Author: anil.saldhana(a)jboss.com
Date: 2009-08-24 11:55:09 -0400 (Mon, 24 Aug 2009)
New Revision: 731
Added:
identity-federation/tags/1.0.0.beta1/
identity-federation/tags/1.0.0.beta1/assembly/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml
identity-federation/tags/1.0.0.beta1/parent/pom.xml
identity-federation/tags/1.0.0.beta1/pom.xml
Removed:
identity-federation/tags/1.0.0.beta1/assembly/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml
identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml
identity-federation/tags/1.0.0.beta1/parent/pom.xml
identity-federation/tags/1.0.0.beta1/pom.xml
Log:
[maven-release-plugin] copy for tag 1.0.0.beta1
Copied: identity-federation/tags/1.0.0.beta1 (from rev 724, identity-federation/trunk)
Deleted: identity-federation/tags/1.0.0.beta1/assembly/pom.xml
===================================================================
--- identity-federation/trunk/assembly/pom.xml 2009-08-17 21:15:02 UTC (rev 724)
+++ identity-federation/tags/1.0.0.beta1/assembly/pom.xml 2009-08-24 15:55:09 UTC (rev
731)
@@ -1,63 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed</artifactId>
- <packaging>pom</packaging>
- <name>JBoss Identity Federation- Assembly</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Federation</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <version>2.1</version>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>attached</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <archive>
- <manifestEntries>
- <Specification-Title>JBoss Identity</Specification-Title>
-
<Specification-Version>${project.version}</Specification-Version>
- <Specification-Vendor>Red Hat Middleware
LLC</Specification-Vendor>
- <Implementation-Title>JBoss Identity</Implementation-Title>
-
<Implementation-Version>${project.version}</Implementation-Version>
-
<Implementation-VendorId>org.jboss.security</Implementation-VendorId>
- <Implementation-Vendor>Red Hat Middleware
LLC</Implementation-Vendor>
-
<
Implementation-URL>http://labs.jboss.org/portal/jbosssecurity/</Imp...
- </manifestEntries>
- </archive>
- <descriptors>
- <descriptor>bin.xml</descriptor>
- <descriptor>sources.xml</descriptor>
- </descriptors>
- </configuration>
- <inherited>false</inherited>
- </plugin>
- </plugins>
- </build>
-
-</project>
Copied: identity-federation/tags/1.0.0.beta1/assembly/pom.xml (from rev 730,
identity-federation/trunk/assembly/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/assembly/pom.xml (rev 0)
+++ identity-federation/tags/1.0.0.beta1/assembly/pom.xml 2009-08-24 15:55:09 UTC (rev
731)
@@ -0,0 +1,63 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed</artifactId>
+ <packaging>pom</packaging>
+ <name>JBoss Identity Federation- Assembly</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Federation</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.1</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>attached</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <archive>
+ <manifestEntries>
+ <Specification-Title>JBoss Identity</Specification-Title>
+
<Specification-Version>${project.version}</Specification-Version>
+ <Specification-Vendor>Red Hat Middleware
LLC</Specification-Vendor>
+ <Implementation-Title>JBoss Identity</Implementation-Title>
+
<Implementation-Version>${project.version}</Implementation-Version>
+
<Implementation-VendorId>org.jboss.security</Implementation-VendorId>
+ <Implementation-Vendor>Red Hat Middleware
LLC</Implementation-Vendor>
+
<
Implementation-URL>http://labs.jboss.org/portal/jbosssecurity/</Imp...
+ </manifestEntries>
+ </archive>
+ <descriptors>
+ <descriptor>bin.xml</descriptor>
+ <descriptor>sources.xml</descriptor>
+ </descriptors>
+ </configuration>
+ <inherited>false</inherited>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,242 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-bindings</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Server Bindings</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity OpenSAML contains the foundation for Federated
Identity Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
-
- <!-- Profile to exclude the integration tests that take long time -->
- <profiles>
- <profile>
- <id>exclude-long-tests</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <excludes>
- <exclude>**/integration/*TestCase.java</exclude>
- </excludes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- . <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
-
- <profile>
- <id>long-tests</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <childDelegation>true</childDelegation>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/integration/*TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- . <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-web</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.4</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>nekohtml</groupId>
- <artifactId>nekohtml</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache</groupId>
- <artifactId>httpclient</artifactId>
- <version>3.0.1</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-codec</artifactId>
- <version>1.3</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.apache.tomcat</groupId>
- <artifactId>catalina</artifactId>
- <version>6.0.18</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.apache.tomcat</groupId>
- <artifactId>coyote</artifactId>
- <version>6.0.18</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.9.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-tomcat</groupId>
- <artifactId>tomcat-util</artifactId>
- <version>5.5.12</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-tomcat</groupId>
- <artifactId>naming-resources</artifactId>
- <version>5.5.12</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-tomcat</groupId>
- <artifactId>tomcat-http</artifactId>
- <version>5.5.12</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-logging</groupId>
- <artifactId>commons-logging-api</artifactId>
- <version>1.0.3</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-modeler</groupId>
- <artifactId>commons-modeler</artifactId>
- <version>1.1patch</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty-util</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml (from rev
730, identity-federation/trunk/jboss-identity-bindings/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,242 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-bindings</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Server Bindings</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity OpenSAML contains the foundation for Federated
Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+
+ <!-- Profile to exclude the integration tests that take long time -->
+ <profiles>
+ <profile>
+ <id>exclude-long-tests</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <excludes>
+ <exclude>**/integration/*TestCase.java</exclude>
+ </excludes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ . <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+
+ <profile>
+ <id>long-tests</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <childDelegation>true</childDelegation>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/integration/*TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ . <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-web</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.4</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>nekohtml</groupId>
+ <artifactId>nekohtml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>3.0.1</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.3</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>catalina</artifactId>
+ <version>6.0.18</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>coyote</artifactId>
+ <version>6.0.18</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.9.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-tomcat</groupId>
+ <artifactId>tomcat-util</artifactId>
+ <version>5.5.12</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-tomcat</groupId>
+ <artifactId>naming-resources</artifactId>
+ <version>5.5.12</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-tomcat</groupId>
+ <artifactId>tomcat-http</artifactId>
+ <version>5.5.12</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-logging</groupId>
+ <artifactId>commons-logging-api</artifactId>
