September 2009 - jboss-identity-commits

JBoss Identity SVN: r791 - in identity-federation/trunk: assembly and 27 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-14 18:52:59 -0400 (Mon, 14 Sep 2009) New Revision: 791 Modified: identity-federation/trunk/assembly/pom.xml identity-federation/trunk/jboss-identity-bindings-jboss/pom.xml identity-federation/trunk/jboss-identity-bindings/pom.xml identity-federation/trunk/jboss-identity-fed-api/pom.xml identity-federation/trunk/jboss-identity-fed-core/pom.xml identity-federation/trunk/jboss-identity-fed-model/pom.xml identity-federation/trunk/jboss-identity-seam/pom.xml identity-federation/trunk/jboss-identity-web/pom.xml identity-federation/trunk/jboss-identity-webapps/circleoftrust/pom.xml identity-federation/trunk/jboss-identity-webapps/employee/pom.xml identity-federation/trunk/jboss-identity-webapps/fed-example/pom.xml identity-federation/trunk/jboss-identity-webapps/idp-sig-no-val/pom.xml identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml identity-federation/trunk/jboss-identity-webapps/idp/pom.xml identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml identity-federation/trunk/jboss-identity-webapps/metadata/pom.xml identity-federation/trunk/jboss-identity-webapps/openid-consumer/pom.xml identity-federation/trunk/jboss-identity-webapps/openid-provider/pom.xml identity-federation/trunk/jboss-identity-webapps/pdp/pom.xml identity-federation/trunk/jboss-identity-webapps/pom.xml identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml identity-federation/trunk/jboss-identity-webapps/sales-sig/pom.xml identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml identity-federation/trunk/jboss-identity-webapps/sales/pom.xml identity-federation/trunk/jboss-identity-webapps/seam-sp/pom.xml identity-federation/trunk/jboss-identity-xmlsec-model/pom.xml identity-federation/trunk/parent/pom.xml identity-federation/trunk/pom.xml Log: [maven-release-plugin] prepare release 1.0.0.beta2 Modified: identity-federation/trunk/assembly/pom.xml =================================================================== --- identity-federation/trunk/assembly/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/assembly/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-bindings/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-bindings/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-bindings/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-bindings-jboss/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-bindings-jboss/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-bindings-jboss/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-fed-api/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-fed-core/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-fed-model/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-model/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-fed-model/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-seam/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-seam/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-seam/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -3,7 +3,7 @@ <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent </artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-web/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-web/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-web/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-webapps/circleoftrust/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/circleoftrust/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/circleoftrust/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,13 +2,13 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>circleoftrust</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <packaging>war</packaging> <name>JBoss Identity Federation Circle Of Trust</name> <url>http://labs.jboss.org/portal/jbosssecurity/</url> Modified: identity-federation/trunk/jboss-identity-webapps/employee/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/employee/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/employee/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/fed-example/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/fed-example/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/fed-example/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -3,7 +3,7 @@ <parent> <artifactId>jboss-identity-federation-webapps</artifactId> <groupId>org.jboss.identity</groupId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> </parent> <groupId>org.jboss.identity</groupId> <artifactId>fed-example</artifactId> Modified: identity-federation/trunk/jboss-identity-webapps/idp/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/idp/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/idp/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/idp-sig-no-val/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/idp-sig-no-val/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/idp-sig-no-val/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/metadata/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/metadata/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/metadata/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/openid-consumer/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/openid-consumer/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/openid-consumer/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/openid-provider/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/openid-provider/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/openid-provider/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/pdp/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/pdp/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/pdp/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/jboss-identity-webapps/sales/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/sales/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/sales/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/sales-sig/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/sales-sig/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/sales-sig/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> Modified: identity-federation/trunk/jboss-identity-webapps/seam-sp/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-webapps/seam-sp/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-webapps/seam-sp/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-federation-webapps</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../</relativePath> </parent> <modelVersion>4.0.0</modelVersion> @@ -14,19 +14,19 @@ <dependency> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-model</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-api</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-bindings</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <scope>provided</scope> </dependency> </dependencies> Modified: identity-federation/trunk/jboss-identity-xmlsec-model/pom.xml =================================================================== --- identity-federation/trunk/jboss-identity-xmlsec-model/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/jboss-identity-xmlsec-model/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: identity-federation/trunk/parent/pom.xml =================================================================== --- identity-federation/trunk/parent/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/parent/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -8,7 +8,7 @@ <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> <packaging>pom</packaging> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <name>JBoss Identity Federation- Parent</name> <url>http://labs.jboss.org/portal/jbosssecurity/</url> <description>JBoss Identity is a cross-cutting project that handles identity needs for the JEMS projects</description> @@ -23,8 +23,8 @@ <url>http://www.jboss.org</url> </organization> <scm> - <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossidentity/identity-federation/...</connection> - <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossidentity/identity-federation/tag...</developerConnection> + <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossidentity/identity-federation/...</connection> + <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossidentity/identity-federation/tag...</developerConnection> </scm> <build> Modified: identity-federation/trunk/pom.xml =================================================================== --- identity-federation/trunk/pom.xml 2009-09-14 22:48:59 UTC (rev 790) +++ identity-federation/trunk/pom.xml 2009-09-14 22:52:59 UTC (rev 791) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity</groupId> <artifactId>jboss-identity-fed-parent</artifactId> - <version>1.0.0.beta1-SNAPSHOT</version> + <version>1.0.0.beta2</version> <relativePath>parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion>

