType, Attribute[] attributes)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).preAttributesUpdate(identityType, attributes);
+ }
+ }
+ }
+
+ public void postAttributesUpdate(IdentityType identityType, Attribute[] attributes)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).postAttributesUpdate(identityType, attributes);
+ }
+ }
+ }
+
+ public void preCredentialUpdate(User user, Credential credential)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).preCredentialUpdate(user, credential);
+ }
+ }
+ }
+
+ public void postCredentialUpdate(User user, Credential credential)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof IdentityTypeEventListener)
+ {
+ ((IdentityTypeEventListener)el).postCredentialUpdate(user, credential);
+ }
+ }
+ }
+
+ public void preUserAssociationCreate(Group parent, User childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).preUserAssociationCreate(parent, childs);
+ }
+ }
+ }
+
+ public void preGroupAssociationCreate(Group parent, Group childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).preGroupAssociationCreate(parent, childs);
+ }
+ }
+ }
+
+ public void postUserAssociationCreate(Group parent, User childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).postUserAssociationCreate(parent, childs);
+ }
+ }
+ }
+
+ public void postGroupAssociationCreate(Group parent, Group childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).postGroupAssociationCreate(parent, childs);
+ }
+ }
+ }
+
+ public void preUserAssociationRemove(Group parent, User childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).preUserAssociationRemove(parent, childs);
+ }
+ }
+ }
+
+ public void preGroupAssociationRemove(Group parent, Group childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).preGroupAssociationRemove(parent, childs);
+ }
+ }
+ }
+
+ public void postUserAssociationRemove(Group parent, User childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).postUserAssociationRemove(parent, childs);
+ }
+ }
+ }
+
+ public void postGroupAssociationRemove(Group parent, Group childs)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RelationshipEventListener)
+ {
+ ((RelationshipEventListener)el).postGroupAssociationRemove(parent, childs);
+ }
+ }
+ }
+
+ public void preCreate(RoleType roleType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).preCreate(roleType);
+ }
+ }
+ }
+
+ public void postCreate(RoleType roleType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).postCreate(roleType);
+ }
+ }
+ }
+
+ public void preRemove(RoleType roleType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).preRemove(roleType);
+ }
+ }
+ }
+
+ public void postRemove(RoleType roleType)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).postRemove(roleType);
+ }
+ }
+ }
+
+ public void prePropertiesSet(RoleType roleType, Map<String, String> properties)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).prePropertiesSet(roleType, properties);
+ }
+ }
+ }
+
+ public void postPropertiesSet(RoleType roleType, Map<String, String> properties)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).postPropertiesSet(roleType, properties);
+ }
+ }
+ }
+
+ public void preCreate(Role role)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).preCreate(role);
+ }
+ }
+ }
+
+ public void postCreate(Role role)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).postCreate(role);
+ }
+ }
+ }
+
+ public void preRemove(Role role)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).preRemove(role);
+ }
+ }
+ }
+
+ public void postRemove(Role role)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).postRemove(role);
+ }
+ }
+ }
+
+ public void prePropertiesSet(Role role, Map<String, String> properties)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).prePropertiesSet(role, properties);
+ }
+ }
+ }
+
+ public void postPropertiesSet(Role role, Map<String, String> properties)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).postPropertiesSet(role, properties);
+ }
+ }
+ }
+
+ public void prePropertiesRemove(RoleType roleType, Collection<String> names)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).prePropertiesRemove(roleType, names);
+ }
+ }
+ }
+
+ public void postPropertiesRemove(RoleType roleType, Collection<String> names)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleTypeEventListener)
+ {
+ ((RoleTypeEventListener)el).postPropertiesRemove(roleType, names);
+ }
+ }
+ }
+
+ public void prePropertiesRemove(Role role, Collection<String> names)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).postPropertiesRemove(role, names);
+ }
+ }
+ }
+
+ public void postPropertiesRemove(Role role, Collection<String> names)
+ {
+ for (EventListener el : identitySession.getListeners())
+ {
+ if (el instanceof RoleEventListener)
+ {
+ ((RoleEventListener)el).postPropertiesRemove(role, names);
+ }
+ }
+ }
}
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AttributesManagerImpl.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AttributesManagerImpl.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/AttributesManagerImpl.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -40,6 +40,7 @@
import org.jboss.identity.idm.impl.api.SimpleAttribute;
import org.jboss.identity.idm.impl.api.PasswordCredential;
import org.jboss.identity.idm.impl.api.SimpleCredentialType;
+import org.jboss.identity.idm.impl.api.session.IdentitySessionImpl;
import java.util.Set;
import java.util.Map;
@@ -54,7 +55,7 @@
{
private static final long serialVersionUID = 1285532201632609092L;
- public AttributesManagerImpl(IdentitySession session)
+ public AttributesManagerImpl(IdentitySessionImpl session)
{
super(session);
}
@@ -180,8 +181,12 @@
checkNotNullArgument(identity, "IdentityType");
checkNotNullArgument(attributes, "Attributes");
+ preAttributesUpdate(identity, attributes);
+
getRepository().updateAttributes(getInvocationContext(), createIdentityObject(identity), convertAttributes(attributes));
+ postAttributesUpdate(identity, attributes);
+
}
public void updateAttributes(String id, Attribute[] attributes) throws IdentityException
@@ -221,7 +226,9 @@
Attribute[] attrs = new Attribute[]{new SimpleAttribute(attributeName, values)};
+
addAttributes(identityType, attrs);
+
}
public void addAttributes(String id, Attribute[] attributes) throws IdentityException
@@ -276,7 +283,13 @@
{
checkNotNullArgument(identityType, "IdentityType");
checkNotNullArgument(attributes, "Attributes");
+
+
+ preAttributesAdd(identityType, attributes);
+
getRepository().addAttributes(getInvocationContext(), createIdentityObject(identityType), convertAttributes(attributes));
+
+ postAttributesAdd(identityType, attributes);
}
@@ -285,7 +298,12 @@
{
checkNotNullArgument(identityType, "IdentityType");
checkNotNullArgument(attributeNames, "Attribute names");
+
+ preAttributesRemove(identityType, attributeNames);
+
getRepository().removeAttributes(getInvocationContext(), createIdentityObject(identityType), attributeNames);
+
+ postAttributesRemove(identityType, attributeNames);
}
public void removeAttributes(String id, String[] attributeNames) throws IdentityException
@@ -316,7 +334,13 @@
{
checkNotNullArgument(user, "User");
checkNotNullArgument(password, "Password");
+
+ preCredentialUpdate(user, new PasswordCredential(password));
+
getRepository().updateCredential(getInvocationContext(), createIdentityObject(user), new PasswordCredential(password));
+
+ postCredentialUpdate(user, new PasswordCredential(password));
+
}
public boolean isCredentialTypeSupported(CredentialType credentialType) throws IdentityException
@@ -362,7 +386,11 @@
if (credential instanceof IdentityObjectCredential)
{
+ preCredentialUpdate(user, credential);
+
getRepository().updateCredential(getInvocationContext(), createIdentityObject(user), (IdentityObjectCredential)credential);
+
+ postCredentialUpdate(user, credential);
}
else
{
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/PersistenceManagerImpl.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -22,19 +22,18 @@
package org.jboss.identity.idm.impl.api.session.managers;
-import org.jboss.identity.idm.api.PersistenceManager;
-import org.jboss.identity.idm.api.User;
-import org.jboss.identity.idm.api.Group;
-import org.jboss.identity.idm.api.IdentitySession;
-import org.jboss.identity.idm.api.PersistenceManagerFeaturesDescription;
-import org.jboss.identity.idm.api.IdentitySearchCriteria;
-import org.jboss.identity.idm.api.IdentitySearchCriteriumType;
+import org.jboss.identity.idm.api.*;
+import org.jboss.identity.idm.api.event.IdentityTypeEventListener;
+import org.jboss.identity.idm.api.event.EventListener;
import org.jboss.identity.idm.common.exception.IdentityException;
import org.jboss.identity.idm.spi.model.IdentityObjectType;
import org.jboss.identity.idm.spi.model.IdentityObject;
import org.jboss.identity.idm.spi.store.IdentityObjectSearchCriteriaType;
import org.jboss.identity.idm.impl.api.session.managers.AbstractManager;
+import org.jboss.identity.idm.impl.api.session.IdentitySessionImpl;
import org.jboss.identity.idm.impl.api.model.GroupId;
+import org.jboss.identity.idm.impl.api.model.SimpleUser;
+import org.jboss.identity.idm.impl.api.model.SimpleGroup;
import java.util.Collection;
import java.util.List;
@@ -54,7 +53,7 @@
private static final long serialVersionUID = -4691446225503953920L;
- public PersistenceManagerImpl(IdentitySession session)
+ public PersistenceManagerImpl(IdentitySessionImpl session)
{
super(session);
@@ -123,8 +122,12 @@
IdentityObjectType iot = getUserObjectType();
+ preCreate(new SimpleUser(identityName));
+
IdentityObject identityObject = getRepository().createIdentityObject(getInvocationContext(), identityName, iot);
+ postCreate(new SimpleUser(identityName));
+
return createUser(identityObject);
}
@@ -137,8 +140,12 @@
IdentityObjectType iot = getIdentityObjectType(groupType);
+ preCreate(new SimpleGroup(groupName, groupType));
+
IdentityObject identityObject = getRepository().createIdentityObject(getInvocationContext(), groupName, iot);
+ postCreate(new SimpleGroup(groupName, groupType));
+
return createGroup(identityObject);
}
@@ -155,13 +162,24 @@
public void removeUser(User user, boolean force) throws IdentityException
{
checkNotNullArgument(user, "User");
+
+ preRemove(user);
+
getRepository().removeIdentityObject(getInvocationContext(), createIdentityObject(user));
+
+ postRemove(user);
}
public void removeUser(String userName, boolean force) throws IdentityException
{
checkNotNullArgument(userName, "User name");
+
+ preRemove(new SimpleUser(userName));
+
getRepository().removeIdentityObject(getInvocationContext(), createIdentityObjectForUserName(userName));
+
+ postRemove(new SimpleUser(userName));
+
}
public void removeGroup(Group group, boolean force) throws IdentityException
@@ -170,7 +188,11 @@
//TODO: force
+ preRemove(group);
+
getRepository().removeIdentityObject(getInvocationContext(), createIdentityObject(group));
+
+ postRemove(group);
}
public void removeGroup(String groupId, boolean force) throws IdentityException
@@ -179,7 +201,12 @@
//TODO: force
+ preRemove(new SimpleGroup(new GroupId(groupId)));
+
getRepository().removeIdentityObject(getInvocationContext(), createIdentityObjectForGroupId(groupId));
+
+ postRemove(new SimpleGroup(new GroupId(groupId)));
+
}
public int getUserCount() throws IdentityException
@@ -280,9 +307,6 @@
return findGroup(groupType, (IdentitySearchCriteria) null);
}
-// public boolean isVirtual(User user)
-// {
-// //TODO:NYI
-// throw new NotYetImplementedException("Postponed");
-// }
+
+
}
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RelationshipManagerImpl.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RelationshipManagerImpl.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RelationshipManagerImpl.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -37,7 +37,11 @@
import org.jboss.identity.idm.spi.model.IdentityObjectType;
import org.jboss.identity.idm.spi.store.IdentityObjectSearchCriteriaType;
import org.jboss.identity.idm.impl.api.session.managers.AbstractManager;
+import org.jboss.identity.idm.impl.api.session.IdentitySessionImpl;
import org.jboss.identity.idm.impl.api.IdentitySearchCriteriaImpl;
+import org.jboss.identity.idm.impl.api.model.SimpleGroup;
+import org.jboss.identity.idm.impl.api.model.GroupId;
+import org.jboss.identity.idm.impl.api.model.SimpleUser;
import java.util.Collection;
import java.util.Iterator;
@@ -66,7 +70,7 @@
private static final long serialVersionUID = -1054805796187123311L;
- public RelationshipManagerImpl(IdentitySession session)
+ public RelationshipManagerImpl(IdentitySessionImpl session)
{
super(session);
@@ -160,6 +164,7 @@
associateGroups(parent, member);
}
}
+
}
public void associateGroups(Group parent, Collection<Group> members) throws IdentityException
@@ -200,7 +205,12 @@
checkNotNullArgument(parent, "Parent group");
checkNotNullArgument(member, "Member group");
+ preGroupAssociationCreate(parent, member);
+
getRepository().createRelationship(getInvocationContext(), createIdentityObject(parent), createIdentityObject(member), MEMBER, null, true);
+
+ postGroupAssociationCreate(parent, member);
+
}
@@ -209,7 +219,16 @@
checkNotNullArgument(parentId, "Parent Id");
checkNotNullArgument(memberId, "Member Id");
+ Group parent = new SimpleGroup(new GroupId(parentId));
+ Group member = new SimpleGroup(new GroupId(memberId));
+
+
+ preGroupAssociationCreate(parent, member);
+
getRepository().createRelationship(getInvocationContext(), createIdentityObjectForGroupId(parentId), createIdentityObjectForGroupId(memberId), MEMBER, null, true);
+
+ postGroupAssociationCreate(parent, member);
+
}
public void associateUsers(Collection<Group> parents, Collection<User> members) throws IdentityException
@@ -271,7 +290,12 @@
checkNotNullArgument(parent, "Parent group");
checkNotNullArgument(member, "Member user");
+ preUserAssociationCreate(parent, member);
+
getRepository().createRelationship(getInvocationContext(), createIdentityObject(parent), createIdentityObject(member), MEMBER, null, true);
+
+ postUserAssociationCreate(parent, member);
+
}
@@ -280,8 +304,15 @@
checkNotNullArgument(parentId, "Parent group Id");
checkNotNullArgument(memberId, "Member user Id");
+ Group parent = new SimpleGroup(new GroupId(parentId));
+ User member = new SimpleUser(memberId);
+
+ preUserAssociationCreate(parent, member);
+
getRepository().createRelationship(getInvocationContext(), createIdentityObjectForGroupId(parentId), createIdentityObjectForUserName(memberId), MEMBER, null, true);
+ postUserAssociationCreate(parent, member);
+
}
public void disassociateGroups(User user) throws IdentityException
@@ -308,6 +339,8 @@
checkNotNullArgument(parents, "parents");
checkNotNullArgument(members, "members");
+
+
for (Iterator<Group> parentsIterator = parents.iterator(); parentsIterator.hasNext();)
{
Group parent = parentsIterator.next();
@@ -316,9 +349,16 @@
{
Group member = membersIterator.next();
+ preGroupAssociationRemove(parent, member);
+
getRepository().removeRelationship(getInvocationContext(), createIdentityObject(parent), createIdentityObject(member), MEMBER, null);
+
+ postGroupAssociationRemove(parent, member);
+
}
}
+
+
}
public void disassociateGroups(Group parent, Collection<Group> members) throws IdentityException
@@ -341,7 +381,15 @@
{
String member = membersIterator.next();
+ Group parentGroup = new SimpleGroup(new GroupId(parent));
+ Group memberGroup = new SimpleGroup(new GroupId(member));
+
+ preGroupAssociationRemove(parentGroup, memberGroup);
+
getRepository().removeRelationship(getInvocationContext(), createIdentityObjectForGroupId(parent), createIdentityObjectForGroupId(member), MEMBER, null);
+
+ postGroupAssociationRemove(parentGroup, memberGroup);
+
}
}
}
@@ -366,7 +414,11 @@
{
User member = membersIterator.next();
+ preUserAssociationRemove(parent, member);
+
getRepository().removeRelationship(getInvocationContext(), createIdentityObject(parent), createIdentityObject(member), MEMBER, null);
+
+ postUserAssociationRemove(parent, member);
}
}
@@ -393,7 +445,15 @@
{
String member = membersIterator.next();
+ Group parentGroup = new SimpleGroup(new GroupId(parent));
+ User memberUser = new SimpleUser(member);
+
+ preUserAssociationRemove(parentGroup, memberUser);
+
getRepository().removeRelationship(getInvocationContext(), createIdentityObjectForGroupId(parent), createIdentityObjectForUserName(member), MEMBER, null);
+
+ postUserAssociationRemove(parentGroup, memberUser);
+
}
}
}
Modified: idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RoleManagerImpl.java
===================================================================
--- idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RoleManagerImpl.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-core/src/main/java/org/jboss/identity/idm/impl/api/session/managers/RoleManagerImpl.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -41,6 +41,7 @@
import org.jboss.identity.idm.spi.store.IdentityObjectSearchCriteriaType;
import org.jboss.identity.idm.impl.api.model.SimpleRoleType;
import org.jboss.identity.idm.impl.api.model.SimpleRole;
+import org.jboss.identity.idm.impl.api.session.IdentitySessionImpl;
import org.jboss.identity.idm.impl.types.SimpleIdentityObjectRelationship;
import java.util.Collection;
@@ -70,7 +71,7 @@
private static final long serialVersionUID = 7246982831145808636L;
- public RoleManagerImpl(IdentitySession session)
+ public RoleManagerImpl(IdentitySessionImpl session)
{
super(session);
@@ -122,7 +123,11 @@
try
{
+ preCreate(new SimpleRoleType(name));
+
roleType = getRepository().createRelationshipName(getInvocationContext(), name);
+
+ postCreate(new SimpleRoleType(name));
}
catch (OperationNotSupportedException e)
{
@@ -138,7 +143,12 @@
try
{
+ preRemove(new SimpleRoleType(name));
+
getRepository().removeRelationshipName(getInvocationContext(), name);
+
+ postRemove(new SimpleRoleType(name));
+
}
catch (OperationNotSupportedException e)
{
@@ -209,8 +219,14 @@
//TODO: add createRoleType switch to the API
+ Role _role = new SimpleRole(roleType, user, group);
+
+ preCreate(_role);
+
IdentityObjectRelationship rel = getRepository().createRelationship(getInvocationContext(), createIdentityObject(group), createIdentityObject(user), ROLE, roleType.getName(), false);
+ postCreate(_role);
+
//TODO: null id - IdentityObjectRelationship doesn't have id
return new SimpleRole(new SimpleRoleType(rel.getName()), createUser(rel.getToIdentityObject()), createGroup(rel.getFromIdentityObject()));
@@ -234,7 +250,13 @@
checkNotNullArgument(user, "User");
checkNotNullArgument(group, "Group");
+ Role _role = new SimpleRole(roleType, user, group);
+
+ preRemove(_role);
+
getRepository().removeRelationship(getInvocationContext(), createIdentityObject(group), createIdentityObject(user), ROLE, roleType.getName());
+
+ postRemove(_role);
}
public void removeRole(String roleTypeName, String userName, String groupId) throws IdentityException
@@ -253,7 +275,11 @@
{
checkNotNullArgument(role, "Role");
+ preRemove(role);
+
getRepository().removeRelationship(getInvocationContext(), createIdentityObject(role.getGroup()), createIdentityObject(role.getUser()), ROLE, role.getRoleType().getName());
+
+ postRemove(role);
}
public boolean hasRole(User user, Group group, RoleType roleType) throws IdentityException
@@ -635,8 +661,11 @@
Map<String, String> props = new HashMap<String, String>();
props.put(name, value);
+ prePropertiesSet(role, props);
getRepository().setRelationshipProperties(getInvocationContext(), createIdentityObjectRelationship(role), props);
+
+ postPropertiesSet(role, props);
}
public void setProperty(RoleType roleType, String name, String value) throws IdentityException
@@ -648,8 +677,11 @@
Map<String, String> props = new HashMap<String, String>();
props.put(name, value);
+ prePropertiesSet(roleType, props);
getRepository().setRelationshipNameProperties(getInvocationContext(), roleType.getName(), props);
+
+ postPropertiesSet(roleType, props);
}
public void setProperty(String roleTypeName, String name, String value) throws IdentityException
@@ -658,7 +690,14 @@
checkNotNullArgument(name, "Property name");
checkNotNullArgument(value, "Property value");
+ Map<String, String> props = new HashMap<String, String>();
+ props.put(name, value);
+
+ prePropertiesSet(new SimpleRoleType(roleTypeName), props);
+
setProperty(new SimpleRoleType(roleTypeName), name, value);
+
+ postPropertiesSet(new SimpleRoleType(roleTypeName), props);
}
public void setProperties(Role role, Map<String, String> properties) throws IdentityException
@@ -666,8 +705,11 @@
checkNotNullArgument(role, "Role");
checkNotNullArgument(properties, "Properties");
+ prePropertiesSet(role, properties);
getRepository().setRelationshipProperties(getInvocationContext(), createIdentityObjectRelationship(role), properties);
+
+ postPropertiesSet(role, properties);
}
public void setProperties(RoleType roleType, Map<String, String> properties) throws IdentityException
@@ -675,15 +717,23 @@
checkNotNullArgument(roleType, "RoleType");
checkNotNullArgument(properties, "Properties");
+ prePropertiesSet(roleType, properties);
getRepository().setRelationshipNameProperties(getInvocationContext(), roleType.getName(), properties);
+
+ postPropertiesSet(roleType, properties);
}
public void setProperties(String roleTypeName, Map<String, String> properties) throws IdentityException
{
checkNotNullArgument(roleTypeName, "RoleType name");
+ prePropertiesSet(new SimpleRoleType(roleTypeName), properties);
+
setProperties(new SimpleRoleType(roleTypeName), properties);
+
+ postPropertiesSet(new SimpleRoleType(roleTypeName), properties);
+
}
public void removeProperty(Role role, String name) throws IdentityException
@@ -694,7 +744,11 @@
Set<String> names = new HashSet<String>();
names.add(name);
+ prePropertiesRemove(role, names);
+
getRepository().removeRelationshipProperties(getInvocationContext(), createIdentityObjectRelationship(role), names);
+
+ postPropertiesRemove(role, names);
}
public void removeProperty(RoleType roleType, String name) throws IdentityException
@@ -705,14 +759,25 @@
Set<String> names = new HashSet<String>();
names.add(name);
+ prePropertiesRemove(roleType, names);
getRepository().removeRelationshipNameProperties(getInvocationContext(), roleType.getName(), names);
+
+ postPropertiesRemove(roleType, names);
}
public void removeProperty(String roleTypeName, String name) throws IdentityException
{
checkNotNullArgument(roleTypeName, "RoleType name");
+ Set<String> names = new HashSet<String>();
+ names.add(name);
+
+ prePropertiesRemove(new SimpleRoleType(roleTypeName), names);
+
removeProperty(new SimpleRoleType(roleTypeName), name);
+
+ postPropertiesRemove(new SimpleRoleType(roleTypeName), names);
+
}
}
Added: idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml
===================================================================
--- idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml (rev 0)
+++ idm/trunk/idm-doc/ReferenceGuide/en/Author_Group.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE authorgroup PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
+<authorgroup>
+ <corpauthor>Bolesław Dawidowicz</corpauthor>
+</authorgroup>
Added: idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml
===================================================================
--- idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml (rev 0)
+++ idm/trunk/idm-doc/ReferenceGuide/en/ReferenceGuide.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,1626 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
+ <!ENTITY % RH-ENTITIES SYSTEM "Common_Config/rh-entities.ent">
+ ]>
+<book>
+
+ <bookinfo>
+ <title>JBoss Identity IDM</title>
+
+ <subtitle>Reference Guide</subtitle>
+
+ <xi:include href="Author_Group.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude"/>
+
+ <releaseinfo>
+ 1.0.0.Beta4
+ </releaseinfo>
+
+
+ </bookinfo>
+
+ <!--<preface>-->
+ <!--<title>What this Book Covers</title>-->
+
+ <!--<para>This book aims to help you become familiar with JBoss Identity-->
+ <!--Federation in order that you can use it to build your own Federated-->
+ <!--Identity based services or applications.</para>-->
+
+ <!--<para>Part I 'Getting Started' introduces the federated identity-->
+ <!--technologies that are provided in this product. It also indicates-->
+ <!--the libraries required for the installation.</para>-->
+
+ <!--<para>Part II 'Simple Usage' describes SAML v2 Web Browser based -->
+ <!--Single Sign On (SSO).</para>-->
+
+ <!--<para>Part III 'Advanced Usage' describes SAML v2 Web Browser based SSO -->
+ <!--with advanced features such as Trust Management and XML-->
+ <!--Digital Signatures.</para>-->
+ <!---->
+ <!--<para>Part IV 'Trouble Shooting' describes some basic-->
+ <!--troubleshooting tips when things do not work the way they were intended.-->
+ <!--</para>-->
+ <!---->
+ <!--<para>Part V 'Resources' provides additional resources.-->
+ <!--</para>-->
+ <!--</preface>-->
+
+ <part>
+ <title>Design and Architecture</title>
+
+ <chapter id="main_concepts">
+ <title>Main Concepts</title>
+
+ <para>JBoss Identity IDM aims to provide a common identity model for various JBoss projects.
+ As every project has it's own specific needs it's hard to design a common API and identity model that will
+ fit all of them. Therefore JBoss Identity architecture consists of two main parts:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">Core SPI</emphasis> with an abstract identity model that provides the flexibility for defining different identity
+ object types and possible relationships between them.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis role="bold">Common API</emphasis> with a simpler identity model that fits most common use cases. Identity model has more
+ strictly defined object types and possible relationships.</para>
+ </listitem>
+ </itemizedlist>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/IDM-global-arch.png" format="PNG"/>
+ </imageobject>
+ <caption align="right">
+ <para>
+ <emphasis role="bold">JBoss Identity IDM architecture</emphasis>
+ </para>
+ </caption>
+ </mediaobject>
+ <para>
+ Too much abstraction in the API layer would confuse people using the framework.
+ One of the goals is to make the design easily extendible. Framework adopters should be able to remove the
+ API layer and reuse core SPI implementation if needed.
+ </para>
+
+ </chapter>
+
+ <chapter id="api_model">
+ <title>API Model</title>
+ <para>
+ The API operates on the identity model that is defined by a set of following interfaces:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para> org.jboss.identity.idm.api.IdentityType - is a parent interface for Group and Identity
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.Identity - represents Identity which can be a user (within organization) or a machine (in authentication or security use case)
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.Group - represents typed Group
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.GroupType - represents type of a Group. It can be an organization, organization unit, administration group, global role, community or any other entity.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.Role - represents one to one relationship between Identity and Group. Role has a type. The idea behind the concept is described below.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.RoleType - represents type of a Role.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.Attribute - represents attribute connected with IdentityType (Group or Identity). Can have many complex type values (text or binary). AttributeDescription describes such properties of Attribute like: name, type of values, readonly, multivalued, required.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.Credential - represents credential connected with Identity.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.api.CredentialType - represents type of a Credential. For example it can be text password or binary certificate.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </chapter>
+
+ <chapter id="group_and_roles">
+ <title>Groups and Roles</title>
+ <para>
+ Groups are entities that can contain other group or identity objects. They can be associated in a tree
+ like organizational structures. Those don't need to be hierarchical only as single group can be a member
+ of many other groups (can have many parents). Possible relationships between groups are shaped with group
+ types. It can be configured which different group types can be associated or even which group types can
+ or can not contain identity objects. Groups have unique names per group type. This means you can have
+ two groups with the same name but different group type.