+ <version>1.0.3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-modeler</groupId>
+ <artifactId>commons-modeler</artifactId>
+ <version>1.1patch</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,204 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.servlets;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.cert.Certificate;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
-import org.jboss.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
-import org.jboss.identity.federation.api.util.KeyUtil;
-import org.jboss.identity.federation.web.config.KeyProviderType;
-import org.jboss.identity.federation.web.config.KeyValueType;
-import org.jboss.identity.federation.web.config.MetadataProviderType;
-import org.jboss.identity.federation.web.config.ProviderType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.bindings.providers.IMetadataProvider;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
-import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.jboss.identity.federation.saml.v2.metadata.KeyDescriptorType;
-import org.jboss.identity.federation.saml.v2.metadata.RoleDescriptorType;
-import org.jboss.identity.xmlsec.w3.xmldsig.KeyInfoType;
-
-/**
- * Metadata servlet for the IDP/SP
- * @author Anil.Saldhana(a)redhat.com
- * @since Apr 22, 2009
- */
-public class MetadataServlet extends HttpServlet
-{
- private static final long serialVersionUID = 1L;
- private static Logger log = Logger.getLogger(MetadataServlet.class);
-
- private String configFileLocation = "/WEB-INF/jboss-idfed.xml";
- private MetadataProviderType metadataProviderType = null;
-
- private IMetadataProvider<?> metadataProvider = null;
-
- private EntityDescriptorType metadata;
-
- private String signingAlias = null;
- private String encryptingAlias = null;
- private TrustKeyManager keyManager;
-
- @SuppressWarnings("unchecked")
- @Override
- public void init(ServletConfig config) throws ServletException
- {
- super.init(config);
- ServletContext context = config.getServletContext();
- String configL = config.getInitParameter("configFile");
- if(configL != null && configL.length() > 0)
- configFileLocation = configL;
- log.trace("Config File Location="+ configFileLocation);
- InputStream is = context.getResourceAsStream(configFileLocation);
- if(is == null)
- throw new RuntimeException(configFileLocation + " missing");
-
- //Look for signing alias
- signingAlias = config.getInitParameter("signingAlias");
- encryptingAlias = config.getInitParameter("encryptingAlias");
-
- try
- {
- ProviderType providerType = ValveUtil.getIDPConfiguration(is);
- metadataProviderType = providerType.getMetaDataProvider();
- String fqn = metadataProviderType.getClassName();
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- Class<?> clazz = tcl.loadClass(fqn);
- metadataProvider = (IMetadataProvider) clazz.newInstance();
- List<KeyValueType> keyValues = metadataProviderType.getOption();
- Map<String,String> options = new HashMap<String,String>();
- if(keyValues != null)
- {
- for(KeyValueType kvt: keyValues)
- options.put(kvt.getKey(), kvt.getValue());
- }
- metadataProvider.init(options);
- if(metadataProvider.isMultiple())
- throw new RuntimeException("Multiple Entities not currently
supported");
-
- /**
- * Since a metadata provider does not have access to the servlet context.
- * It may be difficult to get to the resource from the TCL.
- */
- String fileInjectionStr = metadataProvider.requireFileInjection();
- if(fileInjectionStr != null && fileInjectionStr.length() > 0)
- {
-
metadataProvider.injectFileStream(context.getResourceAsStream(fileInjectionStr));
- }
-
- metadata = (EntityDescriptorType) metadataProvider.getMetaData();
-
- //Get the trust manager information
- KeyProviderType keyProvider = providerType.getKeyProvider();
- signingAlias = keyProvider.getSigningAlias();
- try
- {
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
- keyManager.setAuthProperties(keyProvider.getAuth());
-
- Certificate cert = keyManager.getCertificate(signingAlias);
- KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert);
-
- //TODO: Assume just signing key for now
- KeyDescriptorType keyDescriptor =
KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
- null, 0, true, false);
-
- updateKeyDescriptor(metadata, keyDescriptor);
-
- //encryption
- if(this.encryptingAlias != null)
- {
- cert = keyManager.getCertificate(encryptingAlias);
- keyInfo = KeyUtil.getKeyInfo(cert);
- String certAlgo = cert.getPublicKey().getAlgorithm();
- keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
- XMLEncryptionUtil.getEncryptionURL(certAlgo),
- XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true);
- updateKeyDescriptor(metadata, keyDescriptor);
- }
- }
- catch(Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException
- {
- resp.setContentType(JBossSAMLConstants.METADATA_MIME.get());
- OutputStream os = resp.getOutputStream();
- JAXBElement<?> jaxbEl =
MetaDataBuilder.getObjectFactory().createEntityDescriptor(metadata);
- try
- {
- MetaDataBuilder.getMarshaller().marshal(jaxbEl , os);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void updateKeyDescriptor(EntityDescriptorType entityD, KeyDescriptorType
keyD)
- {
- List<RoleDescriptorType> objs =
entityD.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
- if(objs != null)
- {
- for(RoleDescriptorType roleD: objs)
- {
- roleD.getKeyDescriptor().add(keyD);
- }
- }
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,206 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
+import org.jboss.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
+import org.jboss.identity.federation.api.util.KeyUtil;
+import org.jboss.identity.federation.bindings.providers.IMetadataProvider;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
+import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
+import org.jboss.identity.federation.saml.v2.metadata.KeyDescriptorType;
+import org.jboss.identity.federation.saml.v2.metadata.RoleDescriptorType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.config.KeyValueType;
+import org.jboss.identity.federation.web.config.MetadataProviderType;
+import org.jboss.identity.federation.web.config.ProviderType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.xmlsec.w3.xmldsig.KeyInfoType;
+
+/**
+ * Metadata servlet for the IDP/SP
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Apr 22, 2009
+ */
+public class MetadataServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+ private static Logger log = Logger.getLogger(MetadataServlet.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private String configFileLocation = "/WEB-INF/jboss-idfed.xml";
+ private MetadataProviderType metadataProviderType = null;
+
+ private IMetadataProvider<?> metadataProvider = null;
+
+ private EntityDescriptorType metadata;
+
+ private String signingAlias = null;
+ private String encryptingAlias = null;
+ private TrustKeyManager keyManager;
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ ServletContext context = config.getServletContext();
+ String configL = config.getInitParameter("configFile");
+ if(configL != null && configL.length() > 0)
+ configFileLocation = configL;
+ if(trace)
+ log.trace("Config File Location="+ configFileLocation);
+ InputStream is = context.getResourceAsStream(configFileLocation);
+ if(is == null)
+ throw new RuntimeException(configFileLocation + " missing");
+
+ //Look for signing alias
+ signingAlias = config.getInitParameter("signingAlias");
+ encryptingAlias = config.getInitParameter("encryptingAlias");
+
+ try
+ {
+ ProviderType providerType = ConfigurationUtil.getIDPConfiguration(is);
+ metadataProviderType = providerType.getMetaDataProvider();
+ String fqn = metadataProviderType.getClassName();
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz = tcl.loadClass(fqn);
+ metadataProvider = (IMetadataProvider) clazz.newInstance();
+ List<KeyValueType> keyValues = metadataProviderType.getOption();
+ Map<String,String> options = new HashMap<String,String>();
+ if(keyValues != null)
+ {
+ for(KeyValueType kvt: keyValues)
+ options.put(kvt.getKey(), kvt.getValue());
+ }
+ metadataProvider.init(options);
+ if(metadataProvider.isMultiple())
+ throw new RuntimeException("Multiple Entities not currently
supported");
+
+ /**
+ * Since a metadata provider does not have access to the servlet context.