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r790 - in identity-federation/trunk: jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util and 2 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-14 18:48:59 -0400 (Mon, 14 Sep 2009) New Revision: 790 Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java Log: JBID-152: x500 attrib support Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-09-14 20:32:37 UTC (rev 789) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-09-14 22:48:59 UTC (rev 790) @@ -33,6 +33,7 @@ import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.core.saml.v2.common.StatementLocal; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil; @@ -112,6 +113,9 @@ String userName = nameID.getValue(); List<String> roles = new ArrayList<String>(); + //Set it on a thread local for JBID integrators + StatementLocal.statements.set(assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement()); + //Let us get the roles AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0); List<Object> attList = attributeStatement.getAttributeOrEncryptedAttribute(); Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java 2009-09-14 20:32:37 UTC (rev 789) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java 2009-09-14 22:48:59 UTC (rev 790) @@ -21,8 +21,6 @@ */ package org.jboss.identity.federation.core.saml.v2.util; -import java.util.ArrayList; -import java.util.List; import java.util.Map; import java.util.Set; @@ -35,7 +33,6 @@ import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.assertion.AttributeType; import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; -import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType; /** * Deals with SAML2 Statements @@ -49,10 +46,14 @@ private static ObjectFactory factory = new ObjectFactory(); - public static List<StatementAbstractType> createStatements(Map<String,Object> attributes) + /** + * Create an attribute statement with all the attributes + * @param attributes a map with keys from {@link AttributeConstants} + * @return + */ + public static AttributeStatementType createAttributeStatement(Map<String,Object> attributes) { - AttributeStatementType attrStatement = null; - List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>(); + AttributeStatementType attrStatement = null; int i = 0; @@ -92,8 +93,7 @@ att.getAttributeValue().add(value); attrStatement.getAttributeOrEncryptedAttribute().add(att); } - statements.add(attrStatement); - return statements; + return attrStatement; } private static AttributeType getX500Attribute() Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2009-09-14 20:32:37 UTC (rev 789) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2009-09-14 22:48:59 UTC (rev 790) @@ -23,12 +23,13 @@ import java.io.ByteArrayOutputStream; import java.util.HashMap; -import java.util.List; import java.util.Map; import javax.xml.bind.JAXBElement; import javax.xml.bind.Marshaller; +import junit.framework.TestCase; + import org.jboss.identity.federation.core.constants.AttributeConstants; import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; @@ -40,15 +41,13 @@ import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.core.saml.v2.util.StatementUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; -import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import junit.framework.TestCase; - /** * Unit test the X500 Profile of SAML2 * @author Anil.Saldhana(a)redhat.com @@ -62,8 +61,7 @@ attributes.put(AttributeConstants.EMAIL_ADDRESS, "test@a"); attributes.put(AttributeConstants.GIVEN_NAME, "anil"); - List<StatementAbstractType> - statementList = StatementUtil.createStatements(attributes); + AttributeStatementType attrStat = StatementUtil.createAttributeStatement(attributes); IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://idp"); issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get()); @@ -76,7 +74,7 @@ assertNotNull(rt); AssertionType assertion = (AssertionType) rt.getAssertionOrEncryptedAssertion().get(0); - assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(statementList); + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStat); ByteArrayOutputStream baos = new ByteArrayOutputStream(); Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-14 20:32:37 UTC (rev 789) +++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-14 22:48:59 UTC (rev 790) @@ -46,10 +46,9 @@ import org.jboss.identity.federation.core.config.IDPType; import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.core.exceptions.ConfigurationException; -import org.jboss.identity.federation.core.exceptions.ParsingException; -import org.jboss.identity.federation.core.interfaces.AttributeManager; -import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; -import org.jboss.identity.federation.core.saml.v2.common.StatementLocal; +import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.interfaces.AttributeManager; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; @@ -57,13 +56,12 @@ import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder; -import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.saml.v2.util.StatementUtil; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.saml.v2.util.StatementUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; -import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; -import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.jboss.identity.federation.web.interfaces.TrustKeyManager; import org.w3c.dom.Document; import org.xml.sax.SAXException; @@ -181,11 +179,8 @@ { Map<String, Object> attribs = attributeManager.getAttributes(userPrincipal, this.attribKeys); - List<StatementAbstractType> stats = StatementUtil.createStatements(attribs); - assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(stats); - - //Set it on a thread local for JBID integrators - StatementLocal.statements.set(stats); + AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attribs); + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attStatement); } catch(Exception e) {

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r789 - in identity-federation/trunk: jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util and 1 other directory.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-14 16:32:37 -0400 (Mon, 14 Sep 2009) New Revision: 789 Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/StatementLocal.java Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java Log: JBID-152: threadlocal support to hold statements Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/StatementLocal.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/StatementLocal.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/StatementLocal.java 2009-09-14 20:32:37 UTC (rev 789) @@ -0,0 +1,38 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.common; + +import java.util.List; + +import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType; + +/** + * Thread Local holding the statements + * returned by IDP + * @author Anil.Saldhana(a)redhat.com + * @since Sep 14, 2009 + */ +public class StatementLocal +{ + public static ThreadLocal<List<StatementAbstractType>> statements + = new InheritableThreadLocal<List<StatementAbstractType>>(); +} \ No newline at end of file Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-14 20:24:52 UTC (rev 788) +++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-14 20:32:37 UTC (rev 789) @@ -49,6 +49,7 @@ import org.jboss.identity.federation.core.exceptions.ParsingException; import org.jboss.identity.federation.core.interfaces.AttributeManager; import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.core.saml.v2.common.StatementLocal; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; @@ -182,6 +183,9 @@ attributeManager.getAttributes(userPrincipal, this.attribKeys); List<StatementAbstractType> stats = StatementUtil.createStatements(attribs); assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(stats); + + //Set it on a thread local for JBID integrators + StatementLocal.statements.set(stats); } catch(Exception e) {