+ </para>
+ <para>
+ Roles are direct typed connections between Identity and Group objects. If you think about a sentence:
+ "John is the Manager of XX Team" what matters is the context. So "John (Identity) is the Manager (RoleType)
+ of XX Team (Group)". The whole sentence describes the Role that John has. This type of information is hard
+ to map with typical Group object as John can be a manager of several different groups and other identities
+ (Marry, Jack, Stan...) can have the same RoleType in context of different groups (XY Team, YY Team).
+ Within each Realm (concept of Realms is described later) we can define several RoleType objects with
+ unique names. Each Role defines a unique combination of Identity, Group and RoleType within Realm.
+ Role concept is very powerful but its not natural in all identity store types. While quite easy to map in
+ a relational database it doesn't fit into every LDAP tree present in organizations. Because of this Role
+ support is optional in the API level
+ </para>
+ </chapter>
+
+ <chapter id="spi_model">
+ <title>SPI (Abstract) Model</title>
+ <para>
+ SPI Model contains following interfaces:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para> org.jboss.identity.idm.spi.model.IdentityObject - represents identity object. Contains information
+ about object name and type (IdentityObjectType). Name and IdentityObjectType pair should be unique
+ within realm.
+ </para>
+ </listitem>
+ <listitem>
+ <para>org.jboss.identity.idm.spi.model.IdentityObjectType - represents identity object type. Name of
+ IdentityType is unique.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.spi.model.IdentityObjectAttribute - attribute assigned to IdentityObject
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.spi.model.IdentityObjectCredential - credential assigned to IdentityObject
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.spi.model.IdentityObjectCredentialType - represents type of
+ IdentityObjectCredential.
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.spi.model.IdentityObjectRelationship - Directional relationship between
+ two IdentityObject objects. Relationship is directional as it keeps information about from and to
+ IdentityObject. Each IdentityObjectRelationship has a type (IdentityObjectRelationshipType) and can
+ have a name (not required).
+ </para>
+ </listitem>
+ <listitem>
+ <para> org.jboss.identity.idm.spi.model.IdentityObjectRelationshipType - named type of relationship
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ Model described above is very flexible as IdentityObjectType is able to map any kind of entities.
+ Identity object and Group/GroupType objects are only one of many possible options (API is a subset of
+ SPI possibilities). IdentityObjectRelationship defines a connection between any two IdentityObject
+ objects. Each IdentityObjectRelationship has a type. To map previously described API two
+ IdentityObjectRelationshipType objects are needed. One to map normal MEMBERSHIP like between an Identity
+ and a Group or Group and Group objects. Second one to map Role concept. For API Role - RoleType refers
+ to the name of the IdentityObjectRelationship. In default Hibernate implementation possible names of
+ IdentityObjectRelationship are kept in a separate table. All of those can be easily redefined to support
+ different kind of API.
+ </para>
+
+ </chapter>
+
+ <chapter id="architecture">
+ <title>Architecture</title>
+ <para>
+ The most important part of architecture is a split between the API and the SPI.
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/IDM-api-spi.png" format="PNG"/>
+ </imageobject>
+ <caption align="right">
+ <para>
+ <emphasis role="bold">JBoss Identity IDM architecture</emphasis>
+ </para>
+ </caption>
+ </mediaobject>
+ <para>
+ API part contains of following interfaces:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Realm - described later in this document. Groups configuration of several identity stores and exposes all of them with one consistent identity model.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ IdentitySessionFactory - Main entry point in the API. Enables to create/get IdentitySession for a given Realm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ IdentitySession - Session that groups all identity management operation. Contains transaction support and exposes four managers that handle all identity management operations.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ PersistenceManager - Operates witin IdentitySession. Performs all operations on Identity and Group objects. Create/Remove/Find
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ RelationshipManager - Operates witin IdentitySession. Associate and deassociate Identity and Group objects. Find Idenity and Group objects depending on their relationships
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ RoleManager - Operates witin IdentitySession. Operations on Role objects. Optional feature.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ AttributeManager - Operates witin IdentitySession. Manages Identity and Group (IdentityType objects) attributes. Each configured attribute is described with AttributeDescription interface
+ </para>
+ </listitem>
+ <listitem>
+ <para>IdentitySearchControl - Enables to apply additional conditions to search operations. May be leveraged to receive results sorted, paginated or filtered with attributes.</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+
+ SPI part contains of following interfaces
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>IdentityStoreSession - Session that groups all identity management operations within identity persistence stores.</para>
+ </listitem>
+ <listitem>
+ <para>IdentityStoreSessionFactory - Entry point in the SPI to initialize IdentityStoreSession inside IdentityStore or AttributeStore.</para>
+ </listitem>
+ <listitem>
+ <para>IdentityStoreInvocationContext - IdentityStoreSession aware context object that is passed during any invocation of AttributeStore or IdentityStore methods. Thanks to this actual store implementation doesn't need to be aware of current session state. Therefore one instance of AttributeStore or IdentityStore can be invoked by different realms at the same time.</para>
+ </listitem>
+ <listitem>
+ <para>AttributeStore - Exposes operations on identity store with attributes. This is a separate interface as in multi store configuration scenario, profile may need to be stored outside of actual data store for a given identity (LDAP + DB)</para>
+ </listitem>
+ <listitem>
+ <para>IdentityStore - Extends AttributeStore. Implementation of this interface performs operations on the real data store.</para>
+ </listitem>
+ <listitem>
+ <para>IdentityStoreRepository - Extends IdentityStore. Groups several IdentityStore objects and exposes operations on them within single interface for the API. The implementation is responsible for aggregate identity objects from many configured underlaying IdentityStore objects and map different IdentityObjectTypes between them. The place where the whole magic happens </para>
+ </listitem>
+ <listitem>
+ <para>IdentityObjectSearchControl - Enables to apply additional conditions to search operations. May be leveraged to receive results sorted, paginated or filtered withattributes.</para>
+ </listitem>
+ </itemizedlist>
+
+
+
+ </chapter>
+
+ <chapter id="realms">
+ <title>Realms</title>
+ <para>
+ The purpose of a Realm is to group configuration of several identity stores. IdentitySession exposes
+ operations within single Realm
+ </para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/IDM-global-realm.png" format="PNG" contentwidth="6in" contentdepth="6in"/>
+ </imageobject>
+ <caption align="right">
+ <para>
+ <emphasis role="bold">JBoss Identity IDM architecture</emphasis>
+ </para>
+ </caption>
+ </mediaobject>
+
+ </chapter>
+
+ </part>
+
+ <part>
+ <title>Concepts behind API to SPI mappings</title>
+ <chapter>
+ <title>Introduction</title>
+ <para>The most confusing part of the framework is probably connection between API and SPI. This part will
+ try to explain how operations on API model are translated into the SPI. It will also enable to
+ dive in the API and framework capabilities by looking on realcode examples
+ </para>
+ </chapter>
+ <chapter>
+ <title>User and Group</title>
+ <para>
+ Objects represented by User and Group interfaces are managed by PersistenceManager.
+ In the example below 3 users and 4 groups are created.
+ </para>
+ <programlisting role="java">
+PersistenceManager pm = identitySession.getPersistenceManager();
+User johnUser = pm.createUser("John");
+User annUser = pm.createUser("Ann");
+User stefanUser = pm.createUser("Stefan");
+
+String OFFICE = "OFFICE";
+String DEPARTMENT = "DEPARTMENT";
+
+Group parisOffice = pm.createGroup("Paris", OFFICE);
+Group atlantaOffice = pm.createGroup("Atlanta", OFFICE);
+
+assertEquals(OFFICE, parisOffice.getGroupType());
+
+Group itDep = pm.createGroup("IT", DEPARTMENT);
+Group hrDep = pm.createGroup("HR", DEPARTMENT);
+ </programlisting>
+ <para>
+ At the SPI level both Group and User are mapped as IdentityObject. What differentiate them is the
+ IdentityObjectType. IdentityObjectType "USER" is mapped to represent User objects while other are
+ mapped to represent different Group types names.
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/SPI1.png" format="PNG"/>
+ </imageobject>
+ <!--<caption align="right">-->
+ <!--<para>-->
+ <!--<emphasis role="bold"></emphasis>-->
+ <!--</para>-->
+ <!--</caption>-->
+ </mediaobject>
+
+ </chapter>
+ <chapter>
+ <title>Associations</title>
+ <para>Group and Users can be associated. This represents simple relationship that can be described like
+ "user John belongs to Group IT". Association can be created between Group and User or between two Groups.</para>
+ <para>Those operations are managed by RelationshipManager:</para>
+ <programlisting role="java">
+RelationshipManager rm = identitySession.getRelationshipManager();
+
+rm.associateUser(parisOffice, annUser);
+rm.associateUser(atlantaOffice, stefanUser);
+rm.associateUser(itDep, stefanUser);
+
+assertTrue(rm.isAssociated(parisOffice, annUser));
+ </programlisting>
+ <para>
+ At the SPI level this is mapped to IdentityObjectRelationship entity. This relationship has a type.
+ Simple assotiations can be marked with a type named "JBOSS_IDENTITY_MEMBERSHIP"
+ (this is implementation detail) which describes simple membership. Note that IdentityObjectRelationship
+ creates a connection between any two IdentityObject entities.
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/SPI2.png" format="PNG"/>
+ </imageobject>
+ <!--<caption align="right">-->
+ <!--<para>-->
+ <!--<emphasis role="bold"></emphasis>-->
+ <!--</para>-->
+ <!--</caption>-->
+ </mediaobject>
+ </chapter>
+ <chapter>
+ <title>Role</title>
+ <para>Roles are direct typed connections between Identity and Group objects. If you think about a sentence:
+ "John is the Manager of XX Team" what matters is the context. So "John (Identity) is the Manager
+ (RoleType) of XX Team (Group)". The whole sentence describes the Role that John has. This type of
+ information is hard to map with typical Group object as John can be a manager of several different
+ groups and other identities (Marry, Jack, Stan...) can have the same RoleType in context of different
+ groups (XY Team, YY Team). Within each Realm (concept of Realms is described later) we can define
+ several RoleType objects with unique names. Each Role defines a unique combination of Identity, Group
+ and RoleType within Realm.</para>
+ <para>
+ Roles are managed with RoleManager interface:
+ </para>
+ <programlisting role="java">
+RoleManager roleManager = identitySession.getRoleManager();
+
+roleManager.createRoleType("manager");
+RoleType adminRT = roleManager.createRoleType("administrator");
+
+Role role1 = roleManager.createRole("manager", annUser.getId(), parisOffice.getId());
+roleManager.createRole(adminRT, stefanUser, itDep);
+
+assertTrue(roleManager.hasRole(stefanUser, itDep, adminRT));
+
+ </programlisting>
+ <para>
+ At the SPI level the main difference between plain association is that IdentityObjectRelationship has
+ a IdentityObjectRelationshipName which is simple mapping of a RoleType used in the API
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/SPI3.png" format="PNG"/>
+ </imageobject>
+ <!--<caption align="right">-->
+ <!--<para>-->
+ <!--<emphasis role="bold"></emphasis>-->
+ <!--</para>-->
+ <!--</caption>-->
+ </mediaobject>
+ <para>
+ What is important to note about the Role concept is that it is not natural in all kinds of
+ identity stores. Entities represented on attached figures are easy to map in the database.
+ However in store like LDAP typical relationships are represanted in a more plain manner. For example:
+ </para>
+ <programlisting>
+ <![CDATA[
+dn: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: admin
+cn: Java Duke
+sn: Duke
+userPassword: admin
+mail: email(a)email.com
+
+dn: cn=Administrators,ou=Groups,o=test,dc=portal,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: Administrators
+description: Portal admin role
+member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com
+ ]]>
+ </programlisting>
+ <para>
+ The whole relationship between User "admin" and Group "Administrators" is described by one attribute
+ value ("member"). In such typical LDAP tree shape there is no place to store additional
+ information that are needed to describe Role shown above. Obviously it is possible to shape
+ LDAP tree in a way that will allow such a mapping but in most cases it is not possible to
+ redesign already used LDAP server tree.
+ </para>
+
+ </chapter>
+ </part>
+
+
+
+
+
+ <part>
+ <title>Quick Start</title>
+ <!--<para>-->
+ <!--Please read JBossIdentity IDM Design and Architecture to understand all concepts behind the framework.-->
+ <!--</para>-->
+
+ <chapter>
+ <title>Test Cases</title>
+ <para>
+ One of the best ways to get familiar with the JBoss Identity IDM component is to look at the source code.
+ You will find link to the subversion repository in the project webpage.
+ There are couple of quite meaningful testcases there. One of the best to start with is
+ org.jboss.identity.idm.impl.api.OrganizationTest. It contains two example identity structures.
+ One mapping hierarchical organization of Red Hat and JBoss projects and the other describes theoretical
+ portal tree for ACME company.
+ </para>
+
+ </chapter>
+ <chapter>
+ <title>Examples</title>
+ <para>
+ As JBoss Identity IDM is a Maven2 based project it is very easy to leverage it from this build system.
+ There is a ready to use Maven2 example project in the svn. It contains three sample test cases for with
+ following configurations:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>database setup</para>
+ </listitem>
+ <listitem>
+ <para>LDAP setup</para>
+ </listitem>
+ <listitem>
+ <para>mixed LDAP + database setup</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Sample project uses embedded OpenDS and HSQLDB so there is no need for any additional setup to be able to
+ play with the API.
+ </para>
+ </chapter>
+ <chapter>
+ <title></title>
+ </chapter>
+
+ </part>
+
+ <part>
+ <title>Configuration</title>
+
+ <chapter>
+ <title>IdentitySessionFactory</title>
+ <para>IdentitySessionFactory interface is a main entry point into the API. Default implementation
+ IdentitySessionFactoryImpl has two constructors:</para>
+ <itemizedlist>
+ <listitem>
+ <para>public IdentitySessionFactoryImpl(IdentityConfigurationMetaData configMD) throws Exception</para>
+ </listitem>
+ <listitem>
+ <para>public IdentitySessionFactoryImpl(File configFile) throws Exception</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Framework configuration can be defined in two ways. It can be passed as implementation of a set of
+ metadata interfaces grouped in org.jboss.identity.idm.spi.configuration.metadata package. Main one
+ is IdentityConfigurationMetaData.
+ </para>
+ <para>
+ Other possibility is to use xml configuration file that will be unmarshaled into JAXB model
+ (org.jboss.identity.idm.impl.configuration.jaxb2.generated package) and used to create
+ IdentityConfigurationMetaData object. XML configuration is described by identity-config.xsd file.
+ It is good to take a look at the example organization-test-config.xml that is used in the testsuite.
+ </para>
+ </chapter>
+ <chapter>
+ <title>XML Configuration</title>
+ <programlisting>
+ <![CDATA[
+<jboss-identity xmlns="urn:jboss:identity:idm:config:v1_0_alpha"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:identity:idm:config:v1_0_alpha identity-config.xsd">
+ <realms/>
+ <repositories/>
+ <stores/>
+</jboss-identity>
+ ]]>
+ </programlisting>
+ <para>Identity XML configuration can be divided into three parts:</para>
+ <itemizedlist>
+ <listitem>
+ <para><![CDATA[<stores/>]]> - defines IdentityStore and AttributeStore instances</para>
+ </listitem>
+ <listitem>
+ <para><![CDATA[<repositories/>]]> - defines IdentityStoreRepository instances</para>
+ </listitem>
+ <listitem>
+ <para><![CDATA[<realms/>]]> - defines identity realms</para>
+ </listitem>
+ </itemizedlist>
+ </chapter>
+ <chapter>
+ <title>IdentityStore <![CDATA[<stores><identity-store>...]]></title>
+ <programlisting>
+ <![CDATA[
+<stores>
+ <attribute-stores/>
+ <identity-stores>
+ <identity-store> ... </identity-store>
+ <identity-store> ... </identity-store>
+ </identity-stores>
+ </stores>
+ ]]>
+ </programlisting>
+ <note>
+ <para><![CDATA[<stores/>]]> element contains <![CDATA[<identity-store>]]> and <![CDATA[<attribute-store>]]>
+ elements. Currently <![CDATA[<attribute-store>]]> configuration is ignored so only <![CDATA[<identity-store>]]>
+ elements can be configured.</para></note>
+ <programlisting>
+ <![CDATA[
+<identity-store>
+ <id>Sample Hibernate Store</id>
+ <class>org.jboss.identity.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>
+ JBOSS_IDENTITY_MEMBERSHIP
+ </relationship-type>
+ <relationship-type>
+ JBOSS_IDENTITY_ROLE
+ </relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types>
+ <identity-object-type>
+ ...
+ </identity-object-type>
+
+ ...
+
+
+ <identity-object-type>
+ ...
+ </identity-object-type>
+ </supported-identity-object-types>
+ <options>
+ <option>
+ <name>persistenceUnit</name>
+ <value>jboss-identity-model-xxx</value>
+ </option>
+ <option>
+ <name>otherOption</name>
+ <value>value1</value>
+ <value>value2</value>
+ <value>value3</value>
+ </option>
+ </options>
+</identity-store>
+ ]]>
+ </programlisting>
+
+ <para><![CDATA[<identity-store>]]> element:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>id - IdentityStore id</para>
+ </listitem>
+ <listitem>
+ <para>class - IdentityStore class name</para>
+ </listitem>
+ <listitem>
+ <para>external-config - external configuration file used by IdentityStore</para>
+ </listitem>
+ <listitem>
+ <para>supported-relationship-types - IdentityObjectRelationshipType names that are supported by this
+ IdentityStore. JBOSS_IDENTITY_MEMBERSHIP is standard value used by default framework implementation
+ for membership type relationships (between two Group objects) and JBOSS_IDENTITY_ROLE is standard
+ value for Role type memberships (named relationships)</para>
+ </listitem>
+ <listitem>
+ <para>supported-identity-object-types - configuration of IdentityObjectType objects mapped by IdentityStore</para>
+ </listitem>
+ <listitem>
+ <para>options - other IdentityStore configuration options</para>
+ </listitem>
+ </itemizedlist>
+
+ <programlisting>
+ <![CDATA[
+<supported-identity-object-types>
+ <identity-object-type>
+ <name>OFFICE</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>
+ JBOSS_IDENTITY_MEMBERSHIP
+ </relationship-type-ref>
+ <identity-object-type-ref>
+ IDENTITY
+ </identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>
+ JBOSS_IDENTITY_MEMBERSHIP
+ </relationship-type-ref>
+ <identity-object-type-ref>
+ CONFERENCE_ROOM
+ </identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials/>
+ <attributes/>
+ <options/>
+ </identity-object-type>
+
+ <identity-object-type>
+ <name>IDENTITY</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>
+ JBOSS_IDENTITY_ROLE
+ </relationship-type-ref>
+ <identity-object-type-ref>
+ COMMUNITY
+ </identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials>
+ <credential-type>PASSWORD</credential-type>
+ <credential-type>BINARY</credential-type>
+ </credentials>
+ <attributes>
+ <attribute>
+ <name>picture</name>
+ <mapping>user.picture</mapping>
+ <type>binary</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ </attributes>
+ </identity-object-type>
+</supported-identity-object-types>
+ ]]>
+
+ </programlisting>
+
+ <para>
+ <![CDATA[<identity-object-type>]]> element:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>name - IdentityObjectType name</para>
+ </listitem>
+ <listitem>
+ <para>relationships - relationships in which IdentityObjectType can be parent side.
+ <![CDATA[<relationship-type-ref>]]> must point to one of values from
+ <![CDATA[<supported-relationship-types>]]>. <![CDATA[<identity-object-type-ref>]]>
+ must be one of <![CDATA[<identity-object-type><name>]]> values configured in this IdentityStore.</para>
+ </listitem>
+ <listitem>
+ <para>credentials - IdentityObjectCredentialType names allowed for this IdentityObjectType</para>
+ </listitem>
+ <listitem>
+ <para>attributes - allowed attribute mappings. Each contains:
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ name - attribute name
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ mapping - real name to be used inside IdentityStore. For example LDAP attribute name
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ type - either "binary" or "text" value
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ isRequired - if attribute cannot have no values
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ isMultivalued - if attribute can have many values
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ isReadonly - if attribute values can be modified
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>options - other options for IdentityObjectType configuration</para>
+ </listitem>
+ </itemizedlist>
+ </chapter>
+ <chapter>
+ <title>IdentityStoreRepository / <![CDATA[<repositories><repository>]]></title>
+
+ <programlisting>
+ <![CDATA[
+<repositories>
+
+ <repository>
+ <id>X</id>
+ <class>
+ org.jboss.identity.idm.impl.repository.WrapperIdentityStoreRepository
+ </class>
+ <external-config/>
+ <default-identity-store-id>
+ Hibernate Identity Store
+ </default-identity-store-id>
+ <default-attribute-store-id>
+ Hibernate Identity Store
+ </default-attribute-store-id>
+ <options>
+ </repository>
+
+ <repository>
+ <id>Y</id>
+ <class>
+ org.jboss.identity.idm.impl.repository.FallbackIdentityStoreRepository
+ </class>
+ <external-config/>
+ <default-identity-store-id>
+ Hibernate Identity Store
+ </default-identity-store-id>
+ <default-attribute-store-id>
+ Hibernate Identity Store
+ </default-attribute-store-id>
+ <identity-store-mappings>
+ <identity-store-mapping>
+ <identity-store-id>
+ Hibernate Identity Store
+ </identity-store-id>
+ <identity-object-types>
+ <identity-object-type>
+ PROJECT
+ </identity-object-type>
+ <identity-object-type>
+ PEOPLE
+ </identity-object-type>
+ </identity-object-types>
+ <options/>
+ </identity-store-mapping>
+ <identity-store-mapping>
+ <identity-store-id>
+ LDAP Identity Store
+ </identity-store-id>
+ <identity-object-types>
+ <identity-object-type>
+ IDENTITY
+ </identity-object-type>
+ <identity-object-type>
+ ORGANIZATION
+ </identity-object-type>
+ </identity-object-types>
+ <options/>
+ </identity-store-mapping>
+ </identity-store-mappings>
+ <options/>
+ </repository>
+
+</repositories>
+ ]]>
+
+ </programlisting>
+
+ <para><![CDATA[<repository>]]> element contains:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>id - IdentityStoreRepository id.</para>
+ </listitem>
+ <listitem>
+ <para>class - class name of IdentityStoreRepository implementation.</para>
+ </listitem>
+ <listitem>
+ <para>external-config - external configuration file used by IdentityStoreRepository.</para>
+ </listitem>
+ <listitem>
+ <para>default-identity-store-id - id of configured IdentityStore to be used by default.</para>
+ </listitem>
+ <listitem>
+ <para>default-attribute-store-id - id of configured AttributeStore (or IdentityStore) to be used by default</para>
+ </listitem>
+ <listitem>
+ <para>identity-store-mappings - optional element. Mappings between IdentityObjectType names and IdentityStore ids. </para>
+ </listitem>
+ </itemizedlist>
+ </chapter>
+ <chapter>
+ <title>Realm / <![CDATA[<realms><realm>]]></title>
+
+ <programlisting>
+ <![CDATA[
+<realm>
+ <id>realm://RedHat/DB</id>
+ <repository-id-ref>RedHat Repository DB</repository-id-ref>
+ <identity-type-mappings>
+ <identity-mapping>IDENTITY</identity-mapping>
+ </identity-type-mappings>
+</realm>
+ ]]>
+
+ </programlisting>
+
+ <para>
+ <![CDATA[<realm>]]> element contains:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>id - realm id</para>
+ </listitem>
+ <listitem>
+ <para>repository-id-ref - id of configured IdentityStoreRepository </para>
+ </listitem>
+ <listitem>
+ <para>identity-type-mappings
+ <itemizedlist>
+ <listitem>
+ <para>identity-mapping - name of IdentityObjectType that should be maped as Identity
+ object on the API side</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ </chapter>
+ </part>
+
+ <part>
+ <title>IdentityStore Implementations</title>
+ <chapter>
+ <title>Overview</title>
+ <para>
+ This part describes different IdentityStore implementations that comes with the framework and their
+ configuration options
+ </para>
+ </chapter>
+
+ <chapter>
+ <title>Hibernate IdentityStore</title>
+ <sect1>
+ <title>Class Name</title>
+ <para>org.jboss.identity.idm.impl.store.hibernate.HibernateIdentityStoreImpl</para>
+ </sect1>
+ <sect1>
+ <title>Overview</title>
+ <para> HibernateIdentityStoreImpl maps JBoss Identity IDM SPI model into Hibernate entities.
+ This enables to use any RDBMS supported by Hibernate as identity persistence store (IdentityStore).
+ Because of flexibility that ORM gives this IdentityStore implementation support all of the optional
+ design concepts like role management. It can be used as the default IdentityStore together with other
+ more limited implementations. For example in combination with LDAP IdentityStore it can handle
+ IdentityObject attributes that are not supported in LDAP schema. In such configuration part of
+ IdentityObject profile will be stored in LDAP and part in relational database. To learn more about
+ such setup please read FallbackIdentityStoreRepository documentation. In current version
+ implementation doesn't have any caching mechanism besides of what can be set in hibernate
+ configuration</para>
+ </sect1>
+ <sect1>
+ <title>Configuration Options</title>
+ <para>
+ <itemizedlist>
+
+ <listitem>
+ <para>persistenceUnit - The name of persistence unit with proper Hibernate entities.
+ See example below.</para>
+ </listitem>
+ <listitem>
+ <para>populateRelationshipTypes - true/false - Populate configured <![CDATA[<supported-relationship-types>]]>
+ (IdentityObjectRelationshipType in SPI model) during IdentityStore initialization.