+ * It may be difficult to get to the resource from the TCL.
+ */
+ String fileInjectionStr = metadataProvider.requireFileInjection();
+ if(fileInjectionStr != null && fileInjectionStr.length() > 0)
+ {
+
metadataProvider.injectFileStream(context.getResourceAsStream(fileInjectionStr));
+ }
+
+ metadata = (EntityDescriptorType) metadataProvider.getMetaData();
+
+ //Get the trust manager information
+ KeyProviderType keyProvider = providerType.getKeyProvider();
+ signingAlias = keyProvider.getSigningAlias();
+ try
+ {
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+
+ Certificate cert = keyManager.getCertificate(signingAlias);
+ KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert);
+
+ //TODO: Assume just signing key for now
+ KeyDescriptorType keyDescriptor =
KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
+ null, 0, true, false);
+
+ updateKeyDescriptor(metadata, keyDescriptor);
+
+ //encryption
+ if(this.encryptingAlias != null)
+ {
+ cert = keyManager.getCertificate(encryptingAlias);
+ keyInfo = KeyUtil.getKeyInfo(cert);
+ String certAlgo = cert.getPublicKey().getAlgorithm();
+ keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
+ XMLEncryptionUtil.getEncryptionURL(certAlgo),
+ XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true);
+ updateKeyDescriptor(metadata, keyDescriptor);
+ }
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException
+ {
+ resp.setContentType(JBossSAMLConstants.METADATA_MIME.get());
+ OutputStream os = resp.getOutputStream();
+ JAXBElement<?> jaxbEl =
MetaDataBuilder.getObjectFactory().createEntityDescriptor(metadata);
+ try
+ {
+ MetaDataBuilder.getMarshaller().marshal(jaxbEl , os);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private void updateKeyDescriptor(EntityDescriptorType entityD, KeyDescriptorType
keyD)
+ {
+ List<RoleDescriptorType> objs =
entityD.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
+ if(objs != null)
+ {
+ for(RoleDescriptorType roleD: objs)
+ {
+ roleD.getKeyDescriptor().add(keyD);
+ }
+ }
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,276 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.servlets;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.PrivilegedActionException;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.bind.helpers.DefaultValidationEventHandler;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.core.factories.SOAPFactory;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
-import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
-import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
-import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
-import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
-import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import
org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import
org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.jboss.security.xacml.core.JBossPDP;
-import org.jboss.security.xacml.core.JBossRequestContext;
-import org.jboss.security.xacml.core.model.context.RequestType;
-import org.jboss.security.xacml.core.model.context.ResponseType;
-import org.jboss.security.xacml.core.model.context.ResultType;
-import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
-import org.jboss.security.xacml.interfaces.RequestContext;
-import org.jboss.security.xacml.interfaces.ResponseContext;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Servlet that can read SOAP 1.1 messages that contain
- * an XACML query in saml payload
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 27, 2009
- */
-public class SOAPSAMLXACMLServlet extends HttpServlet
-{
- private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class);
-
- private static final long serialVersionUID = 1L;
-
- private String policyConfigFileName = null;
-
- private String issuerId = null;
- private String issuer = null;
-
- boolean debug = false;
-
- private PolicyDecisionPoint pdp = null;
-
- public void init(ServletConfig config) throws ServletException
- {
- issuerId = config.getInitParameter("issuerID");
- if(issuerId == null)
- issuerId = "issue-id:1";
-
- issuer = config.getInitParameter("issuer");
- if(issuer == null)
- issuer = "urn:jboss-identity";
-
- policyConfigFileName = config.getInitParameter("policyConfigFileName");
- if(policyConfigFileName == null)
- policyConfigFileName = "policyConfig.xml";
-
- String debugStr = config.getInitParameter("debug");
- try
- {
- debug = Boolean.parseBoolean(debugStr);
- }
- catch(Exception ignore)
- {
- debug = false;
- }
-
- log.trace("Issuer=" + issuer + " :: issuerID=" + issuerId);
- log.trace("PolicyConfig File:" + policyConfigFileName);
- log.trace("Debug="+debug);
-
- if(debug)
- {
- SecurityActions.setSystemProperty("jaxb.debug", "true");
- }
-
- try
- {
- pdp = this.getPDP();
- }
- catch (PrivilegedActionException e)
- {
- log("Exception loading PDP::",e);
- throw new ServletException("Unable to load PDP");
- }
- super.init(config);
- }
-
-
- @SuppressWarnings("unchecked")
- @Override
- protected void service(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
- {
- JAXBElement<RequestAbstractType> jaxbRequestType = null;
-
- Envelope envelope = null;
- XACMLAuthzDecisionQueryType xacmlRequest = null;
-
- try
- {
- Document inputDoc = DocumentUtil.getDocument(req.getInputStream());
- if(debug)
- log.trace("Received
SOAP:"+DocumentUtil.getDocumentAsString(inputDoc));
-
- Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
- if(debug)
- un.setEventHandler(new DefaultValidationEventHandler());
-
- Object unmarshalledObject =
un.unmarshal(DocumentUtil.getNodeAsStream(inputDoc));
-
- if(unmarshalledObject instanceof JAXBElement)
- {
- JAXBElement<?> jaxbElement = (JAXBElement<?>)
unmarshalledObject;
- Object element = jaxbElement.getValue();
- if(element instanceof Envelope)
- {
- envelope = (Envelope)element;
- Body soapBody = envelope.getBody();
- Object samlRequest = soapBody.getAny().get(0);
- if(samlRequest instanceof JAXBElement)
- {
- jaxbRequestType = (JAXBElement<RequestAbstractType>)samlRequest;
- jaxbRequestType = (JAXBElement<RequestAbstractType>)samlRequest;
- xacmlRequest = (XACMLAuthzDecisionQueryType)
jaxbRequestType.getValue();
- }
- else
- if(samlRequest instanceof Element)
- {
- Element elem = (Element) samlRequest;
- xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType(elem);
- }
- }
- else if(element instanceof XACMLAuthzDecisionQueryType)
- {
- xacmlRequest = (XACMLAuthzDecisionQueryType) element;
- }
- }
- if(xacmlRequest == null)
- throw new IOException("XACML Request not parsed");
-
- RequestType requestType = xacmlRequest.getRequest();
-
- RequestContext requestContext = new JBossRequestContext();
- requestContext.setRequest(requestType);
-
- //pdp evaluation is thread safe
- ResponseContext responseContext = pdp.evaluate(requestContext);
-
- ResponseType responseType = new ResponseType();
- ResultType resultType = responseContext.getResult();
- responseType.getResult().add(resultType);
-
- XACMLAuthzDecisionStatementType xacmlStatement =
SOAPSAMLXACMLUtil.createXACMLAuthzDecisionStatementType();
- xacmlStatement.setRequest(requestType);
- xacmlStatement.setResponse(responseType);
-
- //Place the xacml statement in an assertion
- //Then the assertion goes inside a SAML Response
-
- String ID = IDGenerator.create("ID_");
- SAML2Response saml2Response = new SAML2Response();
- IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer);
-
- AssertionType assertion =
SAMLAssertionFactory.getObjectFactory().createAssertionType();
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(xacmlStatement);
- assertion.setID(ID);
- assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
- assertion.setIssuer(issuerInfo.getIssuer());
-
- JAXBElement<?> jaxbResponse =
JAXBElementMappingUtil.get(saml2Response.createResponseType(ID, issuerInfo, assertion));
-
- //Create a SOAP Envelope to hold the SAML response
- envelope = this.createEnvelope(jaxbResponse);
- }
- catch (JAXBException e)
- {
- String id = IDGenerator.create();
- log.error(id + "::Exception parsing SOAP:", e);
- envelope = this.createEnvelope(this.createFault("Parsing Error.