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r788 - in identity-federation/trunk/jboss-identity-fed-core/src: main/java/org/jboss/identity/federation/core/saml/v2/util and 1 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-14 16:24:52 -0400 (Mon, 14 Sep 2009) New Revision: 788 Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/X500SAMLProfileConstants.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java Log: JBID-152: x500 attrib support Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2009-09-12 11:19:54 UTC (rev 787) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2009-09-14 20:24:52 UTC (rev 788) @@ -98,6 +98,7 @@ TRANSFORM_C14N_EXCL_OMIT_COMMENTS("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"), + X500_NSURI("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"), XMLSCHEMA_NSURI("http://www.w3.org/2001/XMLSchema"), XMLDSIG_NSURI("http://www.w3.org/2000/09/xmldsig#"), XMLENC_NSURI("http://www.w3.org/2001/04/xmlenc#"); Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/X500SAMLProfileConstants.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/X500SAMLProfileConstants.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/X500SAMLProfileConstants.java 2009-09-14 20:24:52 UTC (rev 788) @@ -0,0 +1,56 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.constants; + +/** + * @author Anil.Saldhana(a)redhat.com + * @since Sep 11, 2009 + */ +public enum X500SAMLProfileConstants +{ + + CN("commonName", "urn:oid:2.5.4.3"), + GIVENNAME("givenName","urn:oid:2.5.4.42"), + EMAIL_ADDRESS("mail", "urn:oid:0.9.2342.19200300.100.1.3"), + EMPLOYEE_NUMBER("mail", "urn:oid:2.16.840.1.113730.3.1.3"), + SN("surname", "urn:oid:2.5.4.4"), + TELEPHONE("telephoneNumber", "urn:oid:2.5.4.20"); + + private String friendlyName = null; + private String uri = null; + + private X500SAMLProfileConstants(String friendlyName, + String uristr) + { + this.uri = uristr; + } + + public String get() + { + return this.uri; + } + + public String getFriendlyName() + { + return friendlyName; + } +} \ No newline at end of file Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java 2009-09-12 11:19:54 UTC (rev 787) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/StatementUtil.java 2009-09-14 20:24:52 UTC (rev 788) @@ -26,8 +26,11 @@ import java.util.Map; import java.util.Set; +import javax.xml.namespace.QName; + import org.jboss.identity.federation.core.constants.AttributeConstants; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.jboss.identity.federation.core.saml.v2.constants.X500SAMLProfileConstants; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.assertion.AttributeType; @@ -41,29 +44,64 @@ */ public class StatementUtil { + public static final QName X500_QNAME = new QName(JBossSAMLURIConstants.X500_NSURI.get(), + "Encoding"); + private static ObjectFactory factory = new ObjectFactory(); public static List<StatementAbstractType> createStatements(Map<String,Object> attributes) { + AttributeStatementType attrStatement = null; List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>(); + int i = 0; + Set<String> keys = attributes.keySet(); for(String key: keys) { + if(i == 0) + { + //Deal with the X500 Profile of SAML2 + attrStatement = JBossSAMLBaseFactory.createAttributeStatement(); + i++; + } + AttributeType att = getX500Attribute(); + Object value = attributes.get(key); if(AttributeConstants.EMAIL_ADDRESS.equals(key)) - { - AttributeStatementType attrStatement = JBossSAMLBaseFactory.createAttributeStatement(); - AttributeType att = factory.createAttributeType(); - att.setNameFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get()); - - //rolename - att.getAttributeValue().add(value); - attrStatement.getAttributeOrEncryptedAttribute().add(att); - statements.add(attrStatement); + { + att.setFriendlyName(X500SAMLProfileConstants.EMAIL_ADDRESS.getFriendlyName()); + att.setName(X500SAMLProfileConstants.EMAIL_ADDRESS.get()); } + else if(AttributeConstants.EMPLOYEE_NUMBER.equals(key)) + { + att.setFriendlyName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.getFriendlyName()); + att.setName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.get()); + } + else if(AttributeConstants.GIVEN_NAME.equals(key)) + { + att.setFriendlyName(X500SAMLProfileConstants.GIVENNAME.getFriendlyName()); + att.setName(X500SAMLProfileConstants.GIVENNAME.get()); + } + else if(AttributeConstants.TELEPHONE.equals(key)) + { + att.setFriendlyName(X500SAMLProfileConstants.TELEPHONE.getFriendlyName()); + att.setName(X500SAMLProfileConstants.TELEPHONE.get()); + } + att.getAttributeValue().add(value); + attrStatement.getAttributeOrEncryptedAttribute().add(att); } + statements.add(attrStatement); return statements; } + + private static AttributeType getX500Attribute() + { + AttributeType att = factory.createAttributeType(); + att.getOtherAttributes().put(X500_QNAME, "LDAP"); + + att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get()); + return att; + } } \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2009-09-14 20:24:52 UTC (rev 788) @@ -0,0 +1,108 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.saml.v2; + +import java.io.ByteArrayOutputStream; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Marshaller; + +import org.jboss.identity.federation.core.constants.AttributeConstants; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; +import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory; +import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; +import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; +import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.saml.v2.util.StatementUtil; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import junit.framework.TestCase; + +/** + * Unit test the X500 Profile of SAML2 + * @author Anil.Saldhana(a)redhat.com + * @since Sep 14, 2009 + */ +public class X500AttributeUnitTestCase extends TestCase +{ + public void testX500Marshalling() throws Exception + { + Map<String,Object> attributes = new HashMap<String, Object>(); + attributes.put(AttributeConstants.EMAIL_ADDRESS, "test@a"); + attributes.put(AttributeConstants.GIVEN_NAME, "anil"); + + List<StatementAbstractType> + statementList = StatementUtil.createStatements(attributes); + + IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://idp"); + issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get()); + + IDPInfoHolder idp = new IDPInfoHolder(); + idp.setNameIDFormatValue(IDGenerator.create()); + + ResponseType rt = JBossSAMLAuthnResponseFactory.createResponseType("response111", + new SPInfoHolder(), idp, issuerHolder); + assertNotNull(rt); + + AssertionType assertion = (AssertionType) rt.getAssertionOrEncryptedAssertion().get(0); + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(statementList); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + + Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller(false); + JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(rt); + marshaller.marshal(jaxb, baos); + //marshaller.marshal(jaxb, System.out); + + Document samlDom = DocumentUtil.getDocument(new String(baos.toByteArray())); + NodeList nl = samlDom.getElementsByTagName("Attribute"); + assertEquals("nodes = 2", 2, nl.getLength()); + + String x500NS = JBossSAMLURIConstants.X500_NSURI.get(); + String encodingLocalName = "Encoding"; + + Element attrib = (Element) nl.item(0); + assertTrue("Has ldap encoding?", attrib.hasAttributeNS( x500NS, encodingLocalName)); + assertEquals("LDAP", + attrib.getAttributeNodeNS(x500NS, encodingLocalName).getNodeValue()); + + NodeList nla = + attrib.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get(), + "AttributeValue"); + + Node attribNode = nla.item(0); + String nodeValue = attribNode.getTextContent(); + assertTrue(nodeValue.equals("test@a") || nodeValue.equals("anil")); + } +} \ No newline at end of file

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r787 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-12 07:19:54 -0400 (Sat, 12 Sep 2009) New Revision: 787 Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java Log: add a constant Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2009-09-11 22:04:51 UTC (rev 786) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2009-09-12 11:19:54 UTC (rev 787) @@ -40,6 +40,7 @@ ASSERTION_NSURI("urn:oasis:names:tc:SAML:2.0:assertion"), ATTRIBUTE_FORMAT_BASIC("urn:oasis:names:tc:SAML:2.0:attrname-format:basic"), + ATTRIBUTE_FORMAT_URI("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), METADATA_HTTP_REDIRECT_BINDING("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"),

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r786 - identity-federation/trunk/jboss-identity-bindings-jboss/src/main/java/org/jboss/identity/federation/bindings/jboss/attribute.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-11 18:04:51 -0400 (Fri, 11 Sep 2009) New Revision: 786 Modified: identity-federation/trunk/jboss-identity-bindings-jboss/src/main/java/org/jboss/identity/federation/bindings/jboss/attribute/JBossAppServerAttributeManager.java Log: add a trace Modified: identity-federation/trunk/jboss-identity-bindings-jboss/src/main/java/org/jboss/identity/federation/bindings/jboss/attribute/JBossAppServerAttributeManager.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings-jboss/src/main/java/org/jboss/identity/federation/bindings/jboss/attribute/JBossAppServerAttributeManager.java 2009-09-11 18:49:41 UTC (rev 785) +++ identity-federation/trunk/jboss-identity-bindings-jboss/src/main/java/org/jboss/identity/federation/bindings/jboss/attribute/JBossAppServerAttributeManager.java 2009-09-11 22:04:51 UTC (rev 786) @@ -99,6 +99,9 @@ } } + if(trace && attributeMap != null) + log.trace("Final attribute map size:" + attributeMap.size()); + return attributeMap; } } \ No newline at end of file