+ Default value is 'false'</para>
+ </listitem>
+ <listitem>
+ <para>populateIdentityObjectTypes - true/false - Populate configured <![CDATA[<supported-identity-object-types>]]>
+ (IdentityObjectType in SPI model) during IdentityStore initialization. Default value is 'false'</para>
+ </listitem>
+ <listitem>
+ <para>allowNotDefinedAttributes - true/false - Allow to set IdentityObject attributes that
+ are not specified in <![CDATA[<identity-object-type>]]> configuration. Such attributes
+ are assumed to have "text" type and many values. Default value is 'false'.</para>
+ </listitem>
+ <listitem>
+ <para>isRealmAware - true/false - If set to true HibernateIdentityStoreImpl will create
+ separate namespaces for different Realms from which method invocations come. This means
+ that each IdentityObject, IdentityObjectRelationship and IdentityObjectRelationshipName
+ will be connected and only accessible with a realm name in which it was created. Entities
+ representing IdentityObjectType, IdentityObjectCredentialType and IdentityObjectRelationshipType
+ are always same for all realms and not affected with this option. Default value is 'false'. </para>
+ </listitem>
+ <listitem><para></para></listitem>
+ </itemizedlist>
+ </para>
+ </sect1>
+ <sect1>
+ <title>Sample Configuration</title>
+ <para></para>
+ <programlisting>
+ <![CDATA[
+<identity-store>
+ <id>Hibernate Identity Store</id>
+ <class>org.jboss.identity.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+ <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types>
+ <identity-object-type>
+ <name>IDENTITY</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
+ <identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials>
+ <credential-type>PASSWORD</credential-type>
+ </credentials>
+ <attributes>
+ <attribute>
+ <name>user.name.given</name>
+ <mapping>user.name.given</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ <attribute>
+ <name>picture</name>
+ <mapping>user.picture</mapping>
+ <type>binary</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ </attributes>
+ <options/>
+ </identity-object-type>
+ <identity-object-type>
+ <name>ORGANIZATION</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>IDENTITY</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials/>
+ <attributes/>
+ <options/>
+ </identity-object-type>
+ </supported-identity-object-types>
+ <options>
+ <option>
+ <name>persistenceUnit</name>
+ <value>jboss-identity-model-xxx</value>
+ </option>
+ <option>
+ <name>populateRelationshipTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>populateIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>isRealmAware</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ </options>
+ </identity-store>
+ ]]>
+ </programlisting>
+ <para>
+ Persistence unit need to map all needed hibernate entities. For example:
+ </para>
+ <programlisting>
+ <![CDATA[
+<persistence-unit name="sample-persistence-unit" transaction-type="RESOURCE_LOCAL">
+
+ <provider>org.hibernate.ejb.HibernatePersistence</provider>
+
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateRealm</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObject</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectCredential</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectAttribute</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectType</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationship</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType</class>
+ <class>org.jboss.identity.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName</class>
+
+ ....
+ ....
+ ....
+
+</persistence-unit>
+ ]]>
+ </programlisting>
+
+ </sect1>
+ </chapter>
+ <chapter>
+ <title>LDAP IdentityStore</title>
+ <sect1>
+ <title>Class Name</title>
+ <para>org.jboss.identity.idm.impl.store.ldap.LDAPIdentityStoreImpl</para>
+ </sect1>
+ <sect1>
+ <title>Overview</title>
+ <para> LDAPIdentityStoreImpl provides support for LDAP as identity persistence store (IdentityStore).
+ At this stage the implementation is a bit limitted:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Role management (IdentityObjectRelationshipName) is not supported</para>
+ </listitem>
+ <listitem>
+ <para>Only "text" attribute type can be mapped</para>
+ </listitem>
+ <listitem>
+ <para>Only "PASSWORD" <![CDATA[<credential-type>]]> can be mapped</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+ <sect1>
+ <title>Configuration</title>
+ <para><![CDATA[<identity-object-type><options>]]></para>
+ <itemizedlist>
+ <listitem>
+ <para>idAttributeName - attribute name under which IdentityObject name is specified. Required.</para>
+ </listitem>
+ <listitem>
+ <para>passwordAttributeName - attribute name under which IdentityObject password is specified. Optional.</para>
+ </listitem>
+ <listitem>
+ <para>ctxDNs - DN that will be used as context for IdentityObject searches. More than one value can be specified.</para>
+ </listitem>
+ <listitem>
+ <para>allowCreateEntry - true/false - Specify if new IdentityObject can be created.</para>
+ </listitem>
+ <listitem>
+ <para>createEntryAttributeValues - defines a set of ldap attributes that will be set on IdentityObject entry creation. Values are in "name=value" format. This enables to fulfill LDAP schema requirements.Default is false</para>
+ </listitem>
+ <listitem>
+ <para>membershipAttributeName - LDAP attribute that defines children of IdentityObject. This will be used to retrieved relationships from IdentityObject entry. Option is required if IdentityObjectType can be part of relationship.</para>
+ </listitem>
+ <listitem>
+ <para>isMembershipAttributeDN - defines if values of attribute defined in membershipAttributeID are fully qualified LDAP DNs.</para>
+ </listitem>
+ <listitem>
+ <para>allowEmptyMemberships - defines if IdentityObject entry can have no members. Sometimes it is not allowed by LDAP schema.</para>
+ </listitem>
+ <listitem>
+ <para>entrySearchFilter - ldap filter to search IdentityObject with. {0} will be substitute with IdentityObject name. Example filter can look like this: "(uid={0})". This substitution behavior comes from the standard DirContext.search(Name, String, Object, SearchControls cons) method</para>
+ </listitem>
+
+ </itemizedlist>
+ <para><![CDATA[<identity-store><options>]]></para>
+ <itemizedlist>
+ <listitem>
+ <para>providerURL - LDAP connection URL. For example "ldap://localhost:389"</para>
+ </listitem>
+ <listitem>
+ <para>adminDN - LDAP entry used to connect to the server.</para>
+ </listitem>
+ <listitem>
+ <para>adminPassword - password related to adminDN</para>
+ </listitem>
+ <listitem>
+ <para>searchTimeLimit -searchTimeLimit for LDAP search operations in miliseconds. Default value is 10000.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect1>
+ <sect1>
+ <title>Sample Configuration</title>
+ <para></para>
+ <programlisting>
+ <![CDATA[
+<identity-store>
+ <id>Sample LDAP Store</id>
+ <class>org.jboss.identity.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types>
+ <identity-object-type>
+ <name>IDENTITY</name>
+ <relationships/>
+ <credentials>
+ <credential-type>PASSWORD</credential-type>
+ </credentials>
+ <attributes>
+ <attribute>
+ <name>phone</name>
+ <mapping>telephoneNumber</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ <attribute>
+ <name>description</name>
+ <mapping>description</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ <attribute>
+ <name>carLicense</name>
+ <mapping>carLicense</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ </attributes>
+ <options>
+ <option>
+ <name>idAttributeName</name>
+ <value>uid</value>
+ </option>
+ <option>
+ <name>passwordAttributeName</name>
+ <value>password</value>
+ </option>
+ <option>
+ <name>ctxDNs</name>
+ <value>ou=People,o=test,dc=example,dc=com</value>
+ </option>
+ <option>
+ <name>allowCreateEntry</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>createEntryAttributeValues</name>
+ <value>objectClass=top</value>
+ <value>objectClass=inetOrgPerson</value>
+ <value>sn= </value>
+ <value>cn= </value>
+ </option>
+ </options>
+ </identity-object-type>
+ <identity-object-type>
+ <name>ORGANIZATION</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>IDENTITY</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>GROUP</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials/>
+ <attributes/>
+ <options>
+ <option>
+ <name>idAttributeName</name>
+ <value>cn</value>
+ </option>
+ <option>
+ <name>ctxDNs</name>
+ <value>ou=Organizations,o=test,dc=example,dc=com</value>
+ </option>
+ <option>
+ <name>allowCreateEntry</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>membershipAttributeName</name>
+ <value>member</value>
+ </option>
+ <option>
+ <name>isMembershipAttributeDN</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowEmptyMemberships</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>createEntryAttributeValues</name>
+ <value>objectClass=top</value>
+ <value>objectClass=groupOfNames</value>
+ </option>
+ </options>
+ </identity-object-type>
+ </supported-identity-object-types>
+ <options>
+ <option>
+ <name>providerURL</name>
+ <value>ldap://localhost:10389</value>
+ </option>
+ <option>
+ <name>adminDN</name>
+ <value>cn=Directory Manager</value>
+ </option>
+ <option>
+ <name>adminPassword</name>
+ <value>password</value>
+ </option>
+ <option>
+ <name>searchTimeLimit</name>
+ <value>10000</value>
+ </option>
+ </options>
+</identity-store>
+ ]]>
+ </programlisting>
+ </sect1>
+ </chapter>
+ </part>
+
+ <part>
+ <title>IdentityStoreRepository Implementations</title>
+ <chapter>
+ <title>WrapperIdentityStoreRepository</title>
+ <sect1>
+ <title>ClassName</title>
+ <para>org.jboss.identity.idm.impl.repository.WrapperIdentityStoreRepository</para>
+ </sect1>
+ <sect1>
+ <title>Behaviour</title>
+ <pre>Simply wrapps single AttributeStore and IdentityStore and pass all method invocations</pre>
+ </sect1>
+ <sect1>
+ <title>Sample Configuration</title>
+ <programlisting>
+ <![CDATA[
+<repository>
+ <id>Sample Repository</id
+ <class>org.jboss.identity.idm.impl.repository.WrapperIdentityStoreRepository</class>
+ <external-config/>
+ <default-identity-store-id>LDAP Store</default-identity-store-id>
+ <default-attribute-store-id>LDAP Store</default-attribute-store-id>
+</repository>
+
+ ]]>
+ </programlisting>
+ </sect1>
+ </chapter>
+ <chapter>
+ <title>FallbackIdentityStoreRepository</title>
+ <sect1>
+ <title>ClassName</title>
+ <para>org.jboss.identity.idm.impl.repository.FallbackIdentityStoreRepository</para>
+ </sect1>
+ <sect1>
+ <title>Behaviour</title>
+ <pre>Resolves proper IdentityStore from IdentityObjectType mapping and delegates method invocation.
+ For relationship related methods, if both IdentityObjectTypes are not mapped in one store,
+ repository will try to sync them and associate in defaultIdentityStore. For attributes that are not
+ mapped inside mapped IdentityStore repository will try to assign those attributes in defaultAttributeStore.</pre>
+ </sect1>
+ <sect1>
+ <title>Configuration Options</title>
+ <itemizedlist>
+ <listitem>
+ <para>allowNotDefinedAttributes - if mapped IdentityStore doesn't support any attribute that was
+ passed in method invocation FallbackIdentityStoreRepository will try to store it in
+ defaultAttributeStore. If this option is set to true such attribute will be passed to
+ defaultAttributeStore even if it is not mapped there.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+ <sect1>
+ <title>Sample Configuration</title>
+ <programlisting>
+ <![CDATA[
+<repository>
+ <id>Repository XYZ</id>
+ <class>org.jboss.identity.idm.impl.repository.FallbackIdentityStoreRepository</class>
+ <external-config/>
+ <default-identity-store-id>Identity Store XX</default-identity-store-id>
+ <default-attribute-store-id>Identity Store XX</default-attribute-store-id>
+ <identity-store-mappings>
+ <identity-store-mapping>
+ <identity-store-id>Identity Store XX</identity-store-id>
+ <identity-object-types>
+ <identity-object-type>DIVISION</identity-object-type>
+ <identity-object-type>PROJECT</identity-object-type>
+ <identity-object-type>PEOPLE</identity-object-type>
+ </identity-object-types>
+ <options/>
+ </identity-store-mapping>
+ <identity-store-mapping>
+ <identity-store-id>Identity Store YY</identity-store-id>
+ <identity-object-types>
+ <identity-object-type>IDENTITY</identity-object-type>
+ <identity-object-type>ORGANIZATION</identity-object-type>
+ <identity-object-type>ORGANIZATION_UNIT</identity-object-type>
+ <identity-object-type>DEPARTMENT</identity-object-type>
+ </identity-object-types>
+ <options/>
+ </identity-store-mapping>
+ </identity-store-mappings>
+ <options>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ </options>
+</repository>
+ ]]>
+ </programlisting>
+ </sect1>
+ </chapter>
+
+ </part>
+
+ <part>
+ <title>Attributes</title>
+ <chapter>
+ <title>API</title>
+ <para>On the API level each IdentityType object (Identity and Group) can have associated Attribute objects.
+ All operations are exposed by AttributesManager interface. Each attribute is described with
+ AttributeDescription that contains its properties such as:</para>
+ <itemizedlist>
+ <listitem>
+ <para>name - attribute name</para>
+ </listitem>
+ <listitem>
+ <para>readonly - if attribute values can be changed</para>
+ </listitem>
+ <listitem>
+ <para>multivalued - if attribute can have many values</para>
+ </listitem>
+ <listitem>
+ <para>required - if attribute can be removed</para>
+ </listitem>
+ <listitem>
+ <para>type - type of attribute values. </para>
+ </listitem>
+ </itemizedlist>
+ <para>Default implementation provides two attribute types:</para>
+ <itemizedlist>
+ <listitem>
+ <para>text - java.lang.String object</para>
+ </listitem>
+ <listitem>
+ <para>binary - byte[] object</para>
+ </listitem>
+
+ </itemizedlist>
+ <sect1>
+ <title>Sample operations</title>
+ <programlisting role="java">
+ Identity user = session.getPersistenceManager().
+ createIdentity("sampleUser");
+
+ // Check that binary attribute 'picture' is mapped
+
+ AttributeDescription attributeDescription =
+ session.getAttributesManager().
+ getAttributeDescription(user, "picture");
+ assertNotNull(attributeDescription);
+ assertEquals("binary", attributeDescription.getType());
+
+
+ // Generate random binary data for binary attribute
+
+ Random random = new Random();
+ byte[] picture = new byte[5120];
+ random.nextBytes(picture);
+
+
+ // User attributes
+ Attribute[] userInfo = new Attribute[]
+ {
+ new SimpleAttribute(P3PConstants.INFO_USER_NAME_GIVEN,
+ new String[]{"John"}),
+ new SimpleAttribute(P3PConstants.INFO_USER_NAME_FAMILY,
+ new String[]{"Doe"}),
+ new SimpleAttribute("picture", new byte[][]{picture})
+ };
+
+ session.getAttributesManager().
+ addAttributes(user, userInfo);
+
+ ....
+
+ AttributesManager attrMgr = session.getAttributesManager();
+
+ attrMgr.addAttribute(anneUser,
+ P3PConstants.INFO_USER_NAME_GIVEN, "Anne");
+ attrMgr.addAttribute(anneUser,
+ P3PConstants.INFO_USER_NAME_FAMILY, "Smith");
+ attrMgr.addAttribute(anneUser,
+ P3PConstants.INFO_USER_JOB_TITLE, "Senior Software Developer");
+ attrMgr.addAttribute(anneUser,
+ P3PConstants.INFO_USER_BUSINESS_INFO_ONLINE_EMAIL, "anne.smith(a)acme.com");
+ attrMgr.addAttribute(anneUser,
+ P3PConstants.INFO_USER_BUSINESS_INFO_TELECOM_MOBILE_NUMBER, "777 777 777 7 77");
+ </programlisting>
+
+ </sect1>
+ </chapter>
+ <chapter>
+ <title>SPI</title>
+ <para>On the SPI level IdentityObject can be associated with several IdentityObjectAttribute objects.
+ IdentityObjectAttribute is described by IdentityObjectAttributeMetaData object that contains its properties such as:</para>
+ <itemizedlist>
+ <listitem>
+ <para>name - attribute name</para>
+ </listitem>
+ <listitem>
+ <para>readonly - if attribute values can be changed</para>
+ </listitem>
+ <listitem>
+ <para>multivalued - if attribute can have many values</para>
+ </listitem>
+ <listitem>
+ <para>required - if attribute can be removed</para>
+ </listitem>
+ <listitem>
+ <para>type - type of attribute values. </para>
+ </listitem>
+ </itemizedlist>
+ <para>IdentityObjectAttribute types supported by default implementations are the same as in the API level:</para>
+ <itemizedlist>
+ <listitem>
+ <para>text - java.lang.String object</para>
+ </listitem>
+ <listitem>
+ <para>binary - byte[] object</para>
+ </listitem>
+
+ </itemizedlist>
+ <para>
+ All operations related to IdentityObjectAttribute are exposed by the AttributeStore interface
+ </para>
+ </chapter>
+
+ </part>
+
+ <part>
+ <title>Credentials</title>
+ <chapter>
+ <title>API</title>
+ <para>
+ API contains Credential and CredentialType interfaces.
+ CredentialType defines type of credential object. Default implementation supports two types:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>PASSWORD - text password represented by java.lang.String object</para>
+ </listitem>
+ <listitem>
+ <para>BINARY - binary credential represented by byte[]. For example some kind of certificate.</para>
+ </listitem>
+
+ </itemizedlist>
+ <para>
+ Two basic implementations are provided:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>org.jboss.identity.idm.impl.api.BinaryCredential - Credential with BINARY CredentialType</para>
+ </listitem>
+ <listitem>
+ <para>org.jboss.identity.idm.impl.api.PasswordCredential - Credential with PASSWORD CredentialType</para>
+ </listitem>
+
+ </itemizedlist>
+ <para>
+ Because credentials values are stored as hash or in other encoded form both SPI and API only enables
+ to update and validate credential value and not to read it from persistence store. API enables to only
+ protect Identity objects with credentials. All related management operations are exposed in
+ AttributesManager interface.
+ </para>
+ <programlisting role="java">
+
+ TODO
+
+ </programlisting>
+ </chapter>
+ <chapter>
+ <title>SPI</title>
+ <para>
+ SPI contains IdentityObjectCredential and IdentityObjectCredentialType interfaces that correspons to
+ Credential and CredentialType interfaces in the API. Implementation supports the same two
+ (PASSWORD and BINARY) types. Management operations are exposed in IdentityStore interface. Each
+ IdentityObjectType can be configured to support different IdentityObjectCredentialType. This
+ information is exposed by FeaturesMetaData interface.
+ </para>
+ <para>
+ IdentityObjectCredential interface exposes two methods to retrieve credential value:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>getValue - returns either String for text based credentials or byte[] for binary.
+ True credential value may be needed by different IdentityStore implementations for validation.
+ For example with LDAP authentication for IdentityObject entry will be performed</para>
+ </listitem>
+ <listitem>
+ <para>getEncodedValue - Enables to provide IdentityStore with custom credential encoding method.
+ IdentityStore is not obligated to use encoded value. This should return either String for text
+ based credentials or byte[] for binary. May return null if credential implementation doesn't
+ provide encoding mechanism. IdentityStore </para>
+ </listitem>
+
+ </itemizedlist>
+ </chapter>
+
+ </part>
+
+
+
+
+</book>
Added: idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-api-spi.png
===================================================================
(Binary files differ)
Property changes on: idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-api-spi.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-global-arch.png
===================================================================
(Binary files differ)
Property changes on: idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-global-arch.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-global-realm.png
===================================================================
(Binary files differ)
Property changes on: idm/trunk/idm-doc/ReferenceGuide/en/images/IDM-global-realm.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: idm/trunk/idm-doc/ReferenceGuide/en/images/SPI1.png
===================================================================
(Binary files differ)
Property changes on: idm/trunk/idm-doc/ReferenceGuide/en/images/SPI1.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: idm/trunk/idm-doc/ReferenceGuide/en/images/SPI2.png
===================================================================
(Binary files differ)
Property changes on: idm/trunk/idm-doc/ReferenceGuide/en/images/SPI2.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: idm/trunk/idm-doc/ReferenceGuide/en/images/SPI3.png
===================================================================
(Binary files differ)
Property changes on: idm/trunk/idm-doc/ReferenceGuide/en/images/SPI3.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: idm/trunk/idm-doc/ReferenceGuide/pom.xml
===================================================================
--- idm/trunk/idm-doc/ReferenceGuide/pom.xml (rev 0)
+++ idm/trunk/idm-doc/ReferenceGuide/pom.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,81 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.jboss.identity.idm</groupId>
+ <artifactId>idm-parent</artifactId>
+ <version>1.0.0-Beta4-SNAPSHOT</version>
+ <relativePath>../../parent</relativePath>
+ </parent>
+
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>Reference-Guide-${translation}</artifactId>
+ <packaging>jdocbook</packaging>
+ <name>User Guide (${translation})</name>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.jboss.maven.plugins</groupId>
+ <artifactId>maven-jdocbook-plugin</artifactId>
+ <version>2.1.2</version>
+ <extensions>true</extensions>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jbossorg-docbook-xslt</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jbossorg-jdocbook-style</artifactId>
+ <version>1.1.0</version>
+ <type>jdocbook-style</type>
+ </dependency>
+ </dependencies>
+ <configuration>
+ <sourceDirectory>${pom.basedir}/en</sourceDirectory>
+ <sourceDocumentName>ReferenceGuide.xml</sourceDocumentName>
+ <imageResource>
+ <directory>${pom.basedir}/en</directory>
+ <includes>
+ <include>images/**/*</include>
+ </includes>
+ </imageResource>
+ <formats>
+ <format>
+ <formatName>pdf</formatName>
+ <stylesheetResource>classpath:/xslt/org/jboss/pdf.xsl</stylesheetResource>
+ <finalName>ReferenceGuide.pdf</finalName>
+ </format>
+ <format>
+ <formatName>html</formatName>
+ <stylesheetResource>classpath:/xslt/org/jboss/xhtml.xsl</stylesheetResource>
+ <finalName>index.html</finalName>
+ </format>
+ <format>
+ <formatName>html_single</formatName>
+ <stylesheetResource>classpath:/xslt/org/jboss/xhtml-single.xsl</stylesheetResource>
+ <finalName>index.html</finalName>
+ </format>
+ <format>
+ <formatName>eclipse</formatName>
+ <stylesheetResource>classpath:/xslt/org/jboss/eclipse.xsl</stylesheetResource>
+ <finalName>index.html</finalName>
+ </format>
+ </formats>
+ <options>
+ <xincludeSupported>true</xincludeSupported>
+ <xmlTransformerType>saxon</xmlTransformerType>
+ <!-- needed for uri-resolvers; can be ommitted if using 'current' uri scheme -->
+ <!-- could also locate the docbook dependency and inspect its version... -->
+ <docbookVersion>1.72.0</docbookVersion>
+ </options>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <properties>
+ <translation>en-US</translation>
+ </properties>
+</project>
Added: idm/trunk/idm-doc/pom.xml
===================================================================
--- idm/trunk/idm-doc/pom.xml (rev 0)
+++ idm/trunk/idm-doc/pom.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -0,0 +1,19 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<parent>
+ <groupId>org.jboss.identity.idm</groupId>
+ <artifactId>idm-parent</artifactId>
+ <version>1.0.0-Beta4-SNAPSHOT</version>
+ <relativePath>../parent</relativePath>
+</parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.identity.docs</groupId>
+ <artifactId>idm-docs</artifactId>
+ <packaging>pom</packaging>
+ <name>JBoss Identity IDM Docs</name>
+ <url>http://www.jboss.com/products/jbossidentity</url>
+ <description>JBoss Identity IDM Component Documentation</description>
+ <modules>
+ <module>ReferenceGuide</module>
+ </modules>
+</project>
Modified: idm/trunk/idm-hibernate/pom.xml
===================================================================
--- idm/trunk/idm-hibernate/pom.xml 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/pom.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.jboss.identity.idm</groupId>
<artifactId>idm-parent</artifactId>
- <version>1.0.0-Beta4-SNAPSHOT</version>
+ <version>1.0.0-BETA4-SNAPSHOT</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -38,7 +38,7 @@
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
- <version>3.3.1.GA</version>
+ <version>3.3.2.GA</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
@@ -49,7 +49,7 @@
<dependency>
<groupId>javassist</groupId>
<artifactId>javassist</artifactId>
- <version>3.4.GA</version>
+ <version>3.8.0.GA</version>
</dependency>
<dependency>
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObject.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObject.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObject.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -46,6 +46,8 @@
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.Cascade;
import org.hibernate.annotations.CollectionOfElements;
@@ -55,42 +57,50 @@
*/
@Entity
@Table(name = "jbid_io", uniqueConstraints = {@UniqueConstraint(columnNames = {"NAME", "IDENTITY_TYPE", "REALM"})})
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
+
public class HibernateIdentityObject implements IdentityObject
{
public static final String findIdentityObjectByNameAndType =
- "select o from HibernateIdentityObject o where o.realm = :realm and o.name like :name and o.identityType.name like :typeName";
+ "select o from HibernateIdentityObject o where o.realm = :realm and o.name = :name and o.identityType.name = :typeName";
public static final String findIdentityObjectsByType =
- "select o from HibernateIdentityObject o where o.name like :nameFilter and o.realm = :realm and o.identityType.name like :typeName";
+ "select o from HibernateIdentityObject o where o.name like :nameFilter and o.realm = :realm and o.identityType.name = :typeName";
public static final String findIdentityObjectsByTypeOrderedByNameAsc =
- "select o from HibernateIdentityObject o where o.name like :nameFilter and o.realm = :realm and o.identityType.name like :typeName " +
+ "select o from HibernateIdentityObject o where o.name like :nameFilter and o.realm = :realm and o.identityType.name = :typeName " +
"order by o.name asc";
public static final String findIdentityObjectsByTypeOrderedByNameDesc =
- "select o from HibernateIdentityObject o where o.name like :nameFilter and o.realm = :realm and o.identityType.name like :typeName " +
+ "select o from HibernateIdentityObject o where o.name like :nameFilter and o.realm = :realm and o.identityType.name = :typeName " +
"order by o.name desc";
public static final String countIdentityObjectsByType =
- "select count(o.id) from HibernateIdentityObject o where o.realm = :realm and o.identityType.name like :typeName";
+ "select count(o.id) from HibernateIdentityObject o where o.realm = :realm and o.identityType.name = :typeName";
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Column(name = "NAME", nullable = false)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "IDENTITY_TYPE", nullable = false)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObjectType identityType;
@OneToMany(mappedBy = "fromIdentityObject")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<HibernateIdentityObjectRelationship> fromRelationships = new HashSet<HibernateIdentityObjectRelationship>();
@OneToMany(mappedBy = "toIdentityObject")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
+
private Set<HibernateIdentityObjectRelationship> toRelationships = new HashSet<HibernateIdentityObjectRelationship>();
@OneToMany(fetch = FetchType.EAGER, cascade = {CascadeType.ALL},
@@ -98,20 +108,24 @@
@org.hibernate.annotations.Cascade(
value = {org.hibernate.annotations.CascadeType.DELETE_ORPHAN}
)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<HibernateIdentityObjectAttribute> attributes = new HashSet<HibernateIdentityObjectAttribute>();
@CollectionOfElements
@JoinTable(name = "identity_obj_properties", joinColumns = @JoinColumn(name = "IDENTITY_OBJ_ID", nullable=false))
@org.hibernate.annotations.MapKey(columns = @Column(name = "PROP_KEY", nullable=false))
@Column(name = "PROPERTY")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Map<String, String> properties = new HashMap<String, String>();
@OneToMany(fetch = FetchType.EAGER, cascade = {CascadeType.ALL}, mappedBy = "identityObject")
@Cascade(value = org.hibernate.annotations.CascadeType.DELETE_ORPHAN)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<HibernateIdentityObjectCredential> credentials = new HashSet<HibernateIdentityObjectCredential>();
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(nullable = false, unique = false, name="REALM")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateRealm realm;
public HibernateIdentityObject()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectAttribute.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectAttribute.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectAttribute.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -35,6 +35,8 @@
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import java.util.Set;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
@@ -43,18 +45,22 @@
@Entity
@Inheritance(strategy = InheritanceType.JOINED)
@Table(name = "jbid_io_attr", uniqueConstraints = {@UniqueConstraint(columnNames = {"NAME", "IDENTITY_OBJECT_ID"})})
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public abstract class HibernateIdentityObjectAttribute implements IdentityObjectAttribute
{
@Id
@GeneratedValue
@Column(name="ATTRIBUTE_ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@ManyToOne
@JoinColumn(name="IDENTITY_OBJECT_ID", nullable = false)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObject identityObject;
@Column(name = "NAME")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