Reference::" + id));
- }
- catch (Exception e)
- {
- String id = IDGenerator.create();
- log.error(id + "::Exception:", e);
- envelope = this.createEnvelope(this.createFault("Server Error.
Reference::" + id));
- }
- finally
- {
- resp.setContentType("text/xml;charset=utf-8");;
- OutputStream os = resp.getOutputStream();
- try
- {
- if(envelope == null)
- throw new IllegalStateException("SOAPEnvelope is null");
- JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
- Marshaller marshaller =
JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage());
- marshaller.marshal(jaxbEnvelope, os);
- }
- catch (JAXBException e)
- {
- log("marshalling exception",e);
- }
- }
- }
-
- private PolicyDecisionPoint getPDP() throws PrivilegedActionException
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
- if(is == null)
- throw new IllegalStateException(policyConfigFileName + " could not be
located");
- return new JBossPDP(is);
- }
-
- private Envelope createEnvelope(Object obj)
- {
- Envelope envelope = SOAPFactory.getObjectFactory().createEnvelope();
- Body body = SOAPFactory.getObjectFactory().createBody();
- body.getAny().add(obj);
- envelope.setBody(body);
- return envelope;
- }
-
- private JAXBElement<Fault> createFault(String msg)
- {
- Fault fault = SOAPFactory.getObjectFactory().createFault();
- fault.setFaultstring(msg);
- return SOAPFactory.getObjectFactory().createFault(fault);
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,280 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.PrivilegedActionException;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.helpers.DefaultValidationEventHandler;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.factories.SOAPFactory;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Body;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope;
+import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import
org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import
org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.security.xacml.core.JBossPDP;
+import org.jboss.security.xacml.core.JBossRequestContext;
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.jboss.security.xacml.core.model.context.ResponseType;
+import org.jboss.security.xacml.core.model.context.ResultType;
+import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
+import org.jboss.security.xacml.interfaces.RequestContext;
+import org.jboss.security.xacml.interfaces.ResponseContext;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Servlet that can read SOAP 1.1 messages that contain
+ * an XACML query in saml payload
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 27, 2009
+ */
+public class SOAPSAMLXACMLServlet extends HttpServlet
+{
+ private static Logger log = Logger.getLogger(SOAPSAMLXACMLServlet.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private static final long serialVersionUID = 1L;
+
+ private String policyConfigFileName = null;
+
+ private String issuerId = null;
+ private String issuer = null;
+
+ boolean debug = false;
+
+ private PolicyDecisionPoint pdp = null;
+
+ public void init(ServletConfig config) throws ServletException
+ {
+ issuerId = config.getInitParameter("issuerID");
+ if(issuerId == null)
+ issuerId = "issue-id:1";
+
+ issuer = config.getInitParameter("issuer");
+ if(issuer == null)
+ issuer = "urn:jboss-identity";
+
+ policyConfigFileName = config.getInitParameter("policyConfigFileName");
+ if(policyConfigFileName == null)
+ policyConfigFileName = "policyConfig.xml";
+
+ String debugStr = config.getInitParameter("debug");
+ try
+ {
+ debug = Boolean.parseBoolean(debugStr);
+ }
+ catch(Exception ignore)
+ {
+ debug = false;
+ }
+
+ if(trace)
+ {
+ log.trace("Issuer=" + issuer + " :: issuerID=" + issuerId);
+ log.trace("PolicyConfig File:" + policyConfigFileName);
+ log.trace("Debug="+debug);
+ }
+
+ if(debug)
+ {
+ SecurityActions.setSystemProperty("jaxb.debug", "true");
+ }
+
+ try
+ {
+ pdp = this.getPDP();
+ }
+ catch (PrivilegedActionException e)
+ {
+ log("Exception loading PDP::",e);
+ throw new ServletException("Unable to load PDP");
+ }
+ super.init(config);
+ }
+
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected void service(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
+ {
+ JAXBElement<RequestAbstractType> jaxbRequestType = null;
+
+ Envelope envelope = null;
+ XACMLAuthzDecisionQueryType xacmlRequest = null;
+
+ try
+ {
+ Document inputDoc = DocumentUtil.getDocument(req.getInputStream());
+ if(debug && trace)
+ log.trace("Received
SOAP:"+DocumentUtil.getDocumentAsString(inputDoc));
+
+ Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage());
+ if(debug)
+ un.setEventHandler(new DefaultValidationEventHandler());
+
+ Object unmarshalledObject =
un.unmarshal(DocumentUtil.getNodeAsStream(inputDoc));
+
+ if(unmarshalledObject instanceof JAXBElement)
+ {
+ JAXBElement<?> jaxbElement = (JAXBElement<?>)
unmarshalledObject;
+ Object element = jaxbElement.getValue();
+ if(element instanceof Envelope)
+ {
+ envelope = (Envelope)element;
+ Body soapBody = envelope.getBody();
+ Object samlRequest = soapBody.getAny().get(0);
+ if(samlRequest instanceof JAXBElement)
+ {
+ jaxbRequestType = (JAXBElement<RequestAbstractType>)samlRequest;
+ jaxbRequestType = (JAXBElement<RequestAbstractType>)samlRequest;
+ xacmlRequest = (XACMLAuthzDecisionQueryType)
jaxbRequestType.getValue();
+ }
+ else
+ if(samlRequest instanceof Element)
+ {
+ Element elem = (Element) samlRequest;
+ xacmlRequest = SOAPSAMLXACMLUtil.getXACMLQueryType(elem);
+ }
+ }
+ else if(element instanceof XACMLAuthzDecisionQueryType)
+ {
+ xacmlRequest = (XACMLAuthzDecisionQueryType) element;
+ }
+ }
+ if(xacmlRequest == null)
+ throw new IOException("XACML Request not parsed");
+
+ RequestType requestType = xacmlRequest.getRequest();
+
+ RequestContext requestContext = new JBossRequestContext();
+ requestContext.setRequest(requestType);
+
+ //pdp evaluation is thread safe
+ ResponseContext responseContext = pdp.evaluate(requestContext);
+
+ ResponseType responseType = new ResponseType();
+ ResultType resultType = responseContext.getResult();
+ responseType.getResult().add(resultType);
+
+ XACMLAuthzDecisionStatementType xacmlStatement =
SOAPSAMLXACMLUtil.createXACMLAuthzDecisionStatementType();
+ xacmlStatement.setRequest(requestType);
+ xacmlStatement.setResponse(responseType);
+
+ //Place the xacml statement in an assertion
+ //Then the assertion goes inside a SAML Response
+
+ String ID = IDGenerator.create("ID_");
+ SAML2Response saml2Response = new SAML2Response();
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder(this.issuer);
+
+ AssertionType assertion =
SAMLAssertionFactory.getObjectFactory().createAssertionType();
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(xacmlStatement);
+ assertion.setID(ID);
+ assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(issuerInfo.getIssuer());
+
+ JAXBElement<?> jaxbResponse =
JAXBElementMappingUtil.get(saml2Response.createResponseType(ID, issuerInfo, assertion));
+
+ //Create a SOAP Envelope to hold the SAML response
+ envelope = this.createEnvelope(jaxbResponse);
+ }
+ catch (JAXBException e)
+ {
+ String id = IDGenerator.create();
+ log.error(id + "::Exception parsing SOAP:", e);
+ envelope = this.createEnvelope(this.createFault("Parsing Error.