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r785 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp and 1 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-09-11 14:49:41 -0400 (Fri, 11 Sep 2009) New Revision: 785 Added: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java Log: JBID-152: phase2 commits Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-09-11 18:38:51 UTC (rev 784) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-09-11 18:49:41 UTC (rev 785) @@ -26,7 +26,10 @@ import java.security.GeneralSecurityException; import java.security.Principal; import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; +import java.util.StringTokenizer; import javax.servlet.ServletException; import javax.servlet.http.HttpServletResponse; @@ -44,6 +47,8 @@ import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.impl.DelegatedAttributeManager; +import org.jboss.identity.federation.core.interfaces.AttributeManager; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; @@ -54,7 +59,7 @@ import org.jboss.identity.federation.web.interfaces.RoleGenerator; import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException; import org.jboss.identity.federation.web.interfaces.TrustKeyManager; -import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException; +import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException; import org.jboss.identity.federation.web.util.ConfigurationUtil; import org.jboss.identity.federation.web.util.IDPWebRequestUtil; import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil; @@ -88,6 +93,23 @@ private Boolean signOutgoingMessages = true; + private transient DelegatedAttributeManager attribManager = new DelegatedAttributeManager(); + private List<String> attributeKeys = new ArrayList<String>(); + + //Set a list of attributes we are interested in separated by comma + public void setAttributeList(String attribList) + { + if(attribList != null && !"".equals(attribList)) + { + this.attributeKeys.clear(); + StringTokenizer st = new StringTokenizer(attribList,","); + while(st != null && st.hasMoreTokens()) + { + this.attributeKeys.add(st.nextToken()); + } + } + } + public Boolean getIgnoreIncomingSignatures() { return ignoreIncomingSignatures; @@ -166,6 +188,8 @@ IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager); + webRequestUtil.setAttributeManager(this.attribManager); + webRequestUtil.setAttributeKeys(attributeKeys); Document samlErrorResponse = null; //Look for unauthorized status @@ -484,6 +508,14 @@ this.identityURL = idpConfiguration.getIdentityURL(); if(trace) log.trace("Identity Provider URL=" + this.identityURL); this.assertionValidity = idpConfiguration.getAssertionValidity(); + //Get the attribute manager + String attributeManager = idpConfiguration.getAttributeManager(); + if(attributeManager != null && !"".equals(attributeManager)) + { + ClassLoader tcl = SecurityActions.getContextClassLoader(); + AttributeManager delegate = (AttributeManager) tcl.loadClass(attributeManager).newInstance(); + this.attribManager.setDelegate(delegate); + } } catch (Exception e) { @@ -515,6 +547,14 @@ } if(trace) log.trace("Key Provider=" + keyProvider.getClassName()); } + + //Add some keys to the attibutes + String[] ak = new String[] {"mail","cn","commonname","givenname", + "surname","employeeType", + "employeeNumber", + "facsimileTelephoneNumber"}; + + this.attributeKeys.addAll(Arrays.asList(ak)); } Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-11 18:38:51 UTC (rev 784) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-11 18:49:41 UTC (rev 785) @@ -55,6 +55,7 @@ import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.jboss.identity.federation.web.util.PostBindingUtil; +import org.jboss.identity.federation.web.util.ServerDetector; import org.xml.sax.SAXException; /** @@ -69,10 +70,13 @@ { private static Logger log = Logger.getLogger(SPPostFormAuthenticator.class); private boolean trace = log.isTraceEnabled(); + private boolean jbossEnv = false; public SPPostFormAuthenticator() { super(); + ServerDetector detector = new ServerDetector(); + jbossEnv = detector.isJboss(); } @Override @@ -107,7 +111,7 @@ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD; //Map to JBoss specific principal - if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS")) + if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS") || jbossEnv) { GenericPrincipal gp = (GenericPrincipal) principal; //Push a context Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-09-11 18:38:51 UTC (rev 784) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-09-11 18:49:41 UTC (rev 785) @@ -48,6 +48,7 @@ import org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext; import org.jboss.identity.federation.web.util.HTTPRedirectUtil; import org.jboss.identity.federation.web.util.RedirectBindingUtil; +import org.jboss.identity.federation.web.util.ServerDetector; import org.jboss.identity.federation.bindings.util.ValveUtil; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; @@ -70,10 +71,14 @@ { private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class); private boolean trace = log.isTraceEnabled(); + + private boolean jbossEnv = false; public SPRedirectFormAuthenticator() { - super(); + super(); + ServerDetector detector = new ServerDetector(); + jbossEnv = detector.isJboss(); } @Override @@ -107,7 +112,7 @@ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD; //Map to JBoss specific principal - if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS")) + if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS") || jbossEnv) { GenericPrincipal gp = (GenericPrincipal) principal; //Push a context Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-11 18:38:51 UTC (rev 784) +++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-11 18:49:41 UTC (rev 785) @@ -176,10 +176,17 @@ //Add in the attributes information if(this.attributeManager != null) { - Map<String, Object> attribs = - attributeManager.getAttributes(userPrincipal, this.attribKeys); - List<StatementAbstractType> stats = StatementUtil.createStatements(attribs); - assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(stats); + try + { + Map<String, Object> attribs = + attributeManager.getAttributes(userPrincipal, this.attribKeys); + List<StatementAbstractType> stats = StatementUtil.createStatements(attribs); + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(stats); + } + catch(Exception e) + { + log.error("Exception in generating attributes:",e); + } } //Lets see how the response looks like Added: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java (rev 0) +++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java 2009-09-11 18:49:41 UTC (rev 785) @@ -0,0 +1,84 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.web.util; + +/** + * Utility Class to detect which server + * we are currently operating in + * @author Anil.Saldhana(a)redhat.com + * @since Sep 11, 2009 + */ +public class ServerDetector +{ + private boolean jboss = false; + private boolean tomcat = false; + + public ServerDetector() + { + this.detectServer(); + } + + public boolean isJboss() + { + return jboss; + } + + public boolean isTomcat() + { + return tomcat; + } + + private void detectServer() + { + //Detect JBoss + ClassLoader tcl = SecurityActions.getContextClassLoader(); + + try + { + Class<?> clazz = tcl.loadClass("org.jboss.system.Service"); + if(clazz != null) + { + jboss = true; + return; + } + } + catch(Exception e) + { + //ignore + } + + //Tomcat + try + { + Class<?> clazz = tcl.loadClass("org.apache.cataline.Server"); + if(clazz != null) + { + tomcat = true; + return; + } + } + catch(Exception e) + { + //ignore + } + } +} \ No newline at end of file