public HibernateIdentityObjectAttribute()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttribute.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttribute.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttribute.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -31,6 +31,8 @@
import javax.persistence.OneToMany;
import javax.persistence.PrimaryKeyJoinColumn;
import javax.persistence.Table;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
@@ -40,6 +42,7 @@
@Entity
@Table(name = "jbid_io_attr_bin")
@PrimaryKeyJoinColumn(name = "ATTRIBUTE_ID")
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectBinaryAttribute extends HibernateIdentityObjectAttribute
{
@@ -47,6 +50,7 @@
@org.hibernate.annotations.Cascade(
value = {org.hibernate.annotations.CascadeType.DELETE_ORPHAN}
)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<HibernateIdentityObjectBinaryAttributeValue> values = new HashSet<HibernateIdentityObjectBinaryAttributeValue>();
public HibernateIdentityObjectBinaryAttribute()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttributeValue.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttributeValue.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectBinaryAttributeValue.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -28,6 +28,8 @@
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
@@ -37,16 +39,19 @@
@Entity
//The table name need to fit in oracle constrants (ORA-00972: identifier is too long)
@Table(name = "jbid_io_bin")
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectBinaryAttributeValue
{
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Lob
@Column(length = 10240000, name="VAL")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private byte[] value;
public HibernateIdentityObjectBinaryAttributeValue()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredential.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredential.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredential.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -39,6 +39,8 @@
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.CollectionOfElements;
/**
@@ -47,6 +49,7 @@
*/
@Entity
@Table(name = "jbid_io_creden", uniqueConstraints = {@UniqueConstraint(columnNames = {"CREDENTIAL_TYPE", "IDENTITY_OBJECT_ID"})})
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectCredential implements IdentityObjectCredential
{
@@ -57,27 +60,33 @@
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "CREDENTIAL_TYPE", nullable = false)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObjectCredentialType type;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "IDENTITY_OBJECT_ID", nullable = false)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObject identityObject;
@Column(name= "TEXT", nullable = true)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String textValue;
@Lob
@Column(name= "BINARY_VAL", nullable = true, length = 10240000)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private byte[] binaryValue;
@CollectionOfElements
@JoinTable(name = "jbid_io_creden_props", joinColumns = @JoinColumn(name = "CREDENTIAL_ID", nullable = false))
@org.hibernate.annotations.MapKey(columns = @Column(name = "PROP_KEY", nullable=false))
@Column(name = "PROPERTY")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Map<String, String> properties = new HashMap<String, String>();
public HibernateIdentityObjectCredential()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredentialType.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredentialType.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectCredentialType.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -29,6 +29,8 @@
import javax.persistence.Id;
import javax.persistence.GeneratedValue;
import javax.persistence.Column;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
@@ -36,15 +38,18 @@
*/
@Entity
@Table(name = "jbid_io_creden_type")
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectCredentialType implements IdentityObjectCredentialType
{
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Column(name = "NAME", unique = true)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
public HibernateIdentityObjectCredentialType()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationship.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationship.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationship.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -39,6 +39,8 @@
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.CollectionOfElements;
/**
@@ -47,40 +49,47 @@
*/
@Entity
@Table(name="jbid_io_rel", uniqueConstraints = {@UniqueConstraint(columnNames = {"NAME", "REL_TYPE", "FROM_IDENTITY", "TO_IDENTITY"})})
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectRelationship implements IdentityObjectRelationship
{
public static final String findIdentityObjectRelationshipsByType =
- "select r from HibernateIdentityObjectRelationship r where r.type.name like :typeName";
+ "select r from HibernateIdentityObjectRelationship r where r.type.name = :typeName";
public static final String findIdentityObjectRelationshipNamesByType =
- "select r.name from HibernateIdentityObjectRelationship r where r.type.name like :typeName";
+ "select r.name from HibernateIdentityObjectRelationship r where r.type.name = :typeName";
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@ManyToOne
@JoinColumn(nullable = true, unique = false, name="NAME")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObjectRelationshipName name;
@ManyToOne
@JoinColumn(nullable = false, name="REL_TYPE")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObjectRelationshipType type;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(nullable = false, name="FROM_IDENTITY")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObject fromIdentityObject;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(nullable = false, name="TO_IDENTITY")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateIdentityObject toIdentityObject;
@CollectionOfElements
@JoinTable(name = "jbid_io_rel_props", joinColumns = @JoinColumn(name = "REALATIONSHIP_ID", nullable=false))
@org.hibernate.annotations.MapKey(columns = @Column(name = "PROP_KEY", nullable=false))
@Column(name = "PROPERTY")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Map<String, String> properties = new HashMap<String, String>();
public HibernateIdentityObjectRelationship()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipName.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipName.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipName.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -35,6 +35,8 @@
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.Cascade;
import org.hibernate.annotations.CollectionOfElements;
@@ -44,6 +46,7 @@
*/
@Entity
@Table(name="jbid_io_rel_name", uniqueConstraints = {@UniqueConstraint(columnNames = {"NAME", "REALM"})})
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectRelationshipName
{
@@ -75,18 +78,19 @@
"r.fromIdentityObject = :identityObject or r.toIdentityObject = :identityObject " +
"order by r.name.name desc";
-
-
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Column(nullable = false, unique = true, name = "NAME")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
@ManyToOne
@JoinColumn(nullable = false, name="REALM")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private HibernateRealm realm;
@CollectionOfElements()
@@ -94,6 +98,7 @@
@org.hibernate.annotations.MapKey(columns = @Column(name = "PROP_KEY", nullable=false))
@Column(name = "PROPERTY")
@Cascade(value = {org.hibernate.annotations.CascadeType.DELETE_ORPHAN, org.hibernate.annotations.CascadeType.ALL})
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Map<String, String> properties = new HashMap<String, String>();
public HibernateIdentityObjectRelationshipName()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipType.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipType.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectRelationshipType.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -29,6 +29,8 @@
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
@@ -42,6 +44,7 @@
// })
@Entity
@Table(name = "jbid_io_rel_type")
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectRelationshipType implements IdentityObjectRelationshipType
{
@@ -52,9 +55,11 @@
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Column(nullable = false, unique = true, name="NAME")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
public HibernateIdentityObjectRelationshipType()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectTextAttribute.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectTextAttribute.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectTextAttribute.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -32,6 +32,8 @@
import javax.persistence.PrimaryKeyJoinColumn;
import javax.persistence.Table;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.CollectionOfElements;
/**
@@ -41,11 +43,13 @@
@Entity
@Table(name = "jbid_io_attr_text")
@PrimaryKeyJoinColumn(name = "ATTRIBUTE_ID")
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectTextAttribute extends HibernateIdentityObjectAttribute
{
@CollectionOfElements
@JoinTable(name = "jbid_io_attr_text_values", joinColumns = @JoinColumn(name = "VAL"))
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<String> values = new HashSet<String>();
public HibernateIdentityObjectTextAttribute()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectType.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectType.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateIdentityObjectType.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -30,6 +30,8 @@
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jboss.identity.idm.spi.model.IdentityObjectType;
/**
@@ -44,6 +46,7 @@
})
@Entity
@Table(name = "jbid_io_type")
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateIdentityObjectType implements IdentityObjectType
{
@@ -53,9 +56,11 @@
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Column(nullable = false, unique = true, name="NAME")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateRealm.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateRealm.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/model/hibernate/HibernateRealm.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -34,6 +34,8 @@
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
+import org.hibernate.annotations.Cache;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.hibernate.annotations.CollectionOfElements;
/**
@@ -42,24 +44,28 @@
*/
@Entity
@Table(name = "jbid_realm", uniqueConstraints = {@UniqueConstraint(columnNames = {"NAME"})})
+@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class HibernateRealm
{
public static final String findIRealmByName =
- "select o from HibernateRealm o where o.name like :name";
+ "select o from HibernateRealm o where o.name = :name";
@Id
@GeneratedValue
@Column(name = "ID")
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Long id;
@Column(name = "NAME", nullable = false)
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private String name;
@CollectionOfElements
@JoinTable(name = "jbid_io_realm_props", joinColumns = @JoinColumn(name = "REALM_ID", nullable=false))
@Column(name = "PROPERTY")
@org.hibernate.annotations.MapKey(columns = @Column(name = "prop_key", nullable=false))
+ @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Map<String, String> properties = new HashMap<String, String>();
public HibernateRealm()
Modified: idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java
===================================================================
--- idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-hibernate/src/main/java/org/jboss/identity/idm/impl/store/hibernate/HibernateIdentityStoreImpl.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -94,11 +94,11 @@
private final String QUERY_RELATIONSHIP_BY_FROM_TO_TYPE =
"select r from HibernateIdentityObjectRelationship r where r.fromIdentityObject = :fromIO and " +
- "r.toIdentityObject = :toIO and r.type.name like :typeName";
+ "r.toIdentityObject = :toIO and r.type.name = :typeName";
private final String QUERY_RELATIONSHIP_BY_FROM_TO_TYPE_NAME =
"select r from HibernateIdentityObjectRelationship r where r.fromIdentityObject = :fromIO and " +
- "r.toIdentityObject = :toIO and r.type.name like :typeName and r.name.name like :name";
+ "r.toIdentityObject = :toIO and r.type.name = :typeName and r.name.name = :name";
private final String QUERY_RELATIONSHIP_BY_IDENTITIES =
"select r from HibernateIdentityObjectRelationship r where " +
@@ -768,7 +768,7 @@
{
hqlString.append("select distinct ior.toIdentityObject from HibernateIdentityObjectRelationship ior where " +
- "ior.toIdentityObject.name like :nameFilter and ior.type.name like :relType and ior.fromIdentityObject = :identity");
+ "ior.toIdentityObject.name like :nameFilter and ior.type.name = :relType and ior.fromIdentityObject = :identity");
}
else
{
@@ -789,7 +789,7 @@
if (relationshipType != null)
{
hqlString.append("select distinct ior.fromIdentityObject from HibernateIdentityObjectRelationship ior where " +
- "ior.fromIdentityObject.name like :nameFilter and ior.type.name like :relType and ior.toIdentityObject = :identity");
+ "ior.fromIdentityObject.name like :nameFilter and ior.type.name = :relType and ior.toIdentityObject = :identity");
}
else
{
@@ -810,7 +810,7 @@
q = getHibernateSession(ctx).createQuery(hqlString.toString())
- .setParameter("identity",hibernateObject);
+ .setParameter("identity",hibernateObject).setCacheable(true);
if (relationshipType != null)
{
@@ -875,11 +875,10 @@
{
throw new IllegalArgumentException("RelationshipType is null");
}
-
- HibernateIdentityObject fromIO = safeGet(ctx, fromIdentity);
+ HibernateIdentityObject fromIO = safeGet(ctx, fromIdentity);
HibernateIdentityObject toIO = safeGet(ctx, toIdentity);
HibernateIdentityObjectRelationshipType type = getHibernateIdentityObjectRelationshipType(ctx, relationshipType);
-
+
if (!getSupportedFeatures().isRelationshipTypeSupported(fromIO.getIdentityType(), toIO.getIdentityType(), relationshipType))
{
if (!isAllowNotDefinedIdentityObjectTypes())
@@ -896,7 +895,7 @@
HibernateIdentityObjectRelationshipName relationshipName =
(HibernateIdentityObjectRelationshipName)getHibernateSession(ctx).
- createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", name)).
+ createCriteria(HibernateIdentityObjectRelationshipName.class).setCacheable(true).add(Restrictions.eq("name", name)).
uniqueResult();
if (relationshipName == null)
@@ -951,7 +950,8 @@
query = getHibernateSession(ctx).createQuery(QUERY_RELATIONSHIP_BY_FROM_TO_TYPE)
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
- .setParameter("typeName", type.getName());
+ .setParameter("typeName", type.getName())
+ .setCacheable(true);
}
else
{
@@ -969,7 +969,8 @@
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
.setParameter("typeName", type.getName())
- .setParameter("name", name);
+ .setParameter("name", name)
+ .setCacheable(true);
}
@@ -1073,6 +1074,7 @@
Criteria criteria = getHibernateSession(ctx).createCriteria(HibernateIdentityObjectRelationship.class);
+ criteria.setCacheable(true);
if (type != null)
{
@@ -1158,7 +1160,7 @@
try
{
HibernateIdentityObjectRelationshipName hiorn = (HibernateIdentityObjectRelationshipName)hibernateSession.createCriteria(HibernateIdentityObjectRelationshipName.class)
- .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).uniqueResult();
+ .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).setCacheable(true).uniqueResult();
if (hiorn == null)
{
@@ -1167,7 +1169,7 @@
List<HibernateIdentityObjectRelationship> rels = (List<HibernateIdentityObjectRelationship>)hibernateSession.
createCriteria(HibernateIdentityObjectRelationship.class)
- .add(Restrictions.eq("name", hiorn)).list();
+ .add(Restrictions.eq("name", hiorn)).setCacheable(true).list();
//Remove all present usages
for (HibernateIdentityObjectRelationship rel : rels)
@@ -1212,7 +1214,7 @@
}
else
{
- q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNames);
+ q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNames).setCacheable(true);;
}
q.setParameter("realm", getRealm(hibernateSession, ctx));
@@ -1271,16 +1273,16 @@
{
if (criteria.isAscending())
{
- q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNamesForIdentityObjectOrderedByNameAsc);
+ q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNamesForIdentityObjectOrderedByNameAsc).setCacheable(true);
}
else
{
- q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNamesForIdentityObjectOrdereByNameDesc);
+ q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNamesForIdentityObjectOrdereByNameDesc).setCacheable(true);
}
}
else
{
- q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNamesForIdentityObject);
+ q = hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNamesForIdentityObject).setCacheable(true);
}
q.setParameter("identityObject", hibernateObject);
@@ -1325,7 +1327,7 @@
try
{
HibernateIdentityObjectRelationshipName hiorn = (HibernateIdentityObjectRelationshipName)hibernateSession.createCriteria(HibernateIdentityObjectRelationshipName.class)
- .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).uniqueResult();
+ .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).setCacheable(true).uniqueResult();
if (hiorn == null)
{
@@ -1354,7 +1356,7 @@
try
{
HibernateIdentityObjectRelationshipName hiorn = (HibernateIdentityObjectRelationshipName)hibernateSession.createCriteria(HibernateIdentityObjectRelationshipName.class)
- .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).uniqueResult();
+ .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).setCacheable(true).uniqueResult();
if (hiorn == null)
{
@@ -1383,7 +1385,7 @@
try
{
HibernateIdentityObjectRelationshipName hiorn = (HibernateIdentityObjectRelationshipName)hibernateSession.createCriteria(HibernateIdentityObjectRelationshipName.class)
- .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).uniqueResult();
+ .add(Restrictions.eq("name", name)).add(Restrictions.eq("realm", getRealm(hibernateSession, ctx))).setCacheable(true).uniqueResult();
if (hiorn == null)
{
@@ -1422,7 +1424,7 @@
HibernateIdentityObjectRelationshipName relationshipName =
(HibernateIdentityObjectRelationshipName)getHibernateSession(ctx)
.createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", relationship.getName()))
- .uniqueResult();
+ .setCacheable(true).uniqueResult();
if (relationshipName == null)
{
@@ -1433,7 +1435,8 @@
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
.setParameter("typeName", type.getName())
- .setParameter("name", relationship.getName());
+ .setParameter("name", relationship.getName())
+ .setCacheable(true);
}
@@ -1462,13 +1465,15 @@
query = getHibernateSession(ctx).createQuery(QUERY_RELATIONSHIP_BY_FROM_TO_TYPE)
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
- .setParameter("typeName", type.getName());
+ .setParameter("typeName", type.getName())
+ .setCacheable(true);
}
else
{
HibernateIdentityObjectRelationshipName relationshipName =
(HibernateIdentityObjectRelationshipName)getHibernateSession(ctx)
.createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", relationship.getName()))
+ .setCacheable(true)
.uniqueResult();
if (relationshipName == null)
@@ -1480,7 +1485,8 @@
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
.setParameter("typeName", type.getName())
- .setParameter("name", relationship.getName());
+ .setParameter("name", relationship.getName())
+ .setCacheable(true);
}
@@ -1509,13 +1515,15 @@
query = getHibernateSession(ctx).createQuery(QUERY_RELATIONSHIP_BY_FROM_TO_TYPE)
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
- .setParameter("typeName", type.getName());
+ .setParameter("typeName", type.getName())
+ .setCacheable(true);
}
else
{
HibernateIdentityObjectRelationshipName relationshipName =
(HibernateIdentityObjectRelationshipName)getHibernateSession(ctx)
.createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", relationship.getName()))
+ .setCacheable(true)
.uniqueResult();
if (relationshipName == null)
@@ -1527,7 +1535,8 @@
.setParameter("fromIO", fromIO)
.setParameter("toIO", toIO)
.setParameter("typeName", type.getName())
- .setParameter("name", relationship.getName());
+ .setParameter("name", relationship.getName())
+ .setCacheable(true);
}
@@ -2283,13 +2292,13 @@
Session hibernateSession = getHibernateSession(ctx);
-
try
{
hibernateObject = (HibernateIdentityObject)hibernateSession.createQuery(HibernateIdentityObject.findIdentityObjectByNameAndType)
.setParameter("name", io.getName())
.setParameter("typeName", io.getIdentityType().getName())
.setParameter("realm", getRealm(hibernateSession, ctx))
+ .setCacheable(true)
.uniqueResult();
}
catch (Exception e)
@@ -2312,6 +2321,7 @@
relationshipType = (HibernateIdentityObjectRelationshipType)hibernateSession.
createQuery(HibernateIdentityObjectRelationshipType.findIdentityObjectRelationshipTypeByName)
.setParameter("name", iot.getName())
+ .setCacheable(true)
.uniqueResult();
}
catch (Exception e)
@@ -2435,8 +2445,8 @@
if (!isRealmAware())
{
realm = (HibernateRealm)hibernateSession.
- createCriteria(HibernateRealm.class).add(Restrictions.eq("name", DEFAULT_REALM_NAME)).uniqueResult();
-
+ createCriteria(HibernateRealm.class).setCacheable(true).add(Restrictions.eq("name", DEFAULT_REALM_NAME)).setCacheable(true).uniqueResult();
+
if (realm == null)
{
throw new IllegalStateException("Default store realm is not present: " + DEFAULT_REALM_NAME);
@@ -2445,10 +2455,9 @@
}
else
{
- realm = (HibernateRealm)hibernateSession.
- createCriteria(HibernateRealm.class).add(Restrictions.eq("name", ctx.getRealmId())).uniqueResult();
+ realm = (HibernateRealm)hibernateSession.
+ createCriteria(HibernateRealm.class).add(Restrictions.eq("name", ctx.getRealmId())).setCacheable(true).uniqueResult();
-
// TODO: other way to not lazy initialize realm? special method called on every new session creation
if (realm == null)
{
@@ -2458,8 +2467,8 @@
}
}
+
-
return realm;
}
Modified: idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity-classes.cfg.xml
===================================================================
--- idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity-classes.cfg.xml 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity-classes.cfg.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -28,7 +28,7 @@
<hibernate-configuration>
<session-factory>
- <property name="show_sql">false</property>
+ <property name="hibernate.show_sql">false</property>
<property name="cache.use_second_level_cache">true</property>
<property name="cache.use_query_cache">false</property>
Modified: idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity.cfg.xml
===================================================================
--- idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity.cfg.xml 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/idm-testsuite/src/test/resources/hibernate-jboss-identity.cfg.xml 2009-11-03 01:22:13 UTC (rev 900)
@@ -28,7 +28,7 @@
<hibernate-configuration>
<session-factory>
- <property name="show_sql">false</property>
+ <property name="hibernate.show_sql">false</property>
<property name="cache.use_second_level_cache">true</property>
<property name="cache.use_query_cache">false</property>
Modified: idm/trunk/integration/jboss5/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMService.java
===================================================================
--- idm/trunk/integration/jboss5/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMService.java 2009-11-02 15:43:05 UTC (rev 899)
+++ idm/trunk/integration/jboss5/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMService.java 2009-11-03 01:22:13 UTC (rev 900)
@@ -19,7 +19,7 @@
import org.hibernate.cfg.AnnotationConfiguration;
import org.hibernate.cfg.Configuration;
import org.hibernate.dialect.Dialect;
-import org.hibernate.dialect.DialectFactory;
+import org.hibernate.dialect.resolver.DialectFactory;
import org.jboss.identity.idm.api.IdentitySessionFactory;
import org.jboss.identity.idm.api.cfg.IdentityConfiguration;
import org.jboss.identity.idm.common.exception.IdentityException;
@@ -343,7 +343,7 @@
DatabaseMetaData meta = conn.getMetaData();
String databaseName = meta.getDatabaseProductName();
int databaseMajorVersion = getDatabaseMajorVersion(meta);
- dialectName = DialectFactory.determineDialect(databaseName, databaseMajorVersion);
+ dialectName = DialectFactory.buildDialect(null, conn);
logger.fine("Detected dialect " + dialectName + ", database is (" + databaseName + "," + databaseMajorVersion + ")");
} catch (Exception e) {
logger.warning(e.getMessage());
16 years, 6 months
- 1
- 0
JBoss Identity SVN: r899 - identity-federation/trunk/jboss-identity-fed-api/src/test/resources.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-11-02 10:43:05 -0500 (Mon, 02 Nov 2009)
New Revision: 899
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
Log:
minor change to location of log
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml 2009-11-02 07:56:02 UTC (rev 898)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml 2009-11-02 15:43:05 UTC (rev 899)
@@ -22,7 +22,7 @@
<!-- A time/date based rolling appender -->
<appender name="FILE" class="org.jboss.logging.appender.DailyRollingFileAppender">
- <param name="File" value="${basedir}/test.log"/>
+ <param name="File" value="${basedir}/target/test.log"/>
<param name="Append" value="true"/>
<!-- Rollover at midnight each day -->
16 years, 6 months
- 1
- 0
JBoss Identity SVN: r898 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust and 15 other directories.
by jboss-identity-commits@lists.jboss.org
Author: beve
Date: 2009-11-02 02:56:02 -0500 (Mon, 02 Nov 2009)
New Revision: 898
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/SamlCredentialParseException.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/WSTrustGeneralException.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/TestCallbackHandler.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/Util.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth/jboss-sts-client.properties
Removed:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth/jboss-sts-client.properties
Modified:
identity-federation/trunk/jboss-identity-fed-api/pom.xml
identity-federation/trunk/jboss-identity-fed-core/pom.xml
Log:
Work for https://jira.jboss.org/jira/browse/JBID-206 "Moving back to core".
Modified: identity-federation/trunk/jboss-identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-11-02 07:56:02 UTC (rev 898)
@@ -133,12 +133,6 @@
<version>1.8.0</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>xmlunit</groupId>
- <artifactId>xmlunit</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
</dependencies>
<reporting>
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,165 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.io.Serializable;
-import java.io.StringWriter;
-
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.identity.federation.api.wstrust.exceptions.SamlCredentialParseException;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.util.StringUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Credential that wraps a SAML Assertion.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public final class SamlCredential implements Serializable
-{
- private static final long serialVersionUID = -8496414959425288835L;
-
- private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
-
- private String assertion;
-
- public SamlCredential(final Element assertion)
- {
- if (assertion == null)
- throw new IllegalArgumentException("assertion Element must not be null");
-
- this.assertion = SamlCredential.assertionToString(assertion);
- }
-
- public SamlCredential(final String assertion)
- {
- if (StringUtil.isNullOrEmpty(assertion))
- throw new IllegalArgumentException("assertion String must not be null or empty");
-
- this.assertion = assertion;
- }
-
- public String getAssertionAsString()
- {
- return assertion;
- }
-
- public Element getAssertionAsElement() throws SamlCredentialParseException
- {
- return SamlCredential.assertionToElement(assertion);
- }
-
- @Override
- public boolean equals(final Object obj)
- {
- if (this == obj)
- return true;
-
- if (!(obj instanceof SamlCredential))
- return false;
-
- final SamlCredential that = (SamlCredential) obj;
- return this.assertion.equals(that.assertion);
- }
-
- @Override
- public int hashCode()
- {
- int result = 17;
- result = 31 * result + assertion.hashCode();
- return result;
- }
-
- @Override
- public String toString()
- {
- return "SamlCredential[" + assertion + "]";
- }
-
- public static Element assertionToElement(final String assertion) throws SamlCredentialParseException
- {
- try
- {
- Document document = DocumentUtil.getDocument(assertion);
- return (Element) document.getFirstChild();
- }
- catch (final ConfigurationException e)
- {
- throw new SamlCredentialParseException(e);
- }
- catch (final ParsingException e)
- {
- throw new SamlCredentialParseException(e);
- }
- catch (final ProcessingException e)
- {
- throw new SamlCredentialParseException(e);
- }
- }
-
- public static String assertionToString(final Element assertion)
- {
- if (assertion == null)
- throw new IllegalArgumentException("assertion Element must not be null");
-
- try
- {
- final Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-
- final Source source = new DOMSource(assertion);
- final StringWriter writer = new StringWriter();
- final Result result = new StreamResult(writer);
-
- transformer.transform(source, result);
-
- return writer.toString();
- }
- catch (final TransformerConfigurationException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- catch (final TransformerFactoryConfigurationError e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- catch (final TransformerException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- }
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,499 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import java.io.IOException;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.wstrust.SamlCredential;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.STSClientFactory;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
-import org.w3c.dom.Element;
-
-/**
- * Abstract JAAS LoginModule for JBoss STS (Security Token Service).