Reference::" + id));
+ }
+ catch (Exception e)
+ {
+ String id = IDGenerator.create();
+ log.error(id + "::Exception:", e);
+ envelope = this.createEnvelope(this.createFault("Server Error.
Reference::" + id));
+ }
+ finally
+ {
+ resp.setContentType("text/xml;charset=utf-8");;
+ OutputStream os = resp.getOutputStream();
+ try
+ {
+ if(envelope == null)
+ throw new IllegalStateException("SOAPEnvelope is null");
+ JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope);
+ Marshaller marshaller =
JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage());
+ marshaller.marshal(jaxbEnvelope, os);
+ }
+ catch (JAXBException e)
+ {
+ log("marshalling exception",e);
+ }
+ }
+ }
+
+ private PolicyDecisionPoint getPDP() throws PrivilegedActionException
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(this.policyConfigFileName);
+ if(is == null)
+ throw new IllegalStateException(policyConfigFileName + " could not be
located");
+ return new JBossPDP(is);
+ }
+
+ private Envelope createEnvelope(Object obj)
+ {
+ Envelope envelope = SOAPFactory.getObjectFactory().createEnvelope();
+ Body body = SOAPFactory.getObjectFactory().createBody();
+ body.getAny().add(obj);
+ envelope.setBody(body);
+ return envelope;
+ }
+
+ private JAXBElement<Fault> createFault(String msg)
+ {
+ Fault fault = SOAPFactory.getObjectFactory().createFault();
+ fault.setFaultstring(msg);
+ return SOAPFactory.getObjectFactory().createFault(fault);
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,343 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.crypto.SecretKey;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.web.config.AuthPropertyType;
-import org.jboss.identity.federation.web.config.KeyValueType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.bindings.util.cert.EncryptionKeyUtil;
-import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
-
-/**
- * KeyStore based Trust Key Manager
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 22, 2009
- */
-public class KeyStoreKeyManager implements TrustKeyManager
-{
- /**
- * An map of secret keys alive only for the duration of the program.
- * The keys are generated on the fly. If you need sophisticated key
- * storage, then a custom version of the {@code TrustKeyManager}
- * needs to be written that either uses a secure thumb drive or
- * a TPM module or a HSM module.
- * Also see JBoss XMLKey.
- */
- private final Map<String,SecretKey> keys = new
HashMap<String,SecretKey>();
-
- private static Logger log = Logger.getLogger(KeyStoreKeyManager.class);
-
- private final HashMap<String,String> domainAliasMap = new
HashMap<String,String>();
- private final HashMap<String,String> authPropsMap = new
HashMap<String,String>();
-
- private KeyStore ks = null;
-
- private String keyStoreURL;
- private char[] signingKeyPass;
- private String signingAlias;
- private String keyStorePass;
-
- public static final String KEYSTORE_URL = "KeyStoreURL";
- public static final String KEYSTORE_PASS = "KeyStorePass";
- public static final String SIGNING_KEY_PASS = "SigningKeyPass";
- public static final String SIGNING_KEY_ALIAS = "SigningKeyAlias";
-
- /**
- * @see TrustKeyManager#getSigningKey()
- */
- public PrivateKey getSigningKey()
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- try
- {
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass);
- }
- catch (KeyStoreException e)
- {
- throw new TrustKeyConfigurationException(e);
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (UnrecoverableKeyException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (IOException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- }
-
- /*
- * (non-Javadoc)
- * @see
org.jboss.identity.federation.bindings.interfaces.TrustKeyManager#getSigningKeyPair()
- */
- public KeyPair getSigningKeyPair()
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- try
- {
- if(this.ks == null)
- this.setUpKeyStore();
-
- PrivateKey privateKey = this.getSigningKey();
- PublicKey publicKey = KeyStoreUtil.getPublicKey(this.ks, this.signingAlias,
this.signingKeyPass);
- return new KeyPair(publicKey, privateKey);
- }
- catch (KeyStoreException e)
- {
- throw new TrustKeyConfigurationException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (IOException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- }
-
- /**
- * @see TrustKeyManager#getCertificate(String)
- */
- public Certificate getCertificate(String alias)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- try
- {
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
-
- if(alias == null || alias.length() == 0)
- throw new IllegalArgumentException("Alias is null");
-
- return ks.getCertificate(alias);
- }
- catch (KeyStoreException e)
- {
- throw new TrustKeyConfigurationException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (IOException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- }
-
- /**
- * @see TrustKeyManager#getPublicKey(String)
- */
- public PublicKey getPublicKey(String alias)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- PublicKey publicKey = null;
-
- try
- {
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- Certificate cert = ks.getCertificate(alias);
- if(cert != null)
- publicKey = cert.getPublicKey();
- else
- log.debug("No public key found for alias=" + alias);
-
- return publicKey;
- }
- catch (KeyStoreException e)
- {
- throw new TrustKeyConfigurationException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (IOException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- }
-
- /**
- * @throws IOException
- * @see TrustKeyManager#getValidatingKey(String)
- */
- public PublicKey getValidatingKey(String domain)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- PublicKey publicKey = null;
- try
- {
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- String domainAlias = this.domainAliasMap.get(domain);
- if(domainAlias == null)
- throw new IllegalStateException("Domain Alias missing for "+
domain);
- publicKey = null;
- try
- {
- publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias,
this.keyStorePass.toCharArray());
- }
- catch(UnrecoverableKeyException urke)
- {
- //Try with the signing key pass
- publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.signingKeyPass);
- }
- }
- catch (KeyStoreException e)
- {
- throw new TrustKeyConfigurationException(e);
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (GeneralSecurityException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- catch (IOException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- return publicKey;
- }
-
- /**
- * @see TrustKeyManager#setAuthProperties(List)
- */
- public void setAuthProperties(List<AuthPropertyType> authList)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- for(AuthPropertyType auth: authList)
- {
- this.authPropsMap.put(auth.getKey(), auth.getValue());
- }
-
- this.keyStoreURL = this.authPropsMap.get(KEYSTORE_URL);