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r784 - in authz/trunk/samples/secure-pojo/src: main/java/org/jboss/security/authz/samples/pojo/provisioning and 1 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2009-09-11 14:38:51 -0400 (Fri, 11 Sep 2009) New Revision: 784 Modified: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java Log: bug fix Modified: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java =================================================================== --- authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java 2009-09-10 20:00:09 UTC (rev 783) +++ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java 2009-09-11 18:38:51 UTC (rev 784) @@ -53,21 +53,15 @@ public class SecurityInterceptor implements Interceptor { private static Logger log = Logger.getLogger(SecurityInterceptor.class); - - private PolicyEnforcementPoint enforcer; - + public String getName() { return this.getClass().getName(); } private PolicyEnforcementPoint getEnforcer() - { - if(this.enforcer == null) - { - this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint"); - } - return this.enforcer; + { + return (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint"); } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------ public Object invoke(Invocation invocation) throws Throwable @@ -118,6 +112,7 @@ //Create an EnforcementContext and start the "Enforcement Phase" with the security framework---------------------------------------------------------------------- EnforcementContext context = new EnforcementContext(); + context.setIgnoreCache(true); context.setAttribute("pojo", resource); context.setAttribute("method", action); context.setAttribute("identity", identity); Modified: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java =================================================================== --- authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java 2009-09-10 20:00:09 UTC (rev 783) +++ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java 2009-09-11 18:38:51 UTC (rev 784) @@ -22,13 +22,16 @@ package org.jboss.security.authz.samples.pojo.provisioning; import java.net.URI; +import java.util.Set; +import org.apache.log4j.Logger; import org.jboss.security.authz.bootstrap.ServiceContainer; import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; import org.jboss.security.authz.agent.services.CompositionContext; import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.model.Policy; import org.jboss.security.authz.components.action.Read; import org.jboss.security.authz.components.action.Write; import org.jboss.security.authz.components.resource.URIResource; @@ -45,14 +48,21 @@ */ public class SecurityProvisioning { - private PolicyProvisioner provisioner; - + private static Logger log = Logger.getLogger(SecurityProvisioning.class); + public void bootup() { try { - // Provision Admin Policy - this.provisionAdminPolicy(); + // Provision POJO Policy + this.provisionPOJOPolicy(); + + Set<Policy> policies = this.getProvisioner().readAllPolicies(); + for(Policy policy: policies) + { + log.info("------------------------------------------------------------------------------"); + log.info(policy.generateSystemPolicy()); + } } catch(Exception e) { @@ -60,7 +70,7 @@ } } // ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - private void provisionAdminPolicy() throws Exception + private void provisionPOJOPolicy() throws Exception { // SetUp Resource URIResource resource = new URIResource(); @@ -68,10 +78,13 @@ Read read = new Read(); Roles readRoles = new Roles(); - readRoles.addName("admin"); + readRoles.setMustMatchAll(false); + readRoles.addName("regular"); + readRoles.addName("/blah1/blah2/blah3"); Write write = new Write(); Roles writeRoles = new Roles(); + writeRoles.setMustMatchAll(false); writeRoles.addName("admin"); // Setup the Context for the Composition with these components @@ -82,15 +95,10 @@ // Store the policy into the Policy Server this.getProvisioner().deploy(context); - } + } private PolicyProvisioner getProvisioner() - { - if (this.provisioner == null) - { - this.provisioner = (PolicyProvisioner) ServiceContainer - .lookup("/agent/LocalPolicyProvisioner"); - } - return this.provisioner; + { + return (PolicyProvisioner) ServiceContainer.lookup("/agent/LocalPolicyProvisioner"); } } Modified: authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java =================================================================== --- authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java 2009-09-10 20:00:09 UTC (rev 783) +++ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java 2009-09-11 18:38:51 UTC (rev 784) @@ -1,24 +1,24 @@ /* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ + * JBoss, a division of Red Hat + * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated + * by the @authors tag. See the copyright.txt in the distribution for a + * full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ package org.jboss.security.authz.samples.pojo; import org.apache.log4j.Logger; @@ -35,93 +35,197 @@ public class TestSecurePojo extends TestCase { private static Logger log = Logger.getLogger(TestSecurePojo.class); - + private SecurityProvisioning provisioning; - + public void setUp() throws Exception - { - //Bootstrap the Security Service + { + // Bootstrap the Security Service ServiceContainer.bootstrap(); - - //Bootup the system with the appropriate Policies + + // Bootup the system with the appropriate Policies provisioning = new SecurityProvisioning(); provisioning.bootup(); - - //Start in Anonymous mode....each testcase will select its own authentication scenario + + // Start in Anonymous mode....each testcase will select its own + // authentication scenario AuthenticatedSession.activeSession.set(null); } - - public void testAsAdmin() throws Exception + + public void tearDown() throws Exception { - boolean accessGranted = true; + ServiceContainer.shutdown(); + } + + public void testAsAnonymous() throws Exception + { + boolean readGranted = true; + boolean writeGranted = true; + + Pojo pojo = new Pojo(); + try { - this.loginAsAdmin(); - - Pojo pojo = new Pojo(); - - //Write Action on the Pojo + // Write Action on the Pojo pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!"); - - //Read Action on the Pojo - log.info(pojo.getSensitiveData()); + writeGranted = true; } - catch(Exception iae) + catch (Exception r) { - if(iae instanceof IllegalAccessException) + if (r instanceof IllegalAccessException) { - accessGranted = false; + writeGranted = false; } else { - throw iae; + log.error(this, r); + throw r; } } - finally + + try { - assertTrue("Access Must be Granted!!", accessGranted); + String sensitiveData = pojo.getSensitiveData(); + log.info(sensitiveData); + assertEquals("Data Must Match!!", sensitiveData, + "This is Top Secret Data!!! Protect Me!!"); + readGranted = true; } + catch (Exception r) + { + if (r instanceof IllegalAccessException) + { + readGranted = false; + } + else + { + throw r; + } + } + + assertFalse("Read Access Must *Not* be Granted!!", readGranted); + assertFalse("Write Access Must *Not* be Granted!!", writeGranted); } - - public void testAsAnonymous() throws Exception + + public void testAsUser() throws Exception { - boolean accessGranted = true; + boolean readGranted = false; + boolean writeGranted = true; + + this.loginAsUser(); + Pojo pojo = new Pojo(); + + // Read Action on the Pojo try { - //No need to login......just access straight up - Pojo pojo = new Pojo(); - - //Write Action on the Pojo + String sensitiveData = pojo.getSensitiveData(); + log.info(sensitiveData); + assertNull("Data Must be Null!!", sensitiveData); + readGranted = true; + } + catch (Exception r) + { + if (r instanceof IllegalAccessException) + { + readGranted = false; + } + else + { + throw r; + } + } + + // Write Action on the Pojo + try + { pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!"); - - //Read Action on the Pojo - log.info(pojo.getSensitiveData()); } - catch(Exception iae) + catch (Exception r) { - if(iae instanceof IllegalAccessException) + if (r instanceof IllegalAccessException) { - accessGranted = false; + writeGranted = false; } else { - throw iae; + throw r; } } - finally + + assertTrue("Read Access Must be Granted!!", readGranted); + assertFalse("Write Access Must *Not* be Granted!!", writeGranted); + } + + public void testAsAdmin() throws Exception + { + boolean readGranted = false; + boolean writeGranted = false; + + this.loginAsAdmin(); + Pojo pojo = new Pojo(); + + try { - assertFalse("Access Must Not be Granted!!", accessGranted); + // Write Action on the Pojo + pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!"); + writeGranted = true; } + catch (Exception r) + { + if (r instanceof IllegalAccessException) + { + writeGranted = false; + } + else + { + log.error(this, r); + throw r; + } + } + + try + { + String sensitiveData = pojo.getSensitiveData(); + log.info(sensitiveData); + assertEquals("Data Must Match!!", sensitiveData, + "This is Top Secret Data!!! Protect Me!!"); + readGranted = true; + } + catch (Exception r) + { + if (r instanceof IllegalAccessException) + { + readGranted = false; + } + else + { + throw r; + } + } + + assertTrue("Read Access Must be Granted!!", readGranted); + assertTrue("Write Access Must be Granted!!", writeGranted); } - //--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + + // --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- private void loginAsAdmin() { AuthenticatedSession session = new AuthenticatedSession(); - + session.setUsername("admin"); - session.addRole("Admin"); - session.addRole("/system/admin/badassdude/blah/blah"); - + session.addRole("admin"); + // session.addRole("/system/admin/badassdude/blah/blah"); + AuthenticatedSession.activeSession.set(session); } + + private void loginAsUser() + { + AuthenticatedSession session = new AuthenticatedSession(); + + session.setUsername("user"); + session.addRole("regular"); + + AuthenticatedSession.activeSession.set(session); + } }

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r783 - authz/trunk/samples/secure-pojo.