- * </p>
- *
- * Subclasses are required to implement {@link #invokeSTS(STSClient)()} to perform their specific actions.
- *
- * <h3>Configuration</h3>
- * Concrete implementations specify from where the username and credentials should be read from.
- * <lu>
- * <li>Callback handler, {@link NameCallback} and {@link PasswordCallback}.</li>
- * <li>From the login modules options configuration.</li>
- * <li>From the login modules earlier in the login modules stack.</li>
- * </lu>
- *
- * <h3>Configuration example</h3>
- * 1. Callbackhandler configuration:
- * <pre>{@code
- * <application-policy name="saml-issue-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }
- * </pre>
- * 2. Login module options configuration:
- * <pre>{@code
- * <application-policy name="saml-issue-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * <module-option name="useOptionsCredentials">true</module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }
- * </pre>
- * 3. Password stacking configuration:
- * <pre>{@code
- * <application-policy name="saml-issue-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * <module-option name="password-stacking">useFirstPass</module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }
- * </pre>
- *
- * <h3>Password stacking</h3>
- * Password stacking can be configured which means that a Login module configured with 'password-stacking' set to 'true'
- * will set the username and password in the shared state map. Login modules that come after can set 'password-stacking'
- * to 'useFirstPass' which means that that login module will use the username and password from the shared map.
- * <p/>
- *
- * Subclasses can define more configuration options by overriding initialize.
- * Also note that subclasses are not forced to put configuration options in a file. They
- * can all be set as options just like the 'configFile' is specified above.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public abstract class AbstractSTSLoginModule implements LoginModule
-{
- private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
-
- /**
- * Key used in share state map when LMs are stacked.
- */
- public static final String SHARED_TOKEN = "org.jboss.identity.federation.core.wstrust.lm.stsToken";
-
- /**
- * Options configuration name;
- */
- public static final String OPTIONS_CREDENTIALS = "useOptionsCredentials";
-
- /**
- * Options configuration name;
- */
- public static final String OPTIONS_PW_STACKING = "password-stacking";
-
- /**
- * This is the required option that should identify the configuration
- * file for WSTrustClient.
- */
- public static final String STS_CONFIG_FILE = "configFile";
-
- /**
- * The subject to be populated.
- */
- private Subject subject;
-
- /**
- * Callback handler used to gather information from the caller.
- */
- private CallbackHandler callbackHandler;
-
- /**
- * WS-Trust SAML Assertion element.
- */
- private Element samlToken;
-
- /**
- * The outcome of the authentication process.
- */
- private boolean success;
-
- /**
- * The options map passed into this login modules initalize method.
- */
- private Map<String, ?> options;
-
- /**
- * The shared state map passed into this login modules initalize method.
- */
- private Map<String, ?> sharedState;
-
- /**
- * Indicates whether password stacking option was configured.
- */
- private boolean passwordStacking;
-
- /**
- * Indicates whether the password-stacking options was specifed as 'useFirstPass'.
- */
- private boolean useFirstPass;
-
- /**
- * Indicates whether the 'useOptionsCredentials' was configured.
- */
- private boolean useOptionsCredentials;
-
- /**
- * Initialized this login module. Simple stores the passed in fields and
- * also validates the options.
- *
- * @param subject
- * The subject to authenticate/populate.
- * @param callbackHandler
- * The callbackhandler that will gather information required by
- * this login module.
- * @param sharedState
- * State that is shared with other login modules. Used when
- * modules are chained/stacked.
- * @param options
- * The options that were specified for this login module.
- */
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.options = options;
- this.sharedState = sharedState;
-
- final String pwStackingOption = (String) options.get(OPTIONS_PW_STACKING);
- passwordStacking = pwStackingOption != null;
- if (passwordStacking)
- useFirstPass = "useFirstPass".equals(pwStackingOption);
-
- final Boolean useOptionsCreds = Boolean.valueOf((String)options.get(OPTIONS_CREDENTIALS));
- if (useOptionsCreds != null)
- useOptionsCredentials = useOptionsCreds.booleanValue();
- }
-
- /**
- * Subclasses must implement the login to perform their specific tasks.
- *
- * The login module should call {@link #setSamlToken(Element)} with the saml token
- * element that should be added to the public credentials in {@link #commit()}.
- *
- * @return true If the login was successful otherwise false.
- * @throws LoginException If an error occurs while trying to perform the authentication.
- */
- public boolean login() throws LoginException
- {
- try
- {
- final Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
- if (useOptionsCredentials)
- {
- useCredentialsFromOptions(builder, options);
- }
- else if (isUseFirstPass())
- {
- useCredentialsFromSharedState(builder);
- }
- else
- {
- useCredentialsFromCallback(builder);
- }
-
- if (passwordStacking)
- setPasswordStackingCredentials(builder);
-
- final STSClient stsClient = createWSTrustClient(builder.build());
-
- final Element token = invokeSTS(stsClient);
-
- if (token == null)
- {
- // Throw an exception as returing false only says that this login module should be ignored.
- throw new LoginException("Could not issue a SAML Security Token");
- }
- setSuccess(true);
- setSamlToken(token);
- setSharedToken(token);
- return true;
- }
- catch (WSTrustException e)
- {
- throw new LoginException("WSTrustException : " + e.getMessage());
- }
- }
-
- public abstract Element invokeSTS(final STSClient stsclient) throws WSTrustException, LoginException;
-
- /**
- * Commit will package the samlToken set by the login method in a new {@link SamlCredential}.
- * This new SamlCredential will be put into the Subject public credentials set.
- */
- public boolean commit() throws LoginException
- {
- if (success)
- {
- final SamlCredential samlCredential = new SamlCredential(samlToken);
- final boolean added = subject.getPublicCredentials().add(samlCredential);
- if (added && log.isDebugEnabled())
- log.debug("Added Credential :" + samlCredential);
-
- return true;
- }
- else
- {
- return false;
- }
- }
-
- /**
- * Called if the overall authentication failed (phase 2).
- */
- public boolean abort() throws LoginException
- {
- success = false;
- clearState();
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- clearState();
- return true;
- }
-
- protected void useCredentialsFromCallback(final Builder builder) throws LoginException
- {
- final NameCallback nameCallback = new NameCallback("user:");
- final PasswordCallback passwordCallback = new PasswordCallback("password:", true);
- try
- {
- getCallbackHandler().handle(new Callback[] { nameCallback, passwordCallback });
- builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
- }
- catch (final IOException e)
- {
- throw new LoginException(e.getMessage());
- }
- catch (final UnsupportedCallbackException e)
- {
- throw new LoginException(e.getMessage());
- }
- }
-
- @SuppressWarnings("unchecked")
- private void setPasswordStackingCredentials(final Builder builder)
- {
- final Map sharedState = (Map) this.sharedState;
- sharedState.put("javax.security.auth.login.name", builder.getUsername());
- sharedState.put("javax.security.auth.login.password", builder.getPassword());
- }
-
- protected void useCredentialsFromSharedState(final Builder builder)
- {
- builder.username(getSharedUsername()).password(new String(getSharedPassword()));
- }
-
- /**
- * This method allows subclassed to retreive configuration options map
- * and set on the builder.
- *
- * @param builder
- * @param options
- */
- protected void useCredentialsFromOptions(Builder builder, Map<String, ?> options2)
- {
- // NoOp.
- }
-
-
- /**
- * This method gives users a chance to override how the {@link STSClientConfig} is created.
- * For example some users might perfer to not use a file containing the configuration
- * properties, which is the default, but instead have the configuration options in the
- * login modules configuration directly.
- *
- * @param options The options passed to the initialize method.
- * @return {@link STSClientConfig} The configuration for STSClient.
- */
- protected STSClientConfig getConfiguration(final Map<String, ?> options)
- {
- final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
- return new STSClientConfig.Builder(configFile).build();
- }
-
- protected STSClient createWSTrustClient(final STSClientConfig config)
- {
- try
- {
- return STSClientFactory.getInstance().create(config);
- }
- catch (final ParsingException e)
- {
- throw new IllegalStateException("Could not create WSTrustClient:", e);
- }
- }
-
- protected String getRequiredOption(final Map<String, ?> options, final String optionName)
- {
- final String option = (String) options.get(optionName);
- if (option == null)
- throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
-
- return option;
- }
-
- protected boolean isSuccess()
- {
- return success;
- }
-
- protected void setSuccess(boolean success)
- {
- this.success = success;
- }
-
- protected Subject getSubject()
- {
- return subject;
- }
-
- protected CallbackHandler getCallbackHandler()
- {
- return callbackHandler;
- }
-
- protected void setSamlToken(final Element samlToken)
- {
- this.samlToken = samlToken;
- }
-
- @SuppressWarnings ("unchecked")
- protected void setSharedToken(final Object token)
- {
- if (sharedState == null)
- return;
- /*
- * This is hidious but must be done since the signature of initialize in LoginModule is:
- * public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- * Notice how sharedState is defined. This means that it will not be possible to put anything into that map
- * without bypassing generics.
- */
- // Cast the shartState to a raw map
- final Map state = (Map) sharedState;
- // Put the Token into the shared state map
- state.put(SHARED_TOKEN, token);
- }
-
- /**
- * Gets Security Token from the share state map if one was made available by
- * a previous LM in the stack.
- *
- * @return Object A security token if one was stored in the shared state map. Or null if one does not exist.
- */
- protected Object getSharedToken()
- {
- if (sharedState == null)
- return null;
-
- return sharedState.get(SHARED_TOKEN);
- }
-
- /**
- * Gets the options provided to this LM in it's {@link #initialize(Subject, CallbackHandler, Map, Map)}.
- *
- * @return Map<String, ?> The options map.
- */
- protected Map<String, ?> getOptions()
- {
- return options;
- }
-
- protected String getSharedUsername()
- {
- if (sharedState == null)
- return null;
-
- return (String) sharedState.get("javax.security.auth.login.name");
- }
-
- protected char[] getSharedPassword()
- {
- if (sharedState == null)
- return null;
-
- final Object object = sharedState.get("javax.security.auth.login.password");
- if (object instanceof char[])
- return (char[]) object;
- else if (object instanceof String)
- return ((String) object).toCharArray();
-
- return null;
- }
-
- protected boolean isUseFirstPass()
- {
- return useFirstPass;
- }
-
- protected boolean isUsePasswordStacking()
- {
- return passwordStacking;
- }
-
- protected boolean isUseOptionsConfig()
- {
- return useOptionsCredentials;
- }
-
- private void clearState()
- {
- removeAllSamlCredentials(subject);
- samlToken = null;
- }
-
- private void removeAllSamlCredentials(final Subject subject)
- {
- final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
- if (!samlCredentials.isEmpty())
- {
- subject.getPublicCredentials().removeAll(samlCredentials);
- }
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,88 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.w3c.dom.Element;
-
-/**
- * JAAS LoginModule for JBoss STS (Security Token Service) that issues security tokens.
- *
- * <h3>Configuration example</h3>
- * <pre>{@code
- * <application-policy name="saml-issue-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * <module-option name="endpointURI"></module-option>
- * <module-option name="tokenType"></module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }
- * </pre>
- *
- * This login module expects to be created with a callback handler that can handle {@link NameCallback}
- * and a {@link PasswordCallback}, which should be match the username and password for whom a security
- * token will be issued.
- * <p/>
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class STSIssuingLoginModule extends AbstractSTSLoginModule
-{
- public static final String ENDPOINT_OPTION = "endpointURI";
- public static final String TOKEN_TYPE_OPTION = "tokenType";
-
- private String endpointURI;
- private String tokenType;
-
- @Override
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
-
- endpointURI = (String) options.get(ENDPOINT_OPTION);
- tokenType = (String) options.get(TOKEN_TYPE_OPTION);
- }
-
- /**
- * This method will issue a token for the configured user.
- *
- * @return Element The issued element.
- * @throws LoginException If an error occurs while trying to perform the authentication.
- */
- public Element invokeSTS(final STSClient stsClient) throws WSTrustException
- {
- return stsClient.issueToken(endpointURI, tokenType);
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,105 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.w3c.dom.Element;
-
-/**
- * JAAS LoginModule for JBoss STS (Security Token Service) that validates security tokens.
- * </p>
- * This LoginModule only performs validation of existing SAML Assertions and does not issue
- * any such Assertions.
- *
- * <h3>Configuration example</h3>
- * <pre>{@code
- * <application-policy name="saml-validate-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }</pre>
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public class STSValidatingLoginModule extends AbstractSTSLoginModule
-{
- private Logger log = Logger.getLogger(STSValidatingLoginModule.class);
-
- /**
- * This method will validate the token with the configured STS.
- *
- * @return Element The token that was validated.
- * @throws LoginException If it was not possible to validate the token for any reason.
- */
- public Element invokeSTS(final STSClient stsClient) throws WSTrustException, LoginException
- {
- try
- {
- // See if a previous stacked login module stored the token.
- Element token = (Element) getSharedToken();
-
- if (token == null)
- token = getSamlTokenFromCaller();
-
- final boolean result = stsClient.validateToken(token);
- log.debug("Validation result: " + result);
- if (result == false)
- {
- // Throw an exception as returing false only says that this login module should be ignored.
- throw new LoginException("Could not validate the SAML Security Token :" + token);
- }
-
- return token;
- }
- catch (final IOException e)
- {
- throw new LoginException("IOException : " + e.getMessage());
- }
- catch (final UnsupportedCallbackException e)
- {
- throw new LoginException("UnsupportedCallbackException : " + e.getMessage());
- }
- }
-
- private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException
- {
- final TokenCallback callback = new TokenCallback();
-
- getCallbackHandler().handle(new Callback[] { callback });
-
- final Element token = (Element) callback.getToken();
- if (token == null)
- throw new LoginException("Could not locate a Security Token from the callback.");
-
- return token;
- }
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,49 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import javax.security.auth.callback.Callback;
-
-/**
- * Simple callback that stores an object.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class TokenCallback implements Callback
-{
- private transient Object token;
-
- public Object getToken()
- {
- return token;
- }
-
- public void setToken(final Object token)
- {
- this.token = token;
- }
-
- public void clearToken()
- {
- token = null;
- }
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,27 +0,0 @@
-package org.jboss.identity.federation.api.wstrust.exceptions;
-
-public class SamlCredentialParseException extends WSTrustGeneralException
-{
- private static final long serialVersionUID = 8877976632951911364L;
-
- public SamlCredentialParseException()
- {
- super();
- }
-
- public SamlCredentialParseException(final String message, final Throwable cause)
- {
- super(message, cause);
- }
-
- public SamlCredentialParseException(final String message)
- {
- super(message);
- }
-
- public SamlCredentialParseException(final Throwable cause)
- {
- super(cause);
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,54 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.exceptions;
-
-import java.security.GeneralSecurityException;
-
-/**
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class WSTrustGeneralException extends GeneralSecurityException
-{
- private static final long serialVersionUID = -6855476286470782334L;
-
- public WSTrustGeneralException()
- {
- super();
- }
-
- public WSTrustGeneralException(final String message, final Throwable cause)
- {
- super(message, cause);
- }
-
- public WSTrustGeneralException(final String msg)
- {
- super(msg);
- }
-
- public WSTrustGeneralException(final Throwable cause)
- {
- super(cause);
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,90 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.io.StringReader;
-
-import junit.framework.TestCase;
-
-import org.custommonkey.xmlunit.XMLAssert;
-import org.custommonkey.xmlunit.XMLUnit;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.xml.sax.InputSource;
-
-/**
- * Unit test for {@link SamlCredential}.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public class SamlCredentialTestCase extends TestCase
-{
- private Element assertionElement;
- private InputSource expectedAssertion;
-
- public void setUp() throws Exception
- {
- XMLUnit.setIgnoreWhitespace(true);
- final Document assertionDoc = DocumentUtil.getDocument(getClass().getResourceAsStream("/wstrust/assertion.xml"));
- assertionElement = (Element) assertionDoc.getFirstChild();
- expectedAssertion = new InputSource(getClass().getResourceAsStream("/wstrust/assertion-expected.xml"));
- }
-
- public void testStringConstructor() throws Exception
- {
- final SamlCredential samlPrincipal = new SamlCredential(DocumentUtil.getNodeAsString(assertionElement));
-
- final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
- XMLAssert.assertXMLEqual(expectedAssertion, actual);
- }
-
- public void testElementConstructor() throws Exception
- {
- final SamlCredential samlPrincipal = new SamlCredential(assertionElement);
-
- final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
- XMLAssert.assertXMLEqual(expectedAssertion, actual);
- }
-
- public void testShouldThrowIfStringIsNull()
- {
- try
- {
- new SamlCredential((String)null);
- fail("Should not be allowed to create a SamlCredential with a null token string");
- }
- catch(final Exception e)
- {
- assertTrue(e instanceof IllegalArgumentException);
- }
- }
-
- public void testEqualsContract() throws Exception
- {
- final SamlCredential samlPrincipal1 = new SamlCredential(assertionElement);
- final SamlCredential samlPrincipal2 = new SamlCredential(assertionElement);
- assertEquals(samlPrincipal1, samlPrincipal2);
- assertEquals(samlPrincipal1.hashCode(), samlPrincipal2.hashCode());
- }
-
-}
-
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,130 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.w3c.dom.Element;
-
-import junit.framework.TestCase;
-
-/***
- * Unit test for {@link AbstractSTSLoginModule}.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public class AbstractSTSLoginModuleTestCase extends TestCase
-{
- public void testOptionsConfig()
- {
- final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null);
- final Map<String, String> sharedState = new HashMap<String, String>();
- final Map<String, String> options = Util.allOptions();
- options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
-
- loginModule.initialize(new Subject(), null, sharedState, options);
-
- assertTrue(loginModule.isUseOptionsConfig());
- assertFalse(loginModule.isUsePasswordStacking());
- assertFalse(loginModule.isUseFirstPass());
- }
-
- public void testOptionsConfigWithPasswordStacking() throws Exception
- {
- final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken());
- final Map<String, String> sharedState = new HashMap<String, String>();
- final Map<String, String> options = Util.allOptions();
- options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
- options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
-
- loginModule.initialize(new Subject(), null, sharedState, options);
-
- assertTrue(loginModule.isUseOptionsConfig());
- assertTrue(loginModule.isUsePasswordStacking());
- assertFalse(loginModule.isUseFirstPass());
-
- loginModule.login();
-
- assertEquals("user1", loginModule.getSharedUsername());
- assertEquals("pass1", new String(loginModule.getSharedPassword()));
- }
-
- public void testCallback()
- {
- final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null);
- final Map<String, String> sharedState = new HashMap<String, String>();
- final Map<String, String> options = Util.allOptions();
- TestCallbackHandler callbackHandler = new TestCallbackHandler("Mr.Poon", "rosen");
-
- loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
-
- assertFalse(loginModule.isUseOptionsConfig());
- assertFalse(loginModule.isUsePasswordStacking());
- assertFalse(loginModule.isUseFirstPass());
- }
-
- public void testCallbackWithPasswordStacking() throws Exception
- {
- final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken());
- final Map<String, String> sharedState = new HashMap<String, String>();
- final Map<String, String> options = Util.allOptions();
- options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
- final String username = "Mr.Poon";
- final String password = "rosen";
-
- TestCallbackHandler callbackHandler = new TestCallbackHandler(username, password);
-
- loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
-
- assertFalse(loginModule.isUseOptionsConfig());
- assertTrue(loginModule.isUsePasswordStacking());
- assertFalse(loginModule.isUseFirstPass());
-
- loginModule.login();
-
- assertEquals(username, loginModule.getSharedUsername());
- assertEquals(password, new String(loginModule.getSharedPassword()));
- }
-
- class FakeSTSLoginModule extends AbstractSTSLoginModule
- {
- private Element token;
-
- public FakeSTSLoginModule(final Element token)
- {
- this.token = token;
- }
-
- @Override
- public Element invokeSTS(STSClient stsclient) throws WSTrustException, LoginException
- {
- return token;
- }
-
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,125 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-
-import junit.framework.TestCase;
-
-import org.jboss.identity.federation.api.wstrust.SamlCredential;
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.w3c.dom.Element;
-
-/**
- * Unit test for {@link STSIssuingLoginModule}
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public class STSIssuingLoginModuleTestCase extends TestCase
-{
- private STSClient stsClient;
-
- public void setUp()
- {
- stsClient = mock(STSClient.class);
- }
-
- public void testLoginWithValidToken() throws Exception
- {
- // Make the issueToken() method return a token.
- when(stsClient.issueToken(any(String.class), any(String.class))).thenReturn(Util.createSamlToken());
-
- final STSIssuingLoginModule loginModule = new FakeSTSIssuingLoginModule(stsClient);
- final CallbackHandler callbackHandler = new TestCallbackHandler("admin", "admin");
- final Subject subject = new Subject();
- final HashMap<String, Object> sharedState = new HashMap<String, Object>();
-
- loginModule.initialize(subject, callbackHandler, sharedState, allOptions());
-
- // Simulate Phase 1
- assertTrue(loginModule.login());
-
- final Object token = loginModule.getSharedToken();
- assertNotNull(token);
- assertTrue(token instanceof Element);
-
- // Simulate Phase 2
- assertTrue(loginModule.commit());
-
- final Set<SamlCredential> samlCredentials = subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
- assertEquals(1, samlCredentials.size());
- }
-
- public void testUseFirstPass()
- {
- final String username = "Fletch";
- final String password = "letMeIn";
- final STSIssuingLoginModule loginModule = new STSIssuingLoginModule();
- final Subject subject = new Subject();
-
- final HashMap<String, Object> sharedState = new HashMap<String, Object>();
- sharedState.put("javax.security.auth.login.name", username);
- sharedState.put("javax.security.auth.login.password", password.toCharArray());
-
- final Map<String, String> options = allOptions();
- options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "useFirstPass");
-
- loginModule.initialize(subject, null, sharedState, options);
-
- assertTrue(loginModule.isUseFirstPass());
- assertEquals(username, loginModule.getSharedUsername());
- assertEquals(password, new String(loginModule.getSharedPassword()));
- }
-
- private Map<String, String> allOptions()
- {
- final Map<String, String> options = Util.allOptions();
- options.put(STSIssuingLoginModule.ENDPOINT_OPTION, "someUrl");
- options.put(STSIssuingLoginModule.TOKEN_TYPE_OPTION, "someTokenType");
- return options;
- }
-
- private class FakeSTSIssuingLoginModule extends STSIssuingLoginModule
- {
- private STSClient client;
-
- public FakeSTSIssuingLoginModule(final STSClient client)
- {
- this.client = client;
- }
-
- @Override
- protected STSClient createWSTrustClient(final STSClientConfig config)
- {
- return client;
- }
- }
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,172 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.api.wstrust.SamlCredential;
-import org.w3c.dom.Element;
-
-import junit.framework.TestCase;
-
-/**
- * Unit test for {@link STSIssuingLoginModule}.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public class STSValidatingLoginModuleTestCase extends TestCase
-{
- private STSClient stsClient;
-
- public void setUp()
- {
- stsClient = mock(STSClient.class);
- }
-
- public void testLoginWithValidToken() throws Exception
- {
- // Make the validateToken() method return true.
- when(stsClient.validateToken(any(Element.class))).thenReturn(true);
-
- final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
- final CallbackHandler callbackHandler = new TestCallbackHandler(Util.createSamlToken());
- final Subject subject = new Subject();
-
- loginModule.initialize(subject, callbackHandler, null, getAllOptions());
-
- // Simulate Phase 1
- assertTrue(loginModule.login());
-
- // Simulate Phase 2
- assertTrue(loginModule.commit());
-
- final Set<SamlCredential> samlCredentials = subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
- assertEquals(1, samlCredentials.size());
- }
-
- public void testLoginWithInValidToken() throws Exception
- {
- // Make the validateToken() method return false.
- when(stsClient.validateToken(any(Element.class))).thenReturn(false);
-
- final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
- final CallbackHandler callbackHandler = new TestCallbackHandler(Util.createSamlToken());
-
- loginModule.initialize(new Subject(), callbackHandler, null, getAllOptions());
-
- try
- {
- // Simulate Phase 1
- loginModule.login();
- fail("login should have thrown a LoginException!");
- }
- catch (final Exception e)
- {
- assertTrue(e instanceof LoginException);
- }
- }
-
- public void testStackedModules() throws Exception
- {
- // Make the validateToken() method return true.
- when(stsClient.validateToken(any(Element.class))).thenReturn(true);
-
- final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
- final Element token = Util.createSamlToken();
-
- final Subject subject = new Subject();
-
- final Map<String, Object> sharedState = new HashMap<String, Object>();
-
- loginModule.initialize(subject, null, sharedState, getAllOptions());
- // Simlulate that a previous LM stored a security token in the shared state.