- this.keyStorePass = this.authPropsMap.get(KEYSTORE_PASS);
-
-
- this.signingAlias = this.authPropsMap.get(SIGNING_KEY_ALIAS);
-
- String keypass = this.authPropsMap.get(SIGNING_KEY_PASS);
- if(keypass == null || keypass.length() == 0)
- throw new RuntimeException("Signing Key Pass is null");
- this.signingKeyPass = keypass.toCharArray();
- }
-
- /**
- * @see TrustKeyManager#setValidatingAlias(List)
- */
- public void setValidatingAlias(List<KeyValueType> aliases)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- for(KeyValueType alias: aliases)
- {
- domainAliasMap.put(alias.getKey(), alias.getValue());
- }
- }
-
- /**
- * @throws GeneralSecurityException
- * @see TrustKeyManager#getEncryptionKey(String)
- */
- public SecretKey getEncryptionKey(String domain,String encryptionAlgorithm, int
keyLength)
- throws TrustKeyConfigurationException, TrustKeyProcessingException
- {
- SecretKey key = keys.get(domain);
- if(key == null)
- {
- try
- {
- key = EncryptionKeyUtil.getSecretKey(encryptionAlgorithm, keyLength);
- }
- catch (GeneralSecurityException e)
- {
- throw new TrustKeyProcessingException(e);
- }
- keys.put(domain, key);
- }
- return key;
- }
-
- private void setUpKeyStore() throws GeneralSecurityException, IOException
- {
- //Keystore URL/Pass can be either by configuration or on the HTTPS connector
- if(this.keyStoreURL == null)
- {
- this.keyStoreURL =
SecurityActions.getProperty("javax.net.ssl.keyStore", null);
- }
- if(this.keyStorePass == null)
- {
- this.keyStorePass =
SecurityActions.getProperty("javax.net.ssl.keyStorePassword", null);
- }
-
- InputStream is = ValveUtil.getKeyStoreInputStream(this.keyStoreURL);
- ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,345 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.SecretKey;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.web.config.AuthPropertyType;
+import org.jboss.identity.federation.web.config.KeyValueType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.bindings.util.cert.EncryptionKeyUtil;
+import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
+
+/**
+ * KeyStore based Trust Key Manager
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 22, 2009
+ */
+public class KeyStoreKeyManager implements TrustKeyManager
+{
+ /**
+ * An map of secret keys alive only for the duration of the program.
+ * The keys are generated on the fly. If you need sophisticated key
+ * storage, then a custom version of the {@code TrustKeyManager}
+ * needs to be written that either uses a secure thumb drive or
+ * a TPM module or a HSM module.
+ * Also see JBoss XMLKey.
+ */
+ private final Map<String,SecretKey> keys = new
HashMap<String,SecretKey>();
+
+ private static Logger log = Logger.getLogger(KeyStoreKeyManager.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private final HashMap<String,String> domainAliasMap = new
HashMap<String,String>();
+ private final HashMap<String,String> authPropsMap = new
HashMap<String,String>();
+
+ private KeyStore ks = null;
+
+ private String keyStoreURL;
+ private char[] signingKeyPass;
+ private String signingAlias;
+ private String keyStorePass;
+
+ public static final String KEYSTORE_URL = "KeyStoreURL";
+ public static final String KEYSTORE_PASS = "KeyStorePass";
+ public static final String SIGNING_KEY_PASS = "SigningKeyPass";
+ public static final String SIGNING_KEY_ALIAS = "SigningKeyAlias";
+
+ /**
+ * @see TrustKeyManager#getSigningKey()
+ */
+ public PrivateKey getSigningKey()
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass);
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (UnrecoverableKeyException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.jboss.identity.federation.bindings.interfaces.TrustKeyManager#getSigningKeyPair()
+ */
+ public KeyPair getSigningKeyPair()
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ try
+ {
+ if(this.ks == null)
+ this.setUpKeyStore();
+
+ PrivateKey privateKey = this.getSigningKey();
+ PublicKey publicKey = KeyStoreUtil.getPublicKey(this.ks, this.signingAlias,
this.signingKeyPass);
+ return new KeyPair(publicKey, privateKey);
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ }
+
+ /**
+ * @see TrustKeyManager#getCertificate(String)
+ */
+ public Certificate getCertificate(String alias)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+
+ if(alias == null || alias.length() == 0)
+ throw new IllegalArgumentException("Alias is null");
+
+ return ks.getCertificate(alias);
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ }
+
+ /**
+ * @see TrustKeyManager#getPublicKey(String)
+ */
+ public PublicKey getPublicKey(String alias)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ PublicKey publicKey = null;
+
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ Certificate cert = ks.getCertificate(alias);
+ if(cert != null)
+ publicKey = cert.getPublicKey();
+ else
+ if(trace)
+ log.trace("No public key found for alias=" + alias);
+
+ return publicKey;
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ }
+
+ /**
+ * @throws IOException
+ * @see TrustKeyManager#getValidatingKey(String)
+ */
+ public PublicKey getValidatingKey(String domain)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ PublicKey publicKey = null;
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ String domainAlias = this.domainAliasMap.get(domain);
+ if(domainAlias == null)
+ throw new IllegalStateException("Domain Alias missing for "+
domain);
+ publicKey = null;
+ try
+ {
+ publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias,
this.keyStorePass.toCharArray());
+ }
+ catch(UnrecoverableKeyException urke)
+ {
+ //Try with the signing key pass
+ publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.signingKeyPass);
+ }
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ return publicKey;
+ }
+
+ /**
+ * @see TrustKeyManager#setAuthProperties(List)
+ */
+ public void setAuthProperties(List<AuthPropertyType> authList)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ for(AuthPropertyType auth: authList)
+ {
+ this.authPropsMap.put(auth.getKey(), auth.getValue());
+ }
+
+ this.keyStoreURL = this.authPropsMap.get(KEYSTORE_URL);
+ this.keyStorePass = this.authPropsMap.get(KEYSTORE_PASS);
+
+
+ this.signingAlias = this.authPropsMap.get(SIGNING_KEY_ALIAS);
+
+ String keypass = this.authPropsMap.get(SIGNING_KEY_PASS);
+ if(keypass == null || keypass.length() == 0)
+ throw new RuntimeException("Signing Key Pass is null");
+ this.signingKeyPass = keypass.toCharArray();
+ }
+
+ /**
+ * @see TrustKeyManager#setValidatingAlias(List)
+ */
+ public void setValidatingAlias(List<KeyValueType> aliases)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ for(KeyValueType alias: aliases)
+ {
+ domainAliasMap.put(alias.getKey(), alias.getValue());
+ }
+ }
+
+ /**
+ * @throws GeneralSecurityException
+ * @see TrustKeyManager#getEncryptionKey(String)
+ */