by jboss-identity-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2009-09-10 16:00:09 -0400 (Thu, 10 Sep 2009) New Revision: 783 Modified: authz/trunk/samples/secure-pojo/ Log: target ignore Property changes on: authz/trunk/samples/secure-pojo ___________________________________________________________________ Name: svn:ignore + target

14 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r782 - in authz/trunk: documentation/reference-guide/en and 23 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2009-09-10 15:17:22 -0400 (Thu, 10 Sep 2009) New Revision: 782 Added: authz/trunk/samples/ authz/trunk/samples/pom.xml authz/trunk/samples/secure-pojo/ authz/trunk/samples/secure-pojo/pom.xml authz/trunk/samples/secure-pojo/src/ authz/trunk/samples/secure-pojo/src/main/ authz/trunk/samples/secure-pojo/src/main/java/ authz/trunk/samples/secure-pojo/src/main/java/org/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/Pojo.java authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java authz/trunk/samples/secure-pojo/src/main/resources/ authz/trunk/samples/secure-pojo/src/main/resources/hibernate.cfg.xml authz/trunk/samples/secure-pojo/src/main/resources/jboss-aop.xml authz/trunk/samples/secure-pojo/src/test/ authz/trunk/samples/secure-pojo/src/test/java/ authz/trunk/samples/secure-pojo/src/test/java/org/ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java authz/trunk/samples/secure-pojo/src/test/resources/ authz/trunk/samples/secure-pojo/src/test/resources/log4j.properties Modified: authz/trunk/.classpath authz/trunk/documentation/reference-guide/en/master.xml authz/trunk/pom.xml Log: sample used to illustrate the development process in the reference doc Modified: authz/trunk/.classpath =================================================================== --- authz/trunk/.classpath 2009-09-10 18:42:17 UTC (rev 781) +++ authz/trunk/.classpath 2009-09-10 19:17:22 UTC (rev 782) @@ -26,6 +26,8 @@ <classpathentry kind="src" path="portal-profile/src/test/java"/> <classpathentry kind="src" path="portal-profile/src/test/resources"/> <classpathentry kind="src" path="documentation/reference-guide/en/modules"/> + <classpathentry kind="src" path="samples/secure-pojo/src/main/java"/> + <classpathentry kind="src" path="samples/secure-pojo/src/test/java"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/> <classpathentry kind="var" path="M2_REPO/cglib/cglib/2.1_3/cglib-2.1_3.jar"/> @@ -47,5 +49,6 @@ <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar"/> <classpathentry kind="var" path="M2_REPO/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar"/> <classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate/3.1.2/hibernate-3.1.2.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/aop/jboss-aop/2.1.3.GA/jboss-aop-2.1.3.GA.jar"/> <classpathentry kind="output" path="bin"/> </classpath> Modified: authz/trunk/documentation/reference-guide/en/master.xml =================================================================== --- authz/trunk/documentation/reference-guide/en/master.xml 2009-09-10 18:42:17 UTC (rev 781) +++ authz/trunk/documentation/reference-guide/en/master.xml 2009-09-10 19:17:22 UTC (rev 782) @@ -18,7 +18,7 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/architecture.xml"/>  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/framework.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/authz-component-spec.xml"/> Modified: authz/trunk/pom.xml =================================================================== --- authz/trunk/pom.xml 2009-09-10 18:42:17 UTC (rev 781) +++ authz/trunk/pom.xml 2009-09-10 19:17:22 UTC (rev 782) @@ -16,6 +16,7 @@ <module>agent</module> <module>policy-server</module> <module>http-profile</module> + <module>samples</module>  Added: authz/trunk/samples/pom.xml =================================================================== --- authz/trunk/samples/pom.xml (rev 0) +++ authz/trunk/samples/pom.xml 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,36 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <groupId>org.jboss.security.authz</groupId> + <artifactId>jboss-authz-parent</artifactId> + <version>trunk-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <groupId>org.jboss.security.authz</groupId> + <artifactId>samples</artifactId> + <packaging>pom</packaging> + <name>JBoss Authorization Sample Code</name> + <url>http://www.jboss.org</url> + + + <modules> + <module>secure-pojo</module> + </modules> + + <properties> + <version.org.jboss.aop>2.1.3.GA</version.org.jboss.aop> + </properties> + + <dependencyManagement> + <dependencies> +  + <dependency> + <groupId>org.jboss.aop</groupId> + <artifactId>jboss-aop</artifactId> + <version>${version.org.jboss.aop}</version> + </dependency> + </dependencies> + </dependencyManagement> +</project> Added: authz/trunk/samples/secure-pojo/pom.xml =================================================================== --- authz/trunk/samples/secure-pojo/pom.xml (rev 0) +++ authz/trunk/samples/secure-pojo/pom.xml 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,106 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <groupId>org.jboss.security.authz</groupId> + <artifactId>samples</artifactId> + <version>trunk-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <artifactId>secure-pojo</artifactId> + <packaging>jar</packaging> + <name>Samples demonstrating POJO security</name> + <url>http://www.jboss.org</url> + + <dependencies> + <dependency> + <groupId>org.jboss.aop</groupId> + <artifactId>jboss-aop</artifactId> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>core-components</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>agent</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.jboss.security.authz</groupId> + <artifactId>policy-server</artifactId> + <version>${project.version}</version> + </dependency> + +  +  + <dependency> + <groupId>org.jboss.security</groupId> + <artifactId>jboss-xacml</artifactId> + <scope>test</scope> + </dependency> +  + <dependency> + <groupId>org.jboss.microcontainer</groupId> + <artifactId>jboss-kernel</artifactId> + <scope>test</scope> + </dependency> +  + <dependency> + <groupId>org.drools</groupId> + <artifactId>drools-core</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.drools</groupId> + <artifactId>drools-compiler</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <plugins> +  + <plugin> + <groupId>org.jboss.maven.plugins</groupId> + <artifactId>maven-jbossaop-plugin</artifactId> + <version>${version.org.jboss.aop}</version> + <executions> + <execution> + <id>compile</id> + <configuration> +  + <includeProjectDependency>false</includeProjectDependency> + <aoppaths> + <aoppath>src/main/resources/jboss-aop.xml</aoppath> + </aoppaths> + </configuration> + <goals> + <goal>compile</goal> + </goals> + </execution> + </executions> + </plugin> + +  + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.3.1</version> + <configuration> + <forkMode>always</forkMode> + <useSystemClassLoader>true</useSystemClassLoader> + <argLine>-Djboss.aop.path=src/main/resources/jboss-aop.xml</argLine> + </configuration> + </plugin> + </plugins> + </build> +</project> Added: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java =================================================================== --- authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java (rev 