- loginModule.setSharedToken(token);
-
- // Simulate Phase 1
- assertTrue(loginModule.login());
-
- // Simulate Phase 2
- assertTrue(loginModule.commit());
-
- final Set<SamlCredential> samlCredentials = subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
- assertEquals(1, samlCredentials.size());
- }
-
- private Map<String, String> getAllOptions()
- {
- Map<String, String> options = Util.allOptions();
- options.put("useOptionsCredentials", "true");
- return options;
- }
-
- private class TestCallbackHandler implements CallbackHandler
- {
- private final Object token;
-
- public TestCallbackHandler(final Object token)
- {
- this.token = token;
- }
-
- public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for (Callback callback : callbacks)
- {
- if (callback instanceof TokenCallback)
- {
- ((TokenCallback)callback).setToken(token);
- }
- }
- }
- }
-
- private class FakeSTSValidatingLoginModule extends STSValidatingLoginModule
- {
- private STSClient client;
-
- public FakeSTSValidatingLoginModule(final STSClient client)
- {
- this.client = client;
- }
-
- @Override
- protected STSClient createWSTrustClient(final STSClientConfig config)
- {
- return client;
- }
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,58 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-/**
- * Simple callback handler for unit tests.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class TestCallbackHandler implements CallbackHandler
-{
- private final String username;
- private final String password;
-
- public TestCallbackHandler(final String username, final String password)
- {
- this.username = username;
- this.password = password;
- }
-
- public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for (Callback callback : callbacks)
- {
- if (callback instanceof NameCallback)
- ((NameCallback) callback).setName(username);
- if (callback instanceof PasswordCallback)
- ((PasswordCallback) callback).setPassword(password.toCharArray());
- }
- }
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,55 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust.auth;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.w3c.dom.Element;
-
-/**
- * Test util methods.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public final class Util
-{
- private Util()
- {
- }
-
- public static Element createSamlToken() throws Exception
- {
- final AssertionType assertionType = new AssertionType();
- return SAMLUtil.toElement(assertionType);
- }
-
- public static Map<String, String> allOptions()
- {
- Map<String, String> options = new HashMap<String, String>();
- options.put(AbstractSTSLoginModule.STS_CONFIG_FILE, "wstrust/auth/jboss-sts-client.properties");
- return options;
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,30 +0,0 @@
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
- <Issuer>JBossSTS</Issuer>
- <Subject>
- <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
- </Subject>
- <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
- <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
- </dsig:Modulus>
- <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- </dsig:KeyInfo>
- </dsig:Signature>
-</Assertion>
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
- <Issuer>JBossSTS</Issuer>
- <Subject>
- <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
- </Subject>
- <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
- <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
- </dsig:Modulus>
- <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- </dsig:KeyInfo>
- </dsig:Signature>
-</Assertion>
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth/jboss-sts-client.properties
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth/jboss-sts-client.properties 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth/jboss-sts-client.properties 2009-11-02 07:56:02 UTC (rev 898)
@@ -1,5 +0,0 @@
-serviceName=JBossSTS
-portName=JBossSTSPort
-endpointAddress=http://test:8080/JBossSTS
-username=user1
-password=pass1
Modified: identity-federation/trunk/jboss-identity-fed-core/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-11-01 18:30:07 UTC (rev 897)
+++ identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-11-02 07:56:02 UTC (rev 898)
@@ -114,6 +114,12 @@
<version>2.2.14.GA</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>xmlunit</groupId>
+ <artifactId>xmlunit</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<reporting>
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,165 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.io.Serializable;
+import java.io.StringWriter;
+
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.identity.federation.core.wstrust.exceptions.SamlCredentialParseException;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.StringUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Credential that wraps a SAML Assertion.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public final class SamlCredential implements Serializable
+{
+ private static final long serialVersionUID = -8496414959425288835L;
+
+ private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
+
+ private String assertion;
+
+ public SamlCredential(final Element assertion)
+ {
+ if (assertion == null)
+ throw new IllegalArgumentException("assertion Element must not be null");
+
+ this.assertion = SamlCredential.assertionToString(assertion);
+ }
+
+ public SamlCredential(final String assertion)
+ {
+ if (StringUtil.isNullOrEmpty(assertion))
+ throw new IllegalArgumentException("assertion String must not be null or empty");
+
+ this.assertion = assertion;
+ }
+
+ public String getAssertionAsString()
+ {
+ return assertion;
+ }
+
+ public Element getAssertionAsElement() throws SamlCredentialParseException
+ {
+ return SamlCredential.assertionToElement(assertion);
+ }
+
+ @Override
+ public boolean equals(final Object obj)
+ {
+ if (this == obj)
+ return true;
+
+ if (!(obj instanceof SamlCredential))
+ return false;
+
+ final SamlCredential that = (SamlCredential) obj;
+ return this.assertion.equals(that.assertion);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ int result = 17;
+ result = 31 * result + assertion.hashCode();
+ return result;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "SamlCredential[" + assertion + "]";
+ }
+
+ public static Element assertionToElement(final String assertion) throws SamlCredentialParseException
+ {
+ try
+ {
+ Document document = DocumentUtil.getDocument(assertion);
+ return (Element) document.getFirstChild();
+ }
+ catch (final ConfigurationException e)
+ {
+ throw new SamlCredentialParseException(e);
+ }
+ catch (final ParsingException e)
+ {
+ throw new SamlCredentialParseException(e);
+ }
+ catch (final ProcessingException e)
+ {
+ throw new SamlCredentialParseException(e);
+ }
+ }
+
+ public static String assertionToString(final Element assertion)
+ {
+ if (assertion == null)
+ throw new IllegalArgumentException("assertion Element must not be null");
+
+ try
+ {
+ final Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+
+ final Source source = new DOMSource(assertion);
+ final StringWriter writer = new StringWriter();
+ final Result result = new StreamResult(writer);
+
+ transformer.transform(source, result);
+
+ return writer.toString();
+ }
+ catch (final TransformerConfigurationException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ catch (final TransformerFactoryConfigurationError e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ catch (final TransformerException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,499 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import java.io.IOException;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.STSClientFactory;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.w3c.dom.Element;
+
+/**
+ * Abstract JAAS LoginModule for JBoss STS (Security Token Service).
+ * </p>
+ *
+ * Subclasses are required to implement {@link #invokeSTS(STSClient)()} to perform their specific actions.
+ *
+ * <h3>Configuration</h3>
+ * Concrete implementations specify from where the username and credentials should be read from.
+ * <lu>
+ * <li>Callback handler, {@link NameCallback} and {@link PasswordCallback}.</li>
+ * <li>From the login modules options configuration.</li>
+ * <li>From the login modules earlier in the login modules stack.</li>
+ * </lu>
+ *
+ * <h3>Configuration example</h3>
+ * 1. Callbackhandler configuration:
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ * 2. Login module options configuration:
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * <module-option name="useOptionsCredentials">true</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ * 3. Password stacking configuration:
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * <module-option name="password-stacking">useFirstPass</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ *
+ * <h3>Password stacking</h3>
+ * Password stacking can be configured which means that a Login module configured with 'password-stacking' set to 'true'
+ * will set the username and password in the shared state map. Login modules that come after can set 'password-stacking'
+ * to 'useFirstPass' which means that that login module will use the username and password from the shared map.
+ * <p/>
+ *
+ * Subclasses can define more configuration options by overriding initialize.
+ * Also note that subclasses are not forced to put configuration options in a file. They
+ * can all be set as options just like the 'configFile' is specified above.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public abstract class AbstractSTSLoginModule implements LoginModule
+{
+ private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
+
+ /**
+ * Key used in share state map when LMs are stacked.
+ */
+ public static final String SHARED_TOKEN = "org.jboss.identity.federation.core.wstrust.lm.stsToken";
+
+ /**
+ * Options configuration name;
+ */
+ public static final String OPTIONS_CREDENTIALS = "useOptionsCredentials";
+
+ /**
+ * Options configuration name;
+ */
+ public static final String OPTIONS_PW_STACKING = "password-stacking";
+
+ /**
+ * This is the required option that should identify the configuration
+ * file for WSTrustClient.
+ */
+ public static final String STS_CONFIG_FILE = "configFile";
+
+ /**
+ * The subject to be populated.
+ */
+ private Subject subject;
+
+ /**
+ * Callback handler used to gather information from the caller.
+ */
+ private CallbackHandler callbackHandler;
+
+ /**
+ * WS-Trust SAML Assertion element.
+ */
+ private Element samlToken;
+
+ /**
+ * The outcome of the authentication process.
+ */
+ private boolean success;
+
+ /**
+ * The options map passed into this login modules initalize method.
+ */
+ private Map<String, ?> options;
+
+ /**
+ * The shared state map passed into this login modules initalize method.
+ */
+ private Map<String, ?> sharedState;
+
+ /**
+ * Indicates whether password stacking option was configured.
+ */
+ private boolean passwordStacking;
+
+ /**
+ * Indicates whether the password-stacking options was specifed as 'useFirstPass'.
+ */
+ private boolean useFirstPass;
+
+ /**
+ * Indicates whether the 'useOptionsCredentials' was configured.
+ */
+ private boolean useOptionsCredentials;
+
+ /**
+ * Initialized this login module. Simple stores the passed in fields and
+ * also validates the options.
+ *
+ * @param subject
+ * The subject to authenticate/populate.
+ * @param callbackHandler
+ * The callbackhandler that will gather information required by
+ * this login module.
+ * @param sharedState
+ * State that is shared with other login modules. Used when
+ * modules are chained/stacked.
+ * @param options
+ * The options that were specified for this login module.
+ */
+ public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.options = options;
+ this.sharedState = sharedState;
+
+ final String pwStackingOption = (String) options.get(OPTIONS_PW_STACKING);
+ passwordStacking = pwStackingOption != null;
+ if (passwordStacking)
+ useFirstPass = "useFirstPass".equals(pwStackingOption);
+
+ final Boolean useOptionsCreds = Boolean.valueOf((String)options.get(OPTIONS_CREDENTIALS));
+ if (useOptionsCreds != null)
+ useOptionsCredentials = useOptionsCreds.booleanValue();
+ }
+
+ /**
+ * Subclasses must implement the login to perform their specific tasks.
+ *
+ * The login module should call {@link #setSamlToken(Element)} with the saml token
+ * element that should be added to the public credentials in {@link #commit()}.
+ *
+ * @return true If the login was successful otherwise false.
+ * @throws LoginException If an error occurs while trying to perform the authentication.
+ */
+ public boolean login() throws LoginException
+ {
+ try
+ {
+ final Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
+ if (useOptionsCredentials)
+ {
+ useCredentialsFromOptions(builder, options);
+ }
+ else if (isUseFirstPass())
+ {
+ useCredentialsFromSharedState(builder);
+ }
+ else
+ {
+ useCredentialsFromCallback(builder);
+ }
+
+ if (passwordStacking)
+ setPasswordStackingCredentials(builder);
+
+ final STSClient stsClient = createWSTrustClient(builder.build());
+
+ final Element token = invokeSTS(stsClient);
+
+ if (token == null)
+ {
+ // Throw an exception as returing false only says that this login module should be ignored.
+ throw new LoginException("Could not issue a SAML Security Token");
+ }
+ setSuccess(true);
+ setSamlToken(token);
+ setSharedToken(token);
+ return true;
+ }
+ catch (WSTrustException e)
+ {
+ throw new LoginException("WSTrustException : " + e.getMessage());
+ }
+ }
+
+ public abstract Element invokeSTS(final STSClient stsclient) throws WSTrustException, LoginException;
+
+ /**
+ * Commit will package the samlToken set by the login method in a new {@link SamlCredential}.
+ * This new SamlCredential will be put into the Subject public credentials set.
+ */
+ public boolean commit() throws LoginException
+ {
+ if (success)
+ {
+ final SamlCredential samlCredential = new SamlCredential(samlToken);
+ final boolean added = subject.getPublicCredentials().add(samlCredential);
+ if (added && log.isDebugEnabled())
+ log.debug("Added Credential :" + samlCredential);
+
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * Called if the overall authentication failed (phase 2).
+ */
+ public boolean abort() throws LoginException
+ {
+ success = false;
+ clearState();
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ clearState();
+ return true;
+ }
+
+ protected void useCredentialsFromCallback(final Builder builder) throws LoginException
+ {
+ final NameCallback nameCallback = new NameCallback("user:");
+ final PasswordCallback passwordCallback = new PasswordCallback("password:", true);
+ try
+ {
+ getCallbackHandler().handle(new Callback[] { nameCallback, passwordCallback });
+ builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
+ }
+ catch (final IOException e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ catch (final UnsupportedCallbackException e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void setPasswordStackingCredentials(final Builder builder)
+ {
+ final Map sharedState = (Map) this.sharedState;
+ sharedState.put("javax.security.auth.login.name", builder.getUsername());
+ sharedState.put("javax.security.auth.login.password", builder.getPassword());
+ }
+
+ protected void useCredentialsFromSharedState(final Builder builder)
+ {
+ builder.username(getSharedUsername()).password(new String(getSharedPassword()));
+ }
+
+ /**
+ * This method allows subclassed to retreive configuration options map
+ * and set on the builder.
+ *
+ * @param builder
+ * @param options
+ */
+ protected void useCredentialsFromOptions(Builder builder, Map<String, ?> options2)
+ {
+ // NoOp.
+ }
+
+
+ /**
+ * This method gives users a chance to override how the {@link STSClientConfig} is created.
+ * For example some users might perfer to not use a file containing the configuration
+ * properties, which is the default, but instead have the configuration options in the
+ * login modules configuration directly.
+ *
+ * @param options The options passed to the initialize method.
+ * @return {@link STSClientConfig} The configuration for STSClient.
+ */
+ protected STSClientConfig getConfiguration(final Map<String, ?> options)
+ {
+ final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
+ return new STSClientConfig.Builder(configFile).build();
+ }
+
+ protected STSClient createWSTrustClient(final STSClientConfig config)
+ {
+ try
+ {
+ return STSClientFactory.getInstance().create(config);
+ }
+ catch (final ParsingException e)
+ {
+ throw new IllegalStateException("Could not create WSTrustClient:", e);
+ }
+ }
+
+ protected String getRequiredOption(final Map<String, ?> options, final String optionName)
+ {
+ final String option = (String) options.get(optionName);
+ if (option == null)
+ throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
+
+ return option;
+ }
+
+ protected boolean isSuccess()
+ {
+ return success;
+ }
+
+ protected void setSuccess(boolean success)
+ {
+ this.success = success;
+ }
+
+ protected Subject getSubject()
+ {
+ return subject;
+ }
+
+ protected CallbackHandler getCallbackHandler()
+ {
+ return callbackHandler;
+ }
+
+ protected void setSamlToken(final Element samlToken)
+ {
+ this.samlToken = samlToken;
+ }
+
+ @SuppressWarnings ("unchecked")
+ protected void setSharedToken(final Object token)
+ {
+ if (sharedState == null)
+ return;
+ /*
+ * This is hidious but must be done since the signature of initialize in LoginModule is:
+ * public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ * Notice how sharedState is defined. This means that it will not be possible to put anything into that map
+ * without bypassing generics.
+ */
+ // Cast the shartState to a raw map
+ final Map state = (Map) sharedState;
+ // Put the Token into the shared state map
+ state.put(SHARED_TOKEN, token);
+ }
+
+ /**
+ * Gets Security Token from the share state map if one was made available by
+ * a previous LM in the stack.
+ *
+ * @return Object A security token if one was stored in the shared state map. Or null if one does not exist.
+ */
+ protected Object getSharedToken()
+ {
+ if (sharedState == null)
+ return null;
+
+ return sharedState.get(SHARED_TOKEN);
+ }
+
+ /**
+ * Gets the options provided to this LM in it's {@link #initialize(Subject, CallbackHandler, Map, Map)}.
+ *
+ * @return Map<String, ?> The options map.
+ */
+ protected Map<String, ?> getOptions()
+ {
+ return options;
+ }
+
+ protected String getSharedUsername()
+ {
+ if (sharedState == null)
+ return null;
+
+ return (String) sharedState.get("javax.security.auth.login.name");
+ }
+
+ protected char[] getSharedPassword()
+ {
+ if (sharedState == null)
+ return null;
+
+ final Object object = sharedState.get("javax.security.auth.login.password");
+ if (object instanceof char[])
+ return (char[]) object;
+ else if (object instanceof String)
+ return ((String) object).toCharArray();
+
+ return null;
+ }
+
+ protected boolean isUseFirstPass()
+ {
+ return useFirstPass;
+ }
+
+ protected boolean isUsePasswordStacking()
+ {
+ return passwordStacking;
+ }
+
+ protected boolean isUseOptionsConfig()
+ {
+ return useOptionsCredentials;
+ }
+
+ private void clearState()
+ {
+ removeAllSamlCredentials(subject);
+ samlToken = null;
+ }
+
+ private void removeAllSamlCredentials(final Subject subject)
+ {
+ final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
+ if (!samlCredentials.isEmpty())
+ {
+ subject.getPublicCredentials().removeAll(samlCredentials);
+ }
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+/**
+ * JAAS LoginModule for JBoss STS (Security Token Service) that issues security tokens.
+ *
+ * <h3>Configuration example</h3>
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * <module-option name="endpointURI"></module-option>
+ * <module-option name="tokenType"></module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ *
+ * This login module expects to be created with a callback handler that can handle {@link NameCallback}
+ * and a {@link PasswordCallback}, which should be match the username and password for whom a security
+ * token will be issued.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class STSIssuingLoginModule extends AbstractSTSLoginModule
+{
+ public static final String ENDPOINT_OPTION = "endpointURI";
+ public static final String TOKEN_TYPE_OPTION = "tokenType";
+
+ private String endpointURI;
+ private String tokenType;
+
+ @Override
+ public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+
+ endpointURI = (String) options.get(ENDPOINT_OPTION);
+ tokenType = (String) options.get(TOKEN_TYPE_OPTION);
+ }
+
+ /**
+ * This method will issue a token for the configured user.
+ *
+ * @return Element The issued element.
+ * @throws LoginException If an error occurs while trying to perform the authentication.
+ */
+ public Element invokeSTS(final STSClient stsClient) throws WSTrustException
+ {
+ return stsClient.issueToken(endpointURI, tokenType);
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+/**
+ * JAAS LoginModule for JBoss STS (Security Token Service) that validates security tokens.
+ * </p>
+ * This LoginModule only performs validation of existing SAML Assertions and does not issue
+ * any such Assertions.
+ *
+ * <h3>Configuration example</h3>
+ * <pre>{@code
+ * <application-policy name="saml-validate-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }</pre>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class STSValidatingLoginModule extends AbstractSTSLoginModule
+{
+ private Logger log = Logger.getLogger(STSValidatingLoginModule.class);
+
+ /**
+ * This method will validate the token with the configured STS.
+ *
+ * @return Element The token that was validated.
+ * @throws LoginException If it was not possible to validate the token for any reason.
+ */
+ public Element invokeSTS(final STSClient stsClient) throws WSTrustException, LoginException
+ {
+ try
+ {
+ // See if a previous stacked login module stored the token.
+ Element token = (Element) getSharedToken();
+
+ if (token == null)
+ token = getSamlTokenFromCaller();
+
+ final boolean result = stsClient.validateToken(token);
+ log.debug("Validation result: " + result);
+ if (result == false)
+ {
+ // Throw an exception as returing false only says that this login module should be ignored.
+ throw new LoginException("Could not validate the SAML Security Token :" + token);
+ }
+
+ return token;
+ }
+ catch (final IOException e)
+ {
+ throw new LoginException("IOException : " + e.getMessage());
+ }
+ catch (final UnsupportedCallbackException e)
+ {
+ throw new LoginException("UnsupportedCallbackException : " + e.getMessage());
+ }
+ }
+
+ private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException
+ {
+ final TokenCallback callback = new TokenCallback();
+
+ getCallbackHandler().handle(new Callback[] { callback });
+
+ final Element token = (Element) callback.getToken();
+ if (token == null)
+ throw new LoginException("Could not locate a Security Token from the callback.");
+
+ return token;
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * Simple callback that stores an object.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class TokenCallback implements Callback
+{
+ private transient Object token;
+
+ public Object getToken()
+ {
+ return token;
+ }
+
+ public void setToken(final Object token)
+ {
+ this.token = token;
+ }
+
+ public void clearToken()
+ {
+ token = null;
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/SamlCredentialParseException.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/SamlCredentialParseException.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/SamlCredentialParseException.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,27 @@
+package org.jboss.identity.federation.core.wstrust.exceptions;
+
+public class SamlCredentialParseException extends WSTrustGeneralException
+{
+ private static final long serialVersionUID = 8877976632951911364L;
+
+ public SamlCredentialParseException()
+ {
+ super();
+ }
+
+ public SamlCredentialParseException(final String message, final Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public SamlCredentialParseException(final String message)
+ {
+ super(message);
+ }
+
+ public SamlCredentialParseException(final Throwable cause)
+ {
+ super(cause);
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/WSTrustGeneralException.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/WSTrustGeneralException.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/exceptions/WSTrustGeneralException.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.exceptions;
+
+import java.security.GeneralSecurityException;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class WSTrustGeneralException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = -6855476286470782334L;
+
+ public WSTrustGeneralException()
+ {
+ super();
+ }
+
+ public WSTrustGeneralException(final String message, final Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public WSTrustGeneralException(final String msg)
+ {
+ super(msg);
+ }
+
+ public WSTrustGeneralException(final Throwable cause)
+ {
+ super(cause);
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,91 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.io.StringReader;
+
+import junit.framework.TestCase;
+
+import org.custommonkey.xmlunit.XMLAssert;
+import org.custommonkey.xmlunit.XMLUnit;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.InputSource;
+
+/**
+ * Unit test for {@link SamlCredential}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class SamlCredentialTestCase extends TestCase
+{
+ private Element assertionElement;
+ private InputSource expectedAssertion;
+
+ public void setUp() throws Exception
+ {
+ XMLUnit.setIgnoreWhitespace(true);
+ final Document assertionDoc = DocumentUtil.getDocument(getClass().getResourceAsStream("/wstrust/assertion.xml"));
+ assertionElement = (Element) assertionDoc.getFirstChild();
+ expectedAssertion = new InputSource(getClass().getResourceAsStream("/wstrust/assertion-expected.xml"));
+ }
+
+ public void testStringConstructor() throws Exception
+ {
+ final SamlCredential samlPrincipal = new SamlCredential(DocumentUtil.getNodeAsString(assertionElement));
+
+ final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
+ XMLAssert.assertXMLEqual(expectedAssertion, actual);
+ }
+
+ public void testElementConstructor() throws Exception
+ {
+ final SamlCredential samlPrincipal = new SamlCredential(assertionElement);
+
+ final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
+ XMLAssert.assertXMLEqual(expectedAssertion, actual);
+ }
+
+ public void testShouldThrowIfStringIsNull()
+ {
+ try
+ {
+ new SamlCredential((String)null);
+ fail("Should not be allowed to create a SamlCredential with a null token string");
+ }
+ catch(final Exception e)
+ {
+ assertTrue(e instanceof IllegalArgumentException);
+ }
+ }
+
+ public void testEqualsContract() throws Exception
+ {
+ final SamlCredential samlPrincipal1 = new SamlCredential(assertionElement);
+ final SamlCredential samlPrincipal2 = new SamlCredential(assertionElement);
+ assertEquals(samlPrincipal1, samlPrincipal2);
+ assertEquals(samlPrincipal1.hashCode(), samlPrincipal2.hashCode());
+ }
+
+}
+
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModuleTestCase.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModuleTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModuleTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,149 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import static org.mockito.Mockito.mock;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+import junit.framework.TestCase;
+
+/***
+ * Unit test for {@link AbstractSTSLoginModule}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class AbstractSTSLoginModuleTestCase extends TestCase
+{
+ private STSClient stsClient;
+
+ public void setUp()
+ {
+ stsClient = mock(STSClient.class);
+ }
+
+ public void testOptionsConfig()
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null, stsClient);
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
+
+ loginModule.initialize(new Subject(), null, sharedState, options);
+
+ assertTrue(loginModule.isUseOptionsConfig());
+ assertFalse(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+ }
+
+ public void testOptionsConfigWithPasswordStacking() throws Exception
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken(), stsClient);
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
+ options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
+
+ loginModule.initialize(new Subject(), null, sharedState, options);
+
+ assertTrue(loginModule.isUseOptionsConfig());
+ assertTrue(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+
+ loginModule.login();
+
+ assertEquals("user1", loginModule.getSharedUsername());
+ assertEquals("pass1", new String(loginModule.getSharedPassword()));
+ }
+
+ public void testCallback()
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null, stsClient);
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ TestCallbackHandler callbackHandler = new TestCallbackHandler("Mr.Poon", "rosen");
+
+ loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
+
+ assertFalse(loginModule.isUseOptionsConfig());
+ assertFalse(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+ }
+
+ public void testCallbackWithPasswordStacking() throws Exception
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken(), stsClient);
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
+ final String username = "Mr.Poon";
+ final String password = "rosen";
+
+ TestCallbackHandler callbackHandler = new TestCallbackHandler(username, password);
+
+ loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
+
+ assertFalse(loginModule.isUseOptionsConfig());
+ assertTrue(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+
+ loginModule.login();
+
+ assertEquals(username, loginModule.getSharedUsername());
+ assertEquals(password, new String(loginModule.getSharedPassword()));
+ }
+
+ class FakeSTSLoginModule extends AbstractSTSLoginModule
+ {
+ private Element token;
+ private final STSClient client;
+
+ public FakeSTSLoginModule(final Element token, final STSClient stsClient)
+ {
+ this.token = token;
+ client = stsClient;
+ }
+
+
+ @Override
+ protected STSClient createWSTrustClient(STSClientConfig config)
+ {
+ return client;
+ }
+
+ @Override
+ public Element invokeSTS(STSClient stsclient) throws WSTrustException, LoginException
+ {
+ return token;
+ }
+
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModuleTestCase.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModuleTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModuleTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,127 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
+import org.jboss.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
+import org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.w3c.dom.Element;
+
+/**
+ * Unit test for {@link STSIssuingLoginModule}
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class STSIssuingLoginModuleTestCase extends TestCase
+{
+ private STSClient stsClient;
+
+ public void setUp()
+ {
+ stsClient = mock(STSClient.class);
+ }
+
+ public void testLoginWithValidToken() throws Exception
+ {
+ // Make the issueToken() method return a token.
+ when(stsClient.issueToken(any(String.class), any(String.class))).thenReturn(Util.createSamlToken());
+
+ final STSIssuingLoginModule loginModule = new FakeSTSIssuingLoginModule(stsClient);
+ final CallbackHandler callbackHandler = new TestCallbackHandler("admin", "admin");
+ final Subject subject = new Subject();
+ final HashMap<String, Object> sharedState = new HashMap<String, Object>();
+
+ loginModule.initialize(subject, callbackHandler, sharedState, allOptions());
+
+ // Simulate Phase 1
+ assertTrue(loginModule.login());
+
+ final Object token = loginModule.getSharedToken();
+ assertNotNull(token);
+ assertTrue(token instanceof Element);
+
+ // Simulate Phase 2
+ assertTrue(loginModule.commit());
+
+ final Set<SamlCredential> samlCredentials = subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
+ assertEquals(1, samlCredentials.size());
+ }
+
+ public void testUseFirstPass()
+ {
+ final String username = "Fletch";
+ final String password = "letMeIn";
+ final STSIssuingLoginModule loginModule = new STSIssuingLoginModule();
+ final Subject subject = new Subject();
+
+ final HashMap<String, Object> sharedState = new HashMap<String, Object>();
+ sharedState.put("javax.security.auth.login.name", username);
+ sharedState.put("javax.security.auth.login.password", password.toCharArray());
+
+ final Map<String, String> options = allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "useFirstPass");
+
+ loginModule.initialize(subject, null, sharedState, options);
+
+ assertTrue(loginModule.isUseFirstPass());
+ assertEquals(username, loginModule.getSharedUsername());
+ assertEquals(password, new String(loginModule.getSharedPassword()));
+ }
+
+ private Map<String, String> allOptions()
+ {
+ final Map<String, String> options = Util.allOptions();
+ options.put(STSIssuingLoginModule.ENDPOINT_OPTION, "someUrl");
+ options.put(STSIssuingLoginModule.TOKEN_TYPE_OPTION, "someTokenType");
+ return options;
+ }
+
+ private class FakeSTSIssuingLoginModule extends STSIssuingLoginModule
+ {
+ private STSClient client;
+
+ public FakeSTSIssuingLoginModule(final STSClient client)
+ {
+ this.client = client;
+ }
+
+ @Override
+ protected STSClient createWSTrustClient(final STSClientConfig config)
+ {
+ return client;
+ }
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModuleTestCase.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModuleTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModuleTestCase.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,175 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.SamlCredential;
+import org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
+import org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule;
+import org.jboss.identity.federation.core.wstrust.auth.TokenCallback;
+import org.w3c.dom.Element;
+
+import junit.framework.TestCase;
+
+/**
+ * Unit test for {@link STSIssuingLoginModule}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class STSValidatingLoginModuleTestCase extends TestCase
+{
+ private STSClient stsClient;
+
+ public void setUp()
+ {
+ stsClient = mock(STSClient.class);
+ }
+
+ public void testLoginWithValidToken() throws Exception
+ {
+ // Make the validateToken() method return true.