+ public SecretKey getEncryptionKey(String domain,String encryptionAlgorithm, int
keyLength)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ SecretKey key = keys.get(domain);
+ if(key == null)
+ {
+ try
+ {
+ key = EncryptionKeyUtil.getSecretKey(encryptionAlgorithm, keyLength);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ keys.put(domain, key);
+ }
+ return key;
+ }
+
+ private void setUpKeyStore() throws GeneralSecurityException, IOException
+ {
+ //Keystore URL/Pass can be either by configuration or on the HTTPS connector
+ if(this.keyStoreURL == null)
+ {
+ this.keyStoreURL =
SecurityActions.getProperty("javax.net.ssl.keyStore", null);
+ }
+ if(this.keyStorePass == null)
+ {
+ this.keyStorePass =
SecurityActions.getProperty("javax.net.ssl.keyStorePassword", null);
+ }
+
+ InputStream is = ValveUtil.getKeyStoreInputStream(this.keyStoreURL);
+ ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,527 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.idp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.util.LifecycleSupport;
-import org.apache.catalina.valves.ValveBase;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.TrustType;
-import org.jboss.identity.federation.web.interfaces.RoleGenerator;
-import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.xml.sax.SAXException;
-
-/**
- * Valve at the IDP that supports the HTTP/Redirect Binding
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 9, 2008
- */
-public class IDPRedirectValve extends ValveBase implements Lifecycle
-{
- private static Logger log = Logger.getLogger(IDPRedirectValve.class);
-
- protected IDPType idpConfiguration = null;
-
- private RoleGenerator rg = new TomcatRoleGenerator();
-
- private long assertionValidity = 5000; // 5 seconds in miliseconds
-
- private String identityURL = null;
-
- public IDPRedirectValve()
- {
- super();
- }
-
- @Override
- public void invoke(Request request, Response response) throws IOException,
ServletException
- {
- boolean containsSAMLRequestMessage = this.hasSAMLRequestMessage(request);
-
- //Lets check if the user has been authenticated
- Principal userPrincipal = request.getPrincipal();
- if(userPrincipal == null)
- {
- //Send it for user authentication
- try
- {
- //Next in the invocation chain
- getNext().invoke(request, response);
- }
- finally
- {
- String referer = request.getHeader("Referer");
-
- if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
- {
- ResponseType errorResponseType = this.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get());
- try
- {
- send(errorResponseType, request.getParameter("RelayState"),
response);
- }
- catch (ParsingException e)
- {
- log.error(e);
- }
- catch (ProcessingException e)
- {
- log.error(e);
- }
- return;
- }
-
- //User is authenticated as we are on the return path
- userPrincipal = request.getPrincipal();
- if(userPrincipal != null)
- {
- //Send valid saml response after processing the request
- if(containsSAMLRequestMessage)
- {
- RequestAbstractType requestAbstractType = null;
- try
- {
- requestAbstractType = getSAMLRequest(request);
- boolean isValid = this.validate(request);
- if(!isValid)
- throw new GeneralSecurityException("Validity Checks
Failed");
-
- this.isTrusted(requestAbstractType.getIssuer().getValue());
-
- ResponseType responseType = this.getResponse(request,
userPrincipal);
- send(responseType, request.getParameter("RelayState"),
response);
- }
- catch (Exception e)
- {
- log.error("Exception:" ,e);
- if(requestAbstractType != null)
- referer = requestAbstractType.getIssuer().getValue();
- ResponseType errorResponseType = this.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_RESPONDER.get());
- try
- {
- send(errorResponseType,
request.getParameter("RelayState"), response);
- }
- catch (ParsingException e1)
- {
- log.error(e1);
- }
- catch (ProcessingException e1)
- {
- log.error(e1);
- }
- }
- }
- else
- {
- log.error("No SAML Request Message");
- log.trace("Referer="+referer);
- throw new ServletException("No SAML Request Message");
- }
- }
- }
- }
- }
-
- /**
- * Verify that the issuer is trusted
- * @param issuer
- * @throws IssuerNotTrustedException
- */
- protected void isTrusted(String issuer) throws IssuerNotTrustedException
- {
- try
- {
- String issuerDomain = ValveUtil.getDomain(issuer);
- TrustType idpTrust = idpConfiguration.getTrust();
- if(idpTrust != null)
- {
- String domainsTrusted = idpTrust.getDomains();
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- throw new IssuerNotTrustedException(issuer);
- }
- }
- catch (Exception e)
- {
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
- }
- }
-
- protected void send(ResponseType responseType, String relayState, Response response)
- throws ParsingException, ProcessingException
- {
- try
- {
- SAML2Response saml2Response = new SAML2Response();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Response.marshall(responseType, baos);
-
- String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
-
- String destination = responseType.getDestination();
- log.trace("IDP:Destination=" + destination);
-
- if(relayState != null && relayState.length() > 0)
- relayState = RedirectBindingUtil.urlEncode(relayState);
-
- String finalDest = destination + this.getDestination(urlEncodedResponse,
relayState);
- HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
- catch (IOException e)
- {
- throw new ProcessingException(e);
- }
- }
-
- /**
- * Generate a Destination URL for the HTTPRedirect binding
- * with the saml response and relay state
- * @param urlEncodedResponse
- * @param urlEncodedRelayState
- * @return
- */
- protected String getDestination(String urlEncodedResponse, String
urlEncodedRelayState)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?SAMLResponse=").append(urlEncodedResponse);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- sb.append("&RelayState=").append(urlEncodedRelayState);
- return sb.toString();
- }
-
- /**
- * Validate the incoming Request
- * @param request
- * @return
- */
- protected boolean validate(Request request) throws
IOException,GeneralSecurityException
- {
- return this.hasSAMLRequestMessage(request);
- }
-
- private boolean hasSAMLRequestMessage(Request request)
- {
- return request.getParameter("SAMLRequest") != null;
- }
-
- private RequestAbstractType getSAMLRequest(Request request) throws ParsingException,
IOException
- {
- String samlMessage = getSAMLMessage(request);
- InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
- SAML2Request saml2Request = new SAML2Request();
- return saml2Request.getRequestType(is);
- }
-
-
- /**
- * Create a response type
- * @param request
- * @param userPrincipal
- * @return
- * @throws ParsingException
- * @throws ConfigurationException
- * @throws ProcessingException
- */
- protected ResponseType getResponse(Request request, Principal userPrincipal)
- throws ParsingException, ConfigurationException, ProcessingException