0) +++ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/AuthenticatedSession.java 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,79 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.samples.pojo; + +import java.util.List; +import java.util.ArrayList; + +/** + * Just a mock AuthenticatedSession that carries security related information about the logged in user... + * + * Just using simple information to illustrate the usage of the framework + * + * This can carry other arbitrary information as well upon which security decisions can be based. + * + * But for now, just using username and roles + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class AuthenticatedSession +{ + public static ThreadLocal activeSession; + + static + { + activeSession = new ThreadLocal(); + } + + private String username; + private List<String> roles; + + public AuthenticatedSession() + { + this.roles = new ArrayList<String>(); + } + + public String getUsername() + { + return username; + } + + public void setUsername(String username) + { + this.username = username; + } + + public List<String> getRoles() + { + return roles; + } + + public void setRoles(List<String> roles) + { + this.roles = roles; + } + + public void addRole(String role) + { + this.roles.add(role); + } +} Added: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/Pojo.java =================================================================== --- authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/Pojo.java (rev 0) +++ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/Pojo.java 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,49 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.samples.pojo; + +/** + * This is the core application level component. + * + * Notice there is absolutely no security code here....It does not even know the security service exists + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class Pojo +{ + private String sensitiveData; + + public Pojo() + { + + } + + public String getSensitiveData() + { + return this.sensitiveData; + } + + public void setSensitiveData(String sensitiveData) + { + this.sensitiveData = sensitiveData; + } +} Added: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java =================================================================== --- authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java (rev 0) +++ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/enforcement/SecurityInterceptor.java 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,144 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.samples.pojo.enforcement; + +import java.lang.reflect.Method; +import java.net.URI; + +import org.apache.log4j.Logger; + +import org.jboss.aop.advice.Interceptor; +import org.jboss.aop.joinpoint.Invocation; +import org.jboss.aop.joinpoint.MethodInvocation; + +import org.jboss.security.authz.bootstrap.ServiceContainer; +import org.jboss.security.authz.components.subject.Identity; +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.components.resource.URIResource; +import org.jboss.security.authz.components.action.Read; +import org.jboss.security.authz.components.action.Write; + +import org.jboss.security.authz.agent.enforcement.EnforcementContext; +import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint; +import org.jboss.security.authz.agent.enforcement.EnforcementResponse; + +import org.jboss.security.authz.samples.pojo.AuthenticatedSession; + +/** + * A sample Enforcement Interceptor used to inject the security service into the application + * + * The scope of interception can be increased/decreased depending upon the application's security requirements + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class SecurityInterceptor implements Interceptor +{ + private static Logger log = Logger.getLogger(SecurityInterceptor.class); + + private PolicyEnforcementPoint enforcer; + + public String getName() + { + return this.getClass().getName(); + } + + private PolicyEnforcementPoint getEnforcer() + { + if(this.enforcer == null) + { + this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint"); + } + return this.enforcer; + } + //------------------------------------------------------------------------------------------------------------------------------------------------------------------------ + public Object invoke(Invocation invocation) throws Throwable + { + try + { + MethodInvocation methodInvocation = (MethodInvocation)invocation; + + Object pojoBeingAccessed = methodInvocation.getTargetObject(); + Method methodBeingCalled = methodInvocation.getMethod(); + + //Get the runtime application state (AuthenticatedSession) from ThreadLocal + AuthenticatedSession session = (AuthenticatedSession)AuthenticatedSession.activeSession.get(); + if(session == null) + { + //Anonymous access + session = new AuthenticatedSession(); + session.setUsername("anonymous"); + session.addRole("anonymous"); + } + + //Properly propagate runtime application state to the state of appropriate "Authz Components"-------------------------------------------------------------------- + //Subject Components + Identity identity = new Identity(); + identity.setName(session.getUsername()); + + Roles roles = new Roles(); + if(session.getRoles() != null) + { + for(String roleName: session.getRoles()) + roles.addName(roleName); + } + + //Resource Component + URIResource resource = new URIResource(); + resource.setUri(new URI(pojoBeingAccessed.getClass().getName())); + + //Action Component + Object action = null; + if(methodBeingCalled.getName().startsWith("get")) + { + action = new Read(); + } + else if(methodBeingCalled.getName().startsWith("set")) + { + action = new Write(); + } + + //Create an EnforcementContext and start the "Enforcement Phase" with the security framework---------------------------------------------------------------------- + EnforcementContext context = new EnforcementContext(); + context.setAttribute("pojo", resource); + context.setAttribute("method", action); + context.setAttribute("identity", identity); + context.setAttribute("roles", roles); + + //Process the result from Enforcement Phase execution------------------------------------------------------------------------------------------------------------- + EnforcementResponse response = this.getEnforcer().checkAccess(context); + + if(response.isAccessGranted()) + { + //Access to the Pojo is granted.....Proceed.. + return invocation.invokeNext(); + } + else + { + //Throw appropriate exception or handle it according to what the requirements are......... + throw new IllegalAccessException("Pojo Access Denied!!!"); + } + } + finally + { + } + } +} \ No newline at end of file Added: authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java =================================================================== --- authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java (rev 0) +++ authz/trunk/samples/secure-pojo/src/main/java/org/jboss/security/authz/samples/pojo/provisioning/SecurityProvisioning.java 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,96 @@ +/* + * JBoss, a division of Red Hat + * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated + * by the @authors tag. See the copyright.txt in the distribution for a + * full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.security.authz.samples.pojo.provisioning; + +import