+ when(stsClient.validateToken(any(Element.class))).thenReturn(true);
+
+ final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
+ final CallbackHandler callbackHandler = new TestCallbackHandler(Util.createSamlToken());
+ final Subject subject = new Subject();
+
+ loginModule.initialize(subject, callbackHandler, null, getAllOptions());
+
+ // Simulate Phase 1
+ assertTrue(loginModule.login());
+
+ // Simulate Phase 2
+ assertTrue(loginModule.commit());
+
+ final Set<SamlCredential> samlCredentials = subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
+ assertEquals(1, samlCredentials.size());
+ }
+
+ public void testLoginWithInValidToken() throws Exception
+ {
+ // Make the validateToken() method return false.
+ when(stsClient.validateToken(any(Element.class))).thenReturn(false);
+
+ final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
+ final CallbackHandler callbackHandler = new TestCallbackHandler(Util.createSamlToken());
+
+ loginModule.initialize(new Subject(), callbackHandler, null, getAllOptions());
+
+ try
+ {
+ // Simulate Phase 1
+ loginModule.login();
+ fail("login should have thrown a LoginException!");
+ }
+ catch (final Exception e)
+ {
+ assertTrue(e instanceof LoginException);
+ }
+ }
+
+ public void testStackedModules() throws Exception
+ {
+ // Make the validateToken() method return true.
+ when(stsClient.validateToken(any(Element.class))).thenReturn(true);
+
+ final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
+ final Element token = Util.createSamlToken();
+
+ final Subject subject = new Subject();
+
+ final Map<String, Object> sharedState = new HashMap<String, Object>();
+
+ loginModule.initialize(subject, null, sharedState, getAllOptions());
+ // Simlulate that a previous LM stored a security token in the shared state.
+ loginModule.setSharedToken(token);
+
+ // Simulate Phase 1
+ assertTrue(loginModule.login());
+
+ // Simulate Phase 2
+ assertTrue(loginModule.commit());
+
+ final Set<SamlCredential> samlCredentials = subject.<SamlCredential>getPublicCredentials(SamlCredential.class);
+ assertEquals(1, samlCredentials.size());
+ }
+
+ private Map<String, String> getAllOptions()
+ {
+ Map<String, String> options = Util.allOptions();
+ options.put("useOptionsCredentials", "true");
+ return options;
+ }
+
+ private class TestCallbackHandler implements CallbackHandler
+ {
+ private final Object token;
+
+ public TestCallbackHandler(final Object token)
+ {
+ this.token = token;
+ }
+
+ public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ for (Callback callback : callbacks)
+ {
+ if (callback instanceof TokenCallback)
+ {
+ ((TokenCallback)callback).setToken(token);
+ }
+ }
+ }
+ }
+
+ private class FakeSTSValidatingLoginModule extends STSValidatingLoginModule
+ {
+ private STSClient client;
+
+ public FakeSTSValidatingLoginModule(final STSClient client)
+ {
+ this.client = client;
+ }
+
+ @Override
+ protected STSClient createWSTrustClient(final STSClientConfig config)
+ {
+ return client;
+ }
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/TestCallbackHandler.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/TestCallbackHandler.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/TestCallbackHandler.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * Simple callback handler for unit tests.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class TestCallbackHandler implements CallbackHandler
+{
+ private final String username;
+ private final String password;
+
+ public TestCallbackHandler(final String username, final String password)
+ {
+ this.username = username;
+ this.password = password;
+ }
+
+ public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ for (Callback callback : callbacks)
+ {
+ if (callback instanceof NameCallback)
+ ((NameCallback) callback).setName(username);
+ if (callback instanceof PasswordCallback)
+ ((PasswordCallback) callback).setPassword(password.toCharArray());
+ }
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/Util.java (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/Util.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/Util.java 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.auth;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.w3c.dom.Element;
+
+/**
+ * Test util methods.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public final class Util
+{
+ private Util()
+ {
+ }
+
+ public static Element createSamlToken() throws Exception
+ {
+ final AssertionType assertionType = new AssertionType();
+ return SAMLUtil.toElement(assertionType);
+ }
+
+ public static Map<String, String> allOptions()
+ {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put(AbstractSTSLoginModule.STS_CONFIG_FILE, "wstrust/auth/jboss-sts-client.properties");
+ return options;
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,30 @@
+<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
+ <Issuer>JBossSTS</Issuer>
+ <Subject>
+ <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ </Subject>
+ <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
+ </dsig:Modulus>
+ <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Assertion>
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
+ <Issuer>JBossSTS</Issuer>
+ <Subject>
+ <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ </Subject>
+ <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
+ </dsig:Modulus>
+ <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Assertion>
Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth/jboss-sts-client.properties (from rev 897, identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth/jboss-sts-client.properties)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth/jboss-sts-client.properties (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth/jboss-sts-client.properties 2009-11-02 07:56:02 UTC (rev 898)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://test:8080/JBossSTS
+username=user1
+password=pass1
16 years, 6 months
- 1
- 0
JBoss Identity SVN: r897 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation and 17 other directories.
by jboss-identity-commits@lists.jboss.org
Author: beve
Date: 2009-11-01 13:30:07 -0500 (Sun, 01 Nov 2009)
New Revision: 897
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/core/
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth/
Removed:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth/
Modified:
identity-federation/trunk/jboss-identity-fed-api/pom.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java
identity-federation/trunk/jboss-identity-fed-core/pom.xml
Log:
Work for reopened https://jira.jboss.org/jira/browse/JBID-206 "Add JBossSTSLoginModule from JBossESB project"
Modified: identity-federation/trunk/jboss-identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-11-01 18:30:07 UTC (rev 897)
@@ -127,6 +127,18 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.8.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xmlunit</groupId>
+ <artifactId>xmlunit</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<reporting>
Copied: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SamlCredential.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,165 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust;
+
+import java.io.Serializable;
+import java.io.StringWriter;
+
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.identity.federation.api.wstrust.exceptions.SamlCredentialParseException;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.StringUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Credential that wraps a SAML Assertion.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public final class SamlCredential implements Serializable
+{
+ private static final long serialVersionUID = -8496414959425288835L;
+
+ private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
+
+ private String assertion;
+
+ public SamlCredential(final Element assertion)
+ {
+ if (assertion == null)
+ throw new IllegalArgumentException("assertion Element must not be null");
+
+ this.assertion = SamlCredential.assertionToString(assertion);
+ }
+
+ public SamlCredential(final String assertion)
+ {
+ if (StringUtil.isNullOrEmpty(assertion))
+ throw new IllegalArgumentException("assertion String must not be null or empty");
+
+ this.assertion = assertion;
+ }
+
+ public String getAssertionAsString()
+ {
+ return assertion;
+ }
+
+ public Element getAssertionAsElement() throws SamlCredentialParseException
+ {
+ return SamlCredential.assertionToElement(assertion);
+ }
+
+ @Override
+ public boolean equals(final Object obj)
+ {
+ if (this == obj)
+ return true;
+
+ if (!(obj instanceof SamlCredential))
+ return false;
+
+ final SamlCredential that = (SamlCredential) obj;
+ return this.assertion.equals(that.assertion);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ int result = 17;
+ result = 31 * result + assertion.hashCode();
+ return result;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "SamlCredential[" + assertion + "]";
+ }
+
+ public static Element assertionToElement(final String assertion) throws SamlCredentialParseException
+ {
+ try
+ {
+ Document document = DocumentUtil.getDocument(assertion);
+ return (Element) document.getFirstChild();
+ }
+ catch (final ConfigurationException e)
+ {
+ throw new SamlCredentialParseException(e);
+ }
+ catch (final ParsingException e)
+ {
+ throw new SamlCredentialParseException(e);
+ }
+ catch (final ProcessingException e)
+ {
+ throw new SamlCredentialParseException(e);
+ }
+ }
+
+ public static String assertionToString(final Element assertion)
+ {
+ if (assertion == null)
+ throw new IllegalArgumentException("assertion Element must not be null");
+
+ try
+ {
+ final Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+
+ final Source source = new DOMSource(assertion);
+ final StringWriter writer = new StringWriter();
+ final Result result = new StreamResult(writer);
+
+ transformer.transform(source, result);
+
+ return writer.toString();
+ }
+ catch (final TransformerConfigurationException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ catch (final TransformerFactoryConfigurationError e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ catch (final TransformerException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,499 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.auth;
+
+import java.io.IOException;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.wstrust.SamlCredential;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.STSClientFactory;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.w3c.dom.Element;
+
+/**
+ * Abstract JAAS LoginModule for JBoss STS (Security Token Service).
+ * </p>
+ *
+ * Subclasses are required to implement {@link #invokeSTS(STSClient)()} to perform their specific actions.
+ *
+ * <h3>Configuration</h3>
+ * Concrete implementations specify from where the username and credentials should be read from.
+ * <lu>
+ * <li>Callback handler, {@link NameCallback} and {@link PasswordCallback}.</li>
+ * <li>From the login modules options configuration.</li>
+ * <li>From the login modules earlier in the login modules stack.</li>
+ * </lu>
+ *
+ * <h3>Configuration example</h3>
+ * 1. Callbackhandler configuration:
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ * 2. Login module options configuration:
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * <module-option name="useOptionsCredentials">true</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ * 3. Password stacking configuration:
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * <module-option name="password-stacking">useFirstPass</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ *
+ * <h3>Password stacking</h3>
+ * Password stacking can be configured which means that a Login module configured with 'password-stacking' set to 'true'
+ * will set the username and password in the shared state map. Login modules that come after can set 'password-stacking'
+ * to 'useFirstPass' which means that that login module will use the username and password from the shared map.
+ * <p/>
+ *
+ * Subclasses can define more configuration options by overriding initialize.
+ * Also note that subclasses are not forced to put configuration options in a file. They
+ * can all be set as options just like the 'configFile' is specified above.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public abstract class AbstractSTSLoginModule implements LoginModule
+{
+ private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
+
+ /**
+ * Key used in share state map when LMs are stacked.
+ */
+ public static final String SHARED_TOKEN = "org.jboss.identity.federation.core.wstrust.lm.stsToken";
+
+ /**
+ * Options configuration name;
+ */
+ public static final String OPTIONS_CREDENTIALS = "useOptionsCredentials";
+
+ /**
+ * Options configuration name;
+ */
+ public static final String OPTIONS_PW_STACKING = "password-stacking";
+
+ /**
+ * This is the required option that should identify the configuration
+ * file for WSTrustClient.
+ */
+ public static final String STS_CONFIG_FILE = "configFile";
+
+ /**
+ * The subject to be populated.
+ */
+ private Subject subject;
+
+ /**
+ * Callback handler used to gather information from the caller.
+ */
+ private CallbackHandler callbackHandler;
+
+ /**
+ * WS-Trust SAML Assertion element.
+ */
+ private Element samlToken;
+
+ /**
+ * The outcome of the authentication process.
+ */
+ private boolean success;
+
+ /**
+ * The options map passed into this login modules initalize method.
+ */
+ private Map<String, ?> options;
+
+ /**
+ * The shared state map passed into this login modules initalize method.
+ */
+ private Map<String, ?> sharedState;
+
+ /**
+ * Indicates whether password stacking option was configured.
+ */
+ private boolean passwordStacking;
+
+ /**
+ * Indicates whether the password-stacking options was specifed as 'useFirstPass'.
+ */
+ private boolean useFirstPass;
+
+ /**
+ * Indicates whether the 'useOptionsCredentials' was configured.
+ */
+ private boolean useOptionsCredentials;
+
+ /**
+ * Initialized this login module. Simple stores the passed in fields and
+ * also validates the options.
+ *
+ * @param subject
+ * The subject to authenticate/populate.
+ * @param callbackHandler
+ * The callbackhandler that will gather information required by
+ * this login module.
+ * @param sharedState
+ * State that is shared with other login modules. Used when
+ * modules are chained/stacked.
+ * @param options
+ * The options that were specified for this login module.
+ */
+ public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.options = options;
+ this.sharedState = sharedState;
+
+ final String pwStackingOption = (String) options.get(OPTIONS_PW_STACKING);
+ passwordStacking = pwStackingOption != null;
+ if (passwordStacking)
+ useFirstPass = "useFirstPass".equals(pwStackingOption);
+
+ final Boolean useOptionsCreds = Boolean.valueOf((String)options.get(OPTIONS_CREDENTIALS));
+ if (useOptionsCreds != null)
+ useOptionsCredentials = useOptionsCreds.booleanValue();
+ }
+
+ /**
+ * Subclasses must implement the login to perform their specific tasks.
+ *
+ * The login module should call {@link #setSamlToken(Element)} with the saml token
+ * element that should be added to the public credentials in {@link #commit()}.
+ *
+ * @return true If the login was successful otherwise false.
+ * @throws LoginException If an error occurs while trying to perform the authentication.
+ */
+ public boolean login() throws LoginException
+ {
+ try
+ {
+ final Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
+ if (useOptionsCredentials)
+ {
+ useCredentialsFromOptions(builder, options);
+ }
+ else if (isUseFirstPass())
+ {
+ useCredentialsFromSharedState(builder);
+ }
+ else
+ {
+ useCredentialsFromCallback(builder);
+ }
+
+ if (passwordStacking)
+ setPasswordStackingCredentials(builder);
+
+ final STSClient stsClient = createWSTrustClient(builder.build());
+
+ final Element token = invokeSTS(stsClient);
+
+ if (token == null)
+ {
+ // Throw an exception as returing false only says that this login module should be ignored.
+ throw new LoginException("Could not issue a SAML Security Token");
+ }
+ setSuccess(true);
+ setSamlToken(token);
+ setSharedToken(token);
+ return true;
+ }
+ catch (WSTrustException e)
+ {
+ throw new LoginException("WSTrustException : " + e.getMessage());
+ }
+ }
+
+ public abstract Element invokeSTS(final STSClient stsclient) throws WSTrustException, LoginException;
+
+ /**
+ * Commit will package the samlToken set by the login method in a new {@link SamlCredential}.
+ * This new SamlCredential will be put into the Subject public credentials set.
+ */
+ public boolean commit() throws LoginException
+ {
+ if (success)
+ {
+ final SamlCredential samlCredential = new SamlCredential(samlToken);
+ final boolean added = subject.getPublicCredentials().add(samlCredential);
+ if (added && log.isDebugEnabled())
+ log.debug("Added Credential :" + samlCredential);
+
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * Called if the overall authentication failed (phase 2).
+ */
+ public boolean abort() throws LoginException
+ {
+ success = false;
+ clearState();
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ clearState();
+ return true;
+ }
+
+ protected void useCredentialsFromCallback(final Builder builder) throws LoginException
+ {
+ final NameCallback nameCallback = new NameCallback("user:");
+ final PasswordCallback passwordCallback = new PasswordCallback("password:", true);
+ try
+ {
+ getCallbackHandler().handle(new Callback[] { nameCallback, passwordCallback });
+ builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
+ }
+ catch (final IOException e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ catch (final UnsupportedCallbackException e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void setPasswordStackingCredentials(final Builder builder)
+ {
+ final Map sharedState = (Map) this.sharedState;
+ sharedState.put("javax.security.auth.login.name", builder.getUsername());
+ sharedState.put("javax.security.auth.login.password", builder.getPassword());
+ }
+
+ protected void useCredentialsFromSharedState(final Builder builder)
+ {
+ builder.username(getSharedUsername()).password(new String(getSharedPassword()));
+ }
+
+ /**
+ * This method allows subclassed to retreive configuration options map
+ * and set on the builder.
+ *
+ * @param builder
+ * @param options
+ */
+ protected void useCredentialsFromOptions(Builder builder, Map<String, ?> options2)
+ {
+ // NoOp.
+ }
+
+
+ /**
+ * This method gives users a chance to override how the {@link STSClientConfig} is created.
+ * For example some users might perfer to not use a file containing the configuration
+ * properties, which is the default, but instead have the configuration options in the
+ * login modules configuration directly.
+ *
+ * @param options The options passed to the initialize method.
+ * @return {@link STSClientConfig} The configuration for STSClient.
+ */
+ protected STSClientConfig getConfiguration(final Map<String, ?> options)
+ {
+ final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
+ return new STSClientConfig.Builder(configFile).build();
+ }
+
+ protected STSClient createWSTrustClient(final STSClientConfig config)
+ {
+ try
+ {
+ return STSClientFactory.getInstance().create(config);
+ }
+ catch (final ParsingException e)
+ {
+ throw new IllegalStateException("Could not create WSTrustClient:", e);
+ }
+ }
+
+ protected String getRequiredOption(final Map<String, ?> options, final String optionName)
+ {
+ final String option = (String) options.get(optionName);
+ if (option == null)
+ throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
+
+ return option;
+ }
+
+ protected boolean isSuccess()
+ {
+ return success;
+ }
+
+ protected void setSuccess(boolean success)
+ {
+ this.success = success;
+ }
+
+ protected Subject getSubject()
+ {
+ return subject;
+ }
+
+ protected CallbackHandler getCallbackHandler()
+ {
+ return callbackHandler;
+ }
+
+ protected void setSamlToken(final Element samlToken)
+ {
+ this.samlToken = samlToken;
+ }
+
+ @SuppressWarnings ("unchecked")
+ protected void setSharedToken(final Object token)
+ {
+ if (sharedState == null)
+ return;
+ /*
+ * This is hidious but must be done since the signature of initialize in LoginModule is:
+ * public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ * Notice how sharedState is defined. This means that it will not be possible to put anything into that map
+ * without bypassing generics.
+ */
+ // Cast the shartState to a raw map
+ final Map state = (Map) sharedState;
+ // Put the Token into the shared state map
+ state.put(SHARED_TOKEN, token);
+ }
+
+ /**
+ * Gets Security Token from the share state map if one was made available by
+ * a previous LM in the stack.
+ *
+ * @return Object A security token if one was stored in the shared state map. Or null if one does not exist.
+ */
+ protected Object getSharedToken()
+ {
+ if (sharedState == null)
+ return null;
+
+ return sharedState.get(SHARED_TOKEN);
+ }
+
+ /**
+ * Gets the options provided to this LM in it's {@link #initialize(Subject, CallbackHandler, Map, Map)}.
+ *
+ * @return Map<String, ?> The options map.
+ */
+ protected Map<String, ?> getOptions()
+ {
+ return options;
+ }
+
+ protected String getSharedUsername()
+ {
+ if (sharedState == null)
+ return null;
+
+ return (String) sharedState.get("javax.security.auth.login.name");
+ }
+
+ protected char[] getSharedPassword()
+ {
+ if (sharedState == null)
+ return null;
+
+ final Object object = sharedState.get("javax.security.auth.login.password");
+ if (object instanceof char[])
+ return (char[]) object;
+ else if (object instanceof String)
+ return ((String) object).toCharArray();
+
+ return null;
+ }
+
+ protected boolean isUseFirstPass()
+ {
+ return useFirstPass;
+ }
+
+ protected boolean isUsePasswordStacking()
+ {
+ return passwordStacking;
+ }
+
+ protected boolean isUseOptionsConfig()
+ {
+ return useOptionsCredentials;
+ }
+
+ private void clearState()
+ {
+ removeAllSamlCredentials(subject);
+ samlToken = null;
+ }
+
+ private void removeAllSamlCredentials(final Subject subject)
+ {
+ final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
+ if (!samlCredentials.isEmpty())
+ {
+ subject.getPublicCredentials().removeAll(samlCredentials);
+ }
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.auth;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+/**
+ * JAAS LoginModule for JBoss STS (Security Token Service) that issues security tokens.
+ *
+ * <h3>Configuration example</h3>
+ * <pre>{@code
+ * <application-policy name="saml-issue-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * <module-option name="endpointURI"></module-option>
+ * <module-option name="tokenType"></module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }
+ * </pre>
+ *
+ * This login module expects to be created with a callback handler that can handle {@link NameCallback}
+ * and a {@link PasswordCallback}, which should be match the username and password for whom a security
+ * token will be issued.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class STSIssuingLoginModule extends AbstractSTSLoginModule
+{
+ public static final String ENDPOINT_OPTION = "endpointURI";
+ public static final String TOKEN_TYPE_OPTION = "tokenType";
+
+ private String endpointURI;
+ private String tokenType;
+
+ @Override
+ public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+
+ endpointURI = (String) options.get(ENDPOINT_OPTION);
+ tokenType = (String) options.get(TOKEN_TYPE_OPTION);
+ }
+
+ /**
+ * This method will issue a token for the configured user.
+ *
+ * @return Element The issued element.
+ * @throws LoginException If an error occurs while trying to perform the authentication.
+ */
+ public Element invokeSTS(final STSClient stsClient) throws WSTrustException
+ {
+ return stsClient.issueToken(endpointURI, tokenType);
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+/**
+ * JAAS LoginModule for JBoss STS (Security Token Service) that validates security tokens.
+ * </p>
+ * This LoginModule only performs validation of existing SAML Assertions and does not issue
+ * any such Assertions.
+ *
+ * <h3>Configuration example</h3>
+ * <pre>{@code
+ * <application-policy name="saml-validate-token">
+ * <authentication>
+ * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
+ * <module-option name="configFile">/sts-client.properties</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ * }</pre>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class STSValidatingLoginModule extends AbstractSTSLoginModule
+{
+ private Logger log = Logger.getLogger(STSValidatingLoginModule.class);
+
+ /**
+ * This method will validate the token with the configured STS.
+ *
+ * @return Element The token that was validated.
+ * @throws LoginException If it was not possible to validate the token for any reason.
+ */
+ public Element invokeSTS(final STSClient stsClient) throws WSTrustException, LoginException
+ {
+ try
+ {
+ // See if a previous stacked login module stored the token.
+ Element token = (Element) getSharedToken();
+
+ if (token == null)
+ token = getSamlTokenFromCaller();
+
+ final boolean result = stsClient.validateToken(token);
+ log.debug("Validation result: " + result);
+ if (result == false)
+ {
+ // Throw an exception as returing false only says that this login module should be ignored.
+ throw new LoginException("Could not validate the SAML Security Token :" + token);
+ }
+
+ return token;
+ }
+ catch (final IOException e)
+ {
+ throw new LoginException("IOException : " + e.getMessage());
+ }
+ catch (final UnsupportedCallbackException e)
+ {
+ throw new LoginException("UnsupportedCallbackException : " + e.getMessage());
+ }
+ }
+
+ private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException
+ {
+ final TokenCallback callback = new TokenCallback();
+
+ getCallbackHandler().handle(new Callback[] { callback });
+
+ final Element token = (Element) callback.getToken();
+ if (token == null)
+ throw new LoginException("Could not locate a Security Token from the callback.");
+
+ return token;
+ }
+}
Copied: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/auth/TokenCallback.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.auth;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * Simple callback that stores an object.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class TokenCallback implements Callback
+{
+ private transient Object token;
+
+ public Object getToken()
+ {
+ return token;
+ }
+
+ public void setToken(final Object token)
+ {
+ this.token = token;
+ }
+
+ public void clearToken()
+ {
+ token = null;
+ }
+}
Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/SamlCredentialParseException.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,27 @@
+package org.jboss.identity.federation.api.wstrust.exceptions;
+
+public class SamlCredentialParseException extends WSTrustGeneralException
+{
+ private static final long serialVersionUID = 8877976632951911364L;
+
+ public SamlCredentialParseException()
+ {
+ super();
+ }
+
+ public SamlCredentialParseException(final String message, final Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public SamlCredentialParseException(final String message)
+ {
+ super(message);
+ }
+
+ public SamlCredentialParseException(final Throwable cause)
+ {
+ super(cause);
+ }
+
+}
Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/exceptions/WSTrustGeneralException.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.exceptions;
+
+import java.security.GeneralSecurityException;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class WSTrustGeneralException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = -6855476286470782334L;
+
+ public WSTrustGeneralException()
+ {
+ super();
+ }
+
+ public WSTrustGeneralException(final String message, final Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public WSTrustGeneralException(final String msg)
+ {
+ super(msg);
+ }
+
+ public WSTrustGeneralException(final Throwable cause)
+ {
+ super(cause);
+ }
+
+}
Copied: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth)
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,310 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust.auth;
-
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.STSClientFactory;
-import org.jboss.identity.federation.core.wstrust.SamlCredential;
-import org.w3c.dom.Element;
-
-/**
- * Abstract JAAS LoginModule for JBoss STS (Security Token Service).
- * </p>
- *
- * Subclasses are required to implement {@link #login()} to perform their specific actions.
- *
- * Subclasses can define more configuration options by overriding initialize.
- * Also note that subclasses are not forced to put configuration options in a file. They
- * can all be set as options just like the 'configFile' is specified above.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public abstract class AbstractSTSLoginModule implements LoginModule
-{
- private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
-
- /**
- * Key used in share state map when LMs are stacked.
- */
- public static final String SHARED_TOKEN = "org.jboss.identity.federation.core.wstrust.lm.stsToken";
-
- /**
- * This is the required option that should identify the configuration
- * file for WSTrustClient.
- */
- public static final String STS_CONFIG_FILE = "configFile";
-
- /**
- * The subject to be populated.
- */
- private Subject subject;
-
- /**
- * Callback handler used to gather information from the caller.
- */
- private CallbackHandler callbackHandler;
-
- /**
- * WS-Trust SAML Assertion element.
- */
- private Element samlToken;
-
- /**
- * The outcome of the authentication process.
- */
- private boolean success;
-
- /**
- * The options map passed into this login modules initalize method.
- */
- private Map<String, ?> options;
-
- /**
- * The shared state map passed into this login modules initalize method.
- */
- private Map<String, ?> sharedState;
-
- /**
- * Initialized this login module. Simple stores the passed in fields and
- * also validates the options.
- *
- * @param subject
- * The subject to authenticate/populate.
- * @param callbackHandler
- * The callbackhandler that will gather information required by
- * this login module.