- {
- ResponseType responseType = null;
-
- String samlMessage = getSAMLMessage(request);
- InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
- SAML2Request saml2Request = new SAML2Request();
-
- AuthnRequestType authnRequestType = null;
- try
- {
- authnRequestType = saml2Request.getAuthnRequestType(is);
- }
- catch (JAXBException e2)
- {
- throw new ParsingException(e2);
- }
- catch (SAXException e2)
- {
- throw new ParsingException(e2);
- }
- if(authnRequestType == null)
- throw new IllegalStateException("AuthnRequest is null");
-
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Request.marshall(authnRequestType, sw);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
- }
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
- issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(userPrincipal.getName());
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- //Add information on the roles
- List<String> roles = rg.generateRoles(userPrincipal);
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
-
- AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
-
- //Add timed conditions
- try
- {
- saml2Response.createTimedConditions(assertion, this.assertionValidity);
- }
- catch (IssueInstantMissingException e1)
- {
- log.error(e1);
- }
-
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("IDPRedirectValve::Response="+sw.toString());
- }
-
- return responseType;
- }
-
- private ResponseType getErrorResponse(String responseURL, String status) throws
ServletException
- {
- try
- {
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
- issuerHolder.setStatusCode(status);
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(null);
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(responseURL);
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
-
- log.debug("ResponseType = ");
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
- log.trace("IDPRedirectValve::Response="+sw.toString());
- }
-
- return responseType;
- }
- catch(Exception e)
- {
- log.error("Exception in getErrorResponse::",e);
- throw new ServletException(e.getLocalizedMessage());
- }
- }
-
- private String getSAMLMessage(Request request)
- {
- return request.getParameter("SAMLRequest");
- }
-
- //***************Catalina Lifecyle methods
- /**
- * The lifecycle event support for this component.
- */
- protected LifecycleSupport lifecycle = new LifecycleSupport(this);
-
- /**
- * Has this component been started yet?
- */
- private boolean started = false;
-
-
-
- /**
- * Add a lifecycle event listener to this component.
- *
- * @param listener The listener to add
- */
- public void addLifecycleListener(LifecycleListener listener)
- {
- lifecycle.addLifecycleListener(listener);
- }
-
-
- /**
- * Get the lifecycle listeners associated with this lifecycle. If this
- * Lifecycle has no listeners registered, a zero-length array is returned.
- */
- public LifecycleListener[] findLifecycleListeners()
- {
- return lifecycle.findLifecycleListeners();
- }
-
-
- /**
- * Remove a lifecycle event listener from this component.
- *
- * @param listener The listener to add
- */
- public void removeLifecycleListener(LifecycleListener listener)
- {
- lifecycle.removeLifecycleListener(listener);
- }
-
-
- /**
- * Prepare for the beginning of active use of the public methods of this
- * component. This method should be called after
<code>configure()</code>,
- * and before any of the public methods of the component are utilized.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that prevents this component from being used
- */
- public void start() throws LifecycleException
- {
- // Validate and update our current component state
- if (started)
- throw new LifecycleException
- ("IDPRedirectValve already Started");
- lifecycle.fireLifecycleEvent(START_EVENT, null);
- started = true;
-
- String configFile = "/WEB-INF/jboss-idfed.xml";
- Context context = (Context) getContainer();
- InputStream is = context.getServletContext().getResourceAsStream(configFile);
- if(is == null)
- throw new RuntimeException(configFile + " missing");
- try
- {
- idpConfiguration = ValveUtil.getIDPConfiguration(is);
- this.identityURL = idpConfiguration.getIdentityURL();
- log.trace("Identity Provider URL=" + this.identityURL);
- this.assertionValidity = idpConfiguration.getAssertionValidity();
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
-
- /**
- * Gracefully terminate the active use of the public methods of this
- * component. This method should be the last one called on a given
- * instance of this component.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that needs to be reported
- */
- public void stop() throws LifecycleException
- {
- // Validate and update our current component state
- if (!started)
- throw new LifecycleException
- ("IDPRedirectValve NotStarted");
- lifecycle.fireLifecycleEvent(STOP_EVENT, null);
- started = false;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,544 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBException;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.LifecycleSupport;
+import org.apache.catalina.valves.ValveBase;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.TrustType;
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.xml.sax.SAXException;
+
+/**
+ * Valve at the IDP that supports the HTTP/Redirect Binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+public class IDPRedirectValve extends ValveBase implements Lifecycle
+{
+ private static Logger log = Logger.getLogger(IDPRedirectValve.class);
+ private boolean trace = log.isTraceEnabled();
+
+ protected IDPType idpConfiguration = null;
+
+ private RoleGenerator rg = new TomcatRoleGenerator();
+
+ private long assertionValidity = 5000; // 5 seconds in miliseconds
+
+ private String identityURL = null;
+
+ public IDPRedirectValve()
+ {
+ super();
+ }
+
+ public void setRoleGenerator(String rgName)
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(rgName);
+ rg = (RoleGenerator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public void invoke(Request request, Response response) throws IOException,
ServletException
+ {
+ boolean containsSAMLRequestMessage = this.hasSAMLRequestMessage(request);
+
+ //Lets check if the user has been authenticated
+ Principal userPrincipal = request.getPrincipal();
+ if(userPrincipal == null)
+ {
+ //Send it for user authentication
+ try
+ {
+ //Next in the invocation chain
+ getNext().invoke(request, response);
+ }
+ finally
+ {
+ String referer = request.getHeader("Referer");
+
+ if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
+ {
+ ResponseType errorResponseType = this.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get());
+ try
+ {
+ send(errorResponseType, request.getParameter("RelayState"),
response);
+ }
+ catch (ParsingException e)
+ {
+ log.error(e);
+ }
+ catch (ProcessingException e)
+ {
+ log.error(