java.net.URI; + +import org.jboss.security.authz.bootstrap.ServiceContainer; + +import org.jboss.security.authz.agent.provisioning.PolicyProvisioner; +import org.jboss.security.authz.agent.services.CompositionContext; + +import org.jboss.security.authz.model.Effect; +import org.jboss.security.authz.components.action.Read; +import org.jboss.security.authz.components.action.Write; +import org.jboss.security.authz.components.resource.URIResource; +import org.jboss.security.authz.components.subject.Roles; + +import org.jboss.security.authz.samples.pojo.Pojo; + +/** + * The Provisioning component that is in charge of managing the security policies of the application + * + * This is usually accessed via a GUI tool or the application's security dashboard etc + * + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class SecurityProvisioning +{ + private PolicyProvisioner provisioner; + + public void bootup() + { + try + { + // Provision Admin Policy + this.provisionAdminPolicy(); + } + catch(Exception e) + { + throw new RuntimeException(e); + } + } + // ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + private void provisionAdminPolicy() throws Exception + { + // SetUp Resource + URIResource resource = new URIResource(); + resource.setUri(new URI(Pojo.class.getName())); + + Read read = new Read(); + Roles readRoles = new Roles(); + readRoles.addName("admin"); + + Write write = new Write(); + Roles writeRoles = new Roles(); + writeRoles.addName("admin"); + + // Setup the Context for the Composition with these components + CompositionContext context = new CompositionContext(); + context.setPolicyTarget(resource); + context.addPolicyRule(Effect.PERMIT, read, readRoles,"allowExpression"); + context.addPolicyRule(Effect.PERMIT, write, writeRoles,"allowExpression"); + + // Store the policy into the Policy Server + this.getProvisioner().deploy(context); + } + + private PolicyProvisioner getProvisioner() + { + if (this.provisioner == null) + { + this.provisioner = (PolicyProvisioner) ServiceContainer + .lookup("/agent/LocalPolicyProvisioner"); + } + return this.provisioner; + } +} Added: authz/trunk/samples/secure-pojo/src/main/resources/hibernate.cfg.xml =================================================================== --- authz/trunk/samples/secure-pojo/src/main/resources/hibernate.cfg.xml (rev 0) +++ authz/trunk/samples/secure-pojo/src/main/resources/hibernate.cfg.xml 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,59 @@ +<?xml version='1.0' encoding='utf-8'?> + + +<!DOCTYPE hibernate-configuration PUBLIC + "-//Hibernate/Hibernate Configuration DTD//EN" + "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> + +<hibernate-configuration> + <session-factory> +  + <property name="connection.driver_class">org.hsqldb.jdbcDriver</property> + <property name="connection.url">jdbc:hsqldb:file:target/testdb</property> + <property name="connection.username">sa</property> + <property name="connection.password"></property> + +  + <property name="connection.pool_size">1</property> + +  + <property name="dialect">org.hibernate.dialect.HSQLDialect</property> + +  + <property name="current_session_context_class">thread</property> + +  + <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property> + +  + <property name="show_sql">true</property> + +  + <property name="hbm2ddl.auto">create</property> + + <mapping resource="policy.hbm.xml"/> + </session-factory> +</hibernate-configuration> \ No newline at end of file Added: authz/trunk/samples/secure-pojo/src/main/resources/jboss-aop.xml =================================================================== --- authz/trunk/samples/secure-pojo/src/main/resources/jboss-aop.xml (rev 0) +++ authz/trunk/samples/secure-pojo/src/main/resources/jboss-aop.xml 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,5 @@ +<aop> + <bind pointcut="execution(* org.jboss.security.authz.samples.pojo.Pojo->*(..))"> + <interceptor class="org.jboss.security.authz.samples.pojo.enforcement.SecurityInterceptor"/> + </bind> +</aop> Added: authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java =================================================================== --- authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java (rev 0) +++ authz/trunk/samples/secure-pojo/src/test/java/org/jboss/security/authz/samples/pojo/TestSecurePojo.java 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,127 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.samples.pojo; + +import org.apache.log4j.Logger; + +import junit.framework.TestCase; + +import org.jboss.security.authz.bootstrap.ServiceContainer; + +import org.jboss.security.authz.samples.pojo.provisioning.SecurityProvisioning; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class TestSecurePojo extends TestCase +{ + private static Logger log = Logger.getLogger(TestSecurePojo.class); + + private SecurityProvisioning provisioning; + + public void setUp() throws Exception + { + //Bootstrap the Security Service + ServiceContainer.bootstrap(); + + //Bootup the system with the appropriate Policies + provisioning = new SecurityProvisioning(); + provisioning.bootup(); + + //Start in Anonymous mode....each testcase will select its own authentication scenario + AuthenticatedSession.activeSession.set(null); + } + + public void testAsAdmin() throws Exception + { + boolean accessGranted = true; + try + { + this.loginAsAdmin(); + + Pojo pojo = new Pojo(); + + //Write Action on the Pojo + pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!"); + + //Read Action on the Pojo + log.info(pojo.getSensitiveData()); + } + catch(Exception iae) + { + if(iae instanceof IllegalAccessException) + { + accessGranted = false; + } + else + { + throw iae; + } + } + finally + { + assertTrue("Access Must be Granted!!", accessGranted); + } + } + + public void testAsAnonymous() throws Exception + { + boolean accessGranted = true; + try + { + //No need to login......just access straight up + Pojo pojo = new Pojo(); + + //Write Action on the Pojo + pojo.setSensitiveData("This is Top Secret Data!!! Protect Me!!"); + + //Read Action on the Pojo + log.info(pojo.getSensitiveData()); + } + catch(Exception iae) + { + if(iae instanceof IllegalAccessException) + { + accessGranted = false; + } + else + { + throw iae; + } + } + finally + { + assertFalse("Access Must Not be Granted!!", accessGranted); + } + } + //--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + private void loginAsAdmin() + { + AuthenticatedSession session = new AuthenticatedSession(); + + session.setUsername("admin"); + session.addRole("Admin"); + session.addRole("/system/admin/badassdude/blah/blah"); + + AuthenticatedSession.activeSession.set(session); + } +} Added: authz/trunk/samples/secure-pojo/src/test/resources/log4j.properties =================================================================== --- authz/trunk/samples/secure-pojo/src/test/resources/log4j.properties (rev 0) +++ authz/trunk/samples/secure-pojo/src/test/resources/log4j.properties 2009-09-10 19:17:22 UTC (rev 782) @@ -0,0 +1,8 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootCategory=INFO, CONSOLE + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=INFO +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n

14 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

jboss-identity-commits September 2009