- * @param sharedState
- * State that is shared with other login modules. Used when
- * modules are chained/stacked.
- * @param options
- * The options that were specified for this login module. See
- * "Usage" section of this types javadoc.
- */
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.options = options;
- this.sharedState = sharedState;
- }
-
- /**
- * Subclasses must implement the login to perform their specific tasks.
- *
- * The login module should call {@link #setSamlToken(Element)} with the saml token
- * element that should be added to the public credentials in {@link #commit()}.
- *
- * @return true If the login was successful otherwise false.
- * @throws LoginException If an error occurs while trying to perform the authentication.
- */
- public abstract boolean login() throws LoginException;
-
- /**
- * Commit will package the samlToken set by the login method in a new {@link SamlCredential}.
- * This new SamlCredential will be put into the Subject public credentials set.
- */
- public boolean commit() throws LoginException
- {
- if (success)
- {
- final SamlCredential samlCredential = new SamlCredential(samlToken);
- final boolean added = subject.getPublicCredentials().add(samlCredential);
- if (added && log.isDebugEnabled())
- log.debug("Added Credential :" + samlCredential);
-
- return true;
- }
- else
- {
- return false;
- }
- }
-
- /**
- * Called if the overall authentication failed (phase 2).
- */
- public boolean abort() throws LoginException
- {
- success = false;
- clearState();
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- clearState();
- return true;
- }
-
- /**
- * This method gives users a chance to override how the {@link STSClientConfig} is created.
- * For example some users might perfer to not use a file containing the configuration
- * properties, which is the default, but instead have the configuration options in the
- * login modules configuration directly.
- *
- * @param options The options passed to the initialize method.
- * @return {@link STSClientConfig} The configuration for STSClient.
- */
- protected STSClientConfig getConfiguration(final Map<String, ?> options)
- {
- final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
- return new STSClientConfig.Builder(configFile).build();
- }
-
- protected STSClient createWSTrustClient(final STSClientConfig config)
- {
- try
- {
- return STSClientFactory.getInstance().create(config);
- }
- catch (final ParsingException e)
- {
- throw new IllegalStateException("Could not create WSTrustClient:", e);
- }
- }
-
- protected String getRequiredOption(final Map<String, ?> options, final String optionName)
- {
- final String option = (String) options.get(optionName);
- if (option == null)
- throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
-
- return option;
- }
-
- protected boolean isSuccess()
- {
- return success;
- }
-
- protected void setSuccess(boolean success)
- {
- this.success = success;
- }
-
- protected Subject getSubject()
- {
- return subject;
- }
-
- protected CallbackHandler getCallbackHandler()
- {
- return callbackHandler;
- }
-
- protected void setSamlToken(final Element samlToken)
- {
- this.samlToken = samlToken;
- }
-
- @SuppressWarnings ("unchecked")
- protected void setSharedToken(final Object token)
- {
- if (sharedState == null)
- return;
- /*
- * This is hidious but must be done since the signature of initialize in LoginModule is:
- * public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- * Notice how sharedState is defined. This means that it will not be possible to put anything into that map
- * without bypassing generics.
- */
- // Cast the shartState to a raw map
- final Map state = (Map) sharedState;
- // Put the Token into the shared state map
- state.put(SHARED_TOKEN, token);
- }
-
- /**
- * Gets Security Token from the share state map if one was made available by
- * a previous LM in the stack.
- *
- * @return Object A security token if one was stored in the shared state map. Or null if one does not exist.
- */
- protected Object getSharedToken()
- {
- if (sharedState == null)
- return null;
-
- return sharedState.get(SHARED_TOKEN);
- }
-
- /**
- * Gets the options provided to this LM in it's {@link #initialize(Subject, CallbackHandler, Map, Map)}.
- *
- * @return Map<String, ?> The options map.
- */
- protected Map<String, ?> getOptions()
- {
- return options;
- }
-
- protected String getSharedUsername()
- {
- if (sharedState == null)
- return null;
-
- return (String) sharedState.get("javax.security.auth.login.name");
- }
-
- protected char[] getSharedPassword()
- {
- if (sharedState == null)
- return null;
-
- return (char[]) sharedState.get("javax.security.auth.login.password");
- }
-
- protected boolean isUseFirstPass()
- {
- if (options == null)
- return false;
-
- final String passwordStacking = (String) options.get("password-stacking");
- return "useFirstPass".equals(passwordStacking);
- }
-
- private void clearState()
- {
- removeAllSamlCredentials(subject);
- samlToken = null;
- }
-
- private void removeAllSamlCredentials(final Subject subject)
- {
- final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
- if (!samlCredentials.isEmpty())
- {
- subject.getPublicCredentials().removeAll(samlCredentials);
- }
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,150 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust.auth;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
-import org.w3c.dom.Element;
-
-/**
- * JAAS LoginModule for JBoss STS (Security Token Service) that issues security tokens.
- *
- * <h3>Configuration example</h3>
- * <pre>{@code
- * <application-policy name="saml-issue-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * <module-option name="endpointURI"></module-option>
- * <module-option name="tokenType"></module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }
- * </pre>
- *
- * This login module expects to be created callback handler that can handle {@link NameCallback}
- * and a {@link PasswordCallback}, which should be match the username and password for whom a security
- * token will be issued.
- * <p/>
- *
- * Password stacking is supported by using the option:
- * <pre>{@code
- * <module-option name="password-stacking">useFirstPass</module-option>
- * }</pre>
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class STSIssuingLoginModule extends AbstractSTSLoginModule
-{
- public static final String ENDPOINT_OPTION = "endpointURI";
- public static final String TOKEN_TYPE_OPTION = "tokenType";
-
- private String endpointURI;
- private String tokenType;
-
- @Override
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
-
- if (callbackHandler == null && !isUseFirstPass())
- {
- throw new IllegalArgumentException("CallbackHandler must not be null");
- }
-
- endpointURI = (String) options.get(ENDPOINT_OPTION);
- tokenType = (String) options.get(TOKEN_TYPE_OPTION);
- }
-
- /**
- * This method will issue a token for the configured user. This user will be either
- * be the user from a previous stacked login module or the username and
- * credentials will be retreived using the callbackhandler supplied to this
- * login module.
- *
- * @return true If the login was successful otherwise false.
- * @throws LoginException If an error occurs while trying to perform the authentication.
- */
- public boolean login() throws LoginException
- {
- try
- {
- final Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
- if (isUseFirstPass())
- {
- // Use username/password from shared state.
- builder.username(getSharedUsername()).password(new String(getSharedPassword()));
- }
- else
- {
- final NameCallback nameCallback = new NameCallback("user:");
- final PasswordCallback passwordCallback = new PasswordCallback("password:", true);
- try
- {
- getCallbackHandler().handle(new Callback[] { nameCallback, passwordCallback });
- // Use username/password from callbacks.
- builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
- }
- catch (final IOException e)
- {
- throw new LoginException(e.getMessage());
- }
- catch (final UnsupportedCallbackException e)
- {
- throw new LoginException(e.getMessage());
- }
- }
-
- final STSClient stsClient = createWSTrustClient(builder.build());
-
- final Element token = stsClient.issueToken(endpointURI, tokenType);
- if (token == null)
- {
- // Throw an exception as returing false only says that this login module should be ignored.
- throw new LoginException("Could not issue a SAML Security Token");
- }
- setSuccess(true);
- setSamlToken(token);
- setSharedToken(token);
- return true;
- }
- catch (WSTrustException e)
- {
- throw new LoginException("WSTrustException : " + e.getMessage());
- }
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModule.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,113 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust.auth;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.wstrust.STSClient;
-import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.w3c.dom.Element;
-
-/**
- * JAAS LoginModule for JBoss STS (Security Token Service) that validates security tokens.
- * </p>
- * This LoginModule only performs validation of existing SAML Assertions and
- * does not issue any such Assertions.
- *
- * <h3>Configuration example</h3>
- * <pre>{@code
- * <application-policy name="saml-validate-token">
- * <authentication>
- * <login-module code="org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
- * <module-option name="configFile">/sts-client.properties</module-option>
- * </login-module>
- * </authentication>
- * </application-policy>
- * }</pre>
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- */
-public class STSValidatingLoginModule extends AbstractSTSLoginModule
-{
- private Logger log = Logger.getLogger(STSValidatingLoginModule.class);
-
- /**
- * This method will validate the token retreived by the callback handler and validate
- * it with the configured STS.
- *
- * @return true If the login was successful otherwise false.
- * @throws LoginException If an error occurs while trying to perform the authentication.
- */
- public boolean login() throws LoginException
- {
- final STSClient stsClient = createWSTrustClient(getConfiguration(getOptions()));
- try
- {
- // See if a previous stacked login module stored the token.
- Element token = (Element) getSharedToken();
-
- if (token == null)
- token = getSamlTokenFromCaller();
-
- final boolean success = stsClient.validateToken(token);
- log.debug("Validation result: " + success);
- setSuccess(success);
- if (!isSuccess())
- {
- // Throw an exception as returing false only says that this login module should be ignored.
- throw new LoginException("Could not validate the SAML Security Token :" + token);
- }
- setSamlToken(token);
- return success;
- }
- catch (final WSTrustException e)
- {
- throw new LoginException("WSTrustException : " + e.getMessage());
- }
- catch (final IOException e)
- {
- throw new LoginException("IOException : " + e.getMessage());
- }
- catch (final UnsupportedCallbackException e)
- {
- throw new LoginException("UnsupportedCallbackException : " + e.getMessage());
- }
- }
-
- private Element getSamlTokenFromCaller() throws UnsupportedCallbackException, LoginException, IOException
- {
- final TokenCallback callback = new TokenCallback();
-
- getCallbackHandler().handle(new Callback[] { callback });
-
- final Element token = (Element) callback.getToken();
- if (token == null)
- throw new LoginException("Could not locate a Security Token from the callback.");
-
- return token;
- }
-
-}
Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/core/wstrust/auth/TokenCallback.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,49 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust.auth;
-
-import javax.security.auth.callback.Callback;
-
-/**
- * Simple callback that stores an object.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class TokenCallback implements Callback
-{
- private transient Object token;
-
- public Object getToken()
- {
- return token;
- }
-
- public void setToken(final Object token)
- {
- this.token = token;
- }
-
- public void clearToken()
- {
- token = null;
- }
-}
Copied: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/SamlCredentialTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust;
+
+import java.io.StringReader;
+
+import junit.framework.TestCase;
+
+import org.custommonkey.xmlunit.XMLAssert;
+import org.custommonkey.xmlunit.XMLUnit;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.InputSource;
+
+/**
+ * Unit test for {@link SamlCredential}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class SamlCredentialTestCase extends TestCase
+{
+ private Element assertionElement;
+ private InputSource expectedAssertion;
+
+ public void setUp() throws Exception
+ {
+ XMLUnit.setIgnoreWhitespace(true);
+ final Document assertionDoc = DocumentUtil.getDocument(getClass().getResourceAsStream("/wstrust/assertion.xml"));
+ assertionElement = (Element) assertionDoc.getFirstChild();
+ expectedAssertion = new InputSource(getClass().getResourceAsStream("/wstrust/assertion-expected.xml"));
+ }
+
+ public void testStringConstructor() throws Exception
+ {
+ final SamlCredential samlPrincipal = new SamlCredential(DocumentUtil.getNodeAsString(assertionElement));
+
+ final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
+ XMLAssert.assertXMLEqual(expectedAssertion, actual);
+ }
+
+ public void testElementConstructor() throws Exception
+ {
+ final SamlCredential samlPrincipal = new SamlCredential(assertionElement);
+
+ final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
+ XMLAssert.assertXMLEqual(expectedAssertion, actual);
+ }
+
+ public void testShouldThrowIfStringIsNull()
+ {
+ try
+ {
+ new SamlCredential((String)null);
+ fail("Should not be allowed to create a SamlCredential with a null token string");
+ }
+ catch(final Exception e)
+ {
+ assertTrue(e instanceof IllegalArgumentException);
+ }
+ }
+
+ public void testEqualsContract() throws Exception
+ {
+ final SamlCredential samlPrincipal1 = new SamlCredential(assertionElement);
+ final SamlCredential samlPrincipal2 = new SamlCredential(assertionElement);
+ assertEquals(samlPrincipal1, samlPrincipal2);
+ assertEquals(samlPrincipal1.hashCode(), samlPrincipal2.hashCode());
+ }
+
+}
+
Copied: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth)
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/AbstractSTSLoginModuleTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,130 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.auth;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+import junit.framework.TestCase;
+
+/***
+ * Unit test for {@link AbstractSTSLoginModule}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ */
+public class AbstractSTSLoginModuleTestCase extends TestCase
+{
+ public void testOptionsConfig()
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null);
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
+
+ loginModule.initialize(new Subject(), null, sharedState, options);
+
+ assertTrue(loginModule.isUseOptionsConfig());
+ assertFalse(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+ }
+
+ public void testOptionsConfigWithPasswordStacking() throws Exception
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken());
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
+ options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
+
+ loginModule.initialize(new Subject(), null, sharedState, options);
+
+ assertTrue(loginModule.isUseOptionsConfig());
+ assertTrue(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+
+ loginModule.login();
+
+ assertEquals("user1", loginModule.getSharedUsername());
+ assertEquals("pass1", new String(loginModule.getSharedPassword()));
+ }
+
+ public void testCallback()
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null);
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ TestCallbackHandler callbackHandler = new TestCallbackHandler("Mr.Poon", "rosen");
+
+ loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
+
+ assertFalse(loginModule.isUseOptionsConfig());
+ assertFalse(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+ }
+
+ public void testCallbackWithPasswordStacking() throws Exception
+ {
+ final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken());
+ final Map<String, String> sharedState = new HashMap<String, String>();
+ final Map<String, String> options = Util.allOptions();
+ options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
+ final String username = "Mr.Poon";
+ final String password = "rosen";
+
+ TestCallbackHandler callbackHandler = new TestCallbackHandler(username, password);
+
+ loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
+
+ assertFalse(loginModule.isUseOptionsConfig());
+ assertTrue(loginModule.isUsePasswordStacking());
+ assertFalse(loginModule.isUseFirstPass());
+
+ loginModule.login();
+
+ assertEquals(username, loginModule.getSharedUsername());
+ assertEquals(password, new String(loginModule.getSharedPassword()));
+ }
+
+ class FakeSTSLoginModule extends AbstractSTSLoginModule
+ {
+ private Element token;
+
+ public FakeSTSLoginModule(final Element token)
+ {
+ this.token = token;
+ }
+
+ @Override
+ public Element invokeSTS(STSClient stsclient) throws WSTrustException, LoginException
+ {
+ return token;
+ }
+
+ }
+
+}
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSIssuingLoginModuleTestCase.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSIssuingLoginModuleTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -18,32 +18,26 @@
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
* site: http://www.fsf.org.
*/
-package org.jboss.identity.federation.core.wstrust.auth;
+package org.jboss.identity.federation.api.wstrust.auth;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.api.wstrust.SamlCredential;
import org.jboss.identity.federation.core.wstrust.STSClient;
import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.SamlCredential;
-import org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
import org.w3c.dom.Element;
-import junit.framework.TestCase;
-
/**
* Unit test for {@link STSIssuingLoginModule}
*
@@ -96,7 +90,7 @@
sharedState.put("javax.security.auth.login.password", password.toCharArray());
final Map<String, String> options = allOptions();
- options.put("password-stacking", "useFirstPass");
+ options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "useFirstPass");
loginModule.initialize(subject, null, sharedState, options);
@@ -113,29 +107,6 @@
return options;
}
- private class TestCallbackHandler implements CallbackHandler
- {
- private final String username;
- private final String password;
-
- public TestCallbackHandler(final String username, final String password)
- {
- this.username = username;
- this.password = password;
- }
-
- public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for (Callback callback : callbacks)
- {
- if (callback instanceof NameCallback)
- ((NameCallback)callback).setName(username);
- if (callback instanceof PasswordCallback)
- ((PasswordCallback)callback).setPassword(password.toCharArray());
- }
- }
- }
-
private class FakeSTSIssuingLoginModule extends STSIssuingLoginModule
{
private STSClient client;
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/STSValidatingLoginModuleTestCase.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/STSValidatingLoginModuleTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -18,7 +18,7 @@
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
* site: http://www.fsf.org.
*/
-package org.jboss.identity.federation.core.wstrust.auth;
+package org.jboss.identity.federation.api.wstrust.auth;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
@@ -37,10 +37,7 @@
import org.jboss.identity.federation.core.wstrust.STSClient;
import org.jboss.identity.federation.core.wstrust.STSClientConfig;
-import org.jboss.identity.federation.core.wstrust.SamlCredential;
-import org.jboss.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
-import org.jboss.identity.federation.core.wstrust.auth.STSValidatingLoginModule;
-import org.jboss.identity.federation.core.wstrust.auth.TokenCallback;
+import org.jboss.identity.federation.api.wstrust.SamlCredential;
import org.w3c.dom.Element;
import junit.framework.TestCase;
@@ -68,7 +65,7 @@
final CallbackHandler callbackHandler = new TestCallbackHandler(Util.createSamlToken());
final Subject subject = new Subject();
- loginModule.initialize(subject, callbackHandler, null, Util.allOptions());
+ loginModule.initialize(subject, callbackHandler, null, getAllOptions());
// Simulate Phase 1
assertTrue(loginModule.login());
@@ -88,7 +85,7 @@
final STSValidatingLoginModule loginModule = new FakeSTSValidatingLoginModule(stsClient);
final CallbackHandler callbackHandler = new TestCallbackHandler(Util.createSamlToken());
- loginModule.initialize(new Subject(), callbackHandler, null, Util.allOptions());
+ loginModule.initialize(new Subject(), callbackHandler, null, getAllOptions());
try
{
@@ -114,7 +111,7 @@
final Map<String, Object> sharedState = new HashMap<String, Object>();
- loginModule.initialize(subject, null, sharedState, Util.allOptions());
+ loginModule.initialize(subject, null, sharedState, getAllOptions());
// Simlulate that a previous LM stored a security token in the shared state.
loginModule.setSharedToken(token);
@@ -128,6 +125,13 @@
assertEquals(1, samlCredentials.size());
}
+ private Map<String, String> getAllOptions()
+ {
+ Map<String, String> options = Util.allOptions();
+ options.put("useOptionsCredentials", "true");
+ return options;
+ }
+
private class TestCallbackHandler implements CallbackHandler
{
private final Object token;
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/TestCallbackHandler.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * Simple callback handler for unit tests.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class TestCallbackHandler implements CallbackHandler
+{
+ private final String username;
+ private final String password;
+
+ public TestCallbackHandler(final String username, final String password)
+ {
+ this.username = username;
+ this.password = password;
+ }
+
+ public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
+ {
+ for (Callback callback : callbacks)
+ {
+ if (callback instanceof NameCallback)
+ ((NameCallback) callback).setName(username);
+ if (callback instanceof PasswordCallback)
+ ((PasswordCallback) callback).setPassword(password.toCharArray());
+ }
+ }
+}
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/auth/Util.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/identity/federation/api/wstrust/auth/Util.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -18,7 +18,7 @@
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
* site: http://www.fsf.org.
*/
-package org.jboss.identity.federation.core.wstrust.auth;
+package org.jboss.identity.federation.api.wstrust.auth;
import java.util.HashMap;
import java.util.Map;
Copied: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion-expected.xml 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,30 @@
+<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
+ <Issuer>JBossSTS</Issuer>
+ <Subject>
+ <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ </Subject>
+ <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
+ </dsig:Modulus>
+ <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Assertion>
Copied: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml)
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/assertion.xml 2009-11-01 18:30:07 UTC (rev 897)
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
+ <Issuer>JBossSTS</Issuer>
+ <Subject>
+ <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ </Subject>
+ <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
+ <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
+ </dsig:Modulus>
+ <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
+ </dsig:RSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Assertion>
Copied: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/auth (from rev 896, identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/auth)
Modified: identity-federation/trunk/jboss-identity-fed-core/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-11-01 18:30:07 UTC (rev 897)
@@ -114,12 +114,6 @@
<version>2.2.14.GA</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>xmlunit</groupId>
- <artifactId>xmlunit</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
</dependencies>
<reporting>
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SamlCredential.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,175 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.io.StringWriter;
-
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.util.StringUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-/**
- * Credential that wraps a SAML Assertion.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public final class SamlCredential implements Serializable
-{
- private static final long serialVersionUID = -8496414959425288835L;
-
- private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
-
- private String assertion;
-
- public SamlCredential(final Element assertion)
- {
- if (assertion == null)
- throw new IllegalArgumentException("assertion Element must not be null");
-
- this.assertion = SamlCredential.assertionToString(assertion);
- }
-
- public SamlCredential(final String assertion)
- {
- if (StringUtil.isNullOrEmpty(assertion))
- throw new IllegalArgumentException("assertion String must not be null or empty");
-
- this.assertion = assertion;
- }
-
- public String getAssertionAsString()
- {
- return assertion;
- }
-
- public Element getAssertionAsElement() throws ProcessingException
- {
- try
- {
- return SamlCredential.assertionToElement(assertion);
- }
- catch (final ConfigurationException e)
- {
- throw new ProcessingException(e.getMessage(), e);
- }
- catch (final ParsingException e)
- {
- throw new ProcessingException(e.getMessage(), e);
- }
- catch (final ParserConfigurationException e)
- {
- throw new ProcessingException(e.getMessage(), e);
- }
- catch (final SAXException e)
- {
- throw new ProcessingException(e.getMessage(), e);
- }
- catch (final IOException e)
- {
- throw new ProcessingException(e.getMessage(), e);
- }
- }
-
- @Override
- public boolean equals(final Object obj)
- {
- if (this == obj)
- return true;
-
- if (!(obj instanceof SamlCredential))
- return false;
-
- final SamlCredential that = (SamlCredential) obj;
- return this.assertion.equals(that.assertion);
- }
-
- @Override
- public int hashCode()
- {
- int result = 17;
- result = 31 * result + assertion.hashCode();
- return result;
- }
-
- @Override
- public String toString()
- {
- return "SamlCredential[" + assertion + "]";
- }
-
- public static Element assertionToElement(final String assertion) throws ParserConfigurationException, SAXException, IOException, ConfigurationException, ParsingException, ProcessingException
- {
- final Document document = DocumentUtil.getDocument(assertion);
- return (Element) document.getFirstChild();
- }
-
- public static String assertionToString(final Element assertion)
- {
- if (assertion == null)
- throw new IllegalArgumentException("assertion Element must not be null");
-
- try
- {
- final Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-
- final Source source = new DOMSource(assertion);
- final StringWriter writer = new StringWriter();
- final Result result = new StreamResult(writer);
-
- transformer.transform(source, result);
-
- return writer.toString();
- }
- catch (final TransformerConfigurationException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- catch (final TransformerFactoryConfigurationError e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- catch (final TransformerException e)
- {
- throw new IllegalStateException(e.getMessage(), e);
- }
- }
-}
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/SamlCredentialTestCase.java 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,93 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.io.StringReader;
-
-import junit.framework.TestCase;
-
-import org.custommonkey.xmlunit.XMLAssert;
-import org.custommonkey.xmlunit.XMLUnit;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.xml.sax.InputSource;
-
-/**
- * Unit test for {@link SamlCredential}.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a>
- *
- */
-public class SamlCredentialTestCase extends TestCase
-{
- private Element assertionElement;
- private InputSource expectedAssertion;
-
- public void setUp() throws Exception
- {
- XMLUnit.setIgnoreWhitespace(true);
- final Document assertionDoc = DocumentUtil.getDocument(getClass().getResourceAsStream("/wstrust/assertion.xml"));
- assertionElement = (Element) assertionDoc.getFirstChild();
- expectedAssertion = new InputSource(getClass().getResourceAsStream("/wstrust/assertion-expected.xml"));
- }
-
- public void testStringConstructor() throws Exception
- {
- final SamlCredential samlPrincipal = new SamlCredential(DocumentUtil.getNodeAsString(assertionElement));
-
- final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
-
- XMLAssert.assertXMLEqual(expectedAssertion, actual);
- }
-
- public void testElementConstructor() throws Exception
- {
- final SamlCredential samlPrincipal = new SamlCredential(assertionElement);
-
- final InputSource actual = new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
-
- XMLAssert.assertXMLEqual(expectedAssertion, actual);
- }
-
- public void testShouldThrowIfStringIsNull()
- {
- try
- {
- new SamlCredential((String)null);
- fail("Should not be allowed to create a SamlCredential with a null token string");
- }
- catch(final Exception e)
- {
- assertTrue(e instanceof IllegalArgumentException);
- }
- }
-
- public void testEqualsContract() throws Exception
- {
- final SamlCredential samlPrincipal1 = new SamlCredential(assertionElement);
- final SamlCredential samlPrincipal2 = new SamlCredential(assertionElement);
- assertEquals(samlPrincipal1, samlPrincipal2);
- assertEquals(samlPrincipal1.hashCode(), samlPrincipal2.hashCode());
- }
-
-}
-
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion-expected.xml 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,30 +0,0 @@
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
- <Issuer>JBossSTS</Issuer>
- <Subject>
- <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
- </Subject>
- <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
- <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
- </dsig:Modulus>
- <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- </dsig:KeyInfo>
- </dsig:Signature>
-</Assertion>
Deleted: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml 2009-10-31 00:43:07 UTC (rev 896)
+++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/assertion.xml 2009-11-01 18:30:07 UTC (rev 897)
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_74414f7f-1339-4f80-b29a-c947d9177445" IssueInstant="2009-09-10T13:49:30.422Z" Version="2.0">
- <Issuer>JBossSTS</Issuer>
- <Subject>
- <NameID NameQualifier="urn:jboss:identity-federation">beve</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
- </Subject>
- <Conditions NotBefore="2009-09-10T13:49:30.422Z" NotOnOrAfter="2009-09-10T15:49:30.422Z"/>
- <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:Reference URI="#ID_74414f7f-1339-4f80-b29a-c947d9177445" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
- <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">so9bv09wxSnauPiq6iC2zs6ubrQ=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>Lf4DYODLtVxSVmd23HJzHTy61ZYDnpaJRTVbRLR2i2zU7v9mskYCVbXY8gm5PYY2V+iYvi+dJ3QlWP9dQu+DHK9rVJSGxSmzfPjrnMC84HH9j2BZBEdKVCpNCAFJQRL+E1jlRB194sjCiuxoMnlR927uMiNcHJRoBSi03kP5tOw=</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Modulus xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=
- </dsig:Modulus>
- <dsig:Exponent xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- </dsig:KeyInfo>
- </dsig:Signature>
-</Assertion>
16 years, 6 months
- 1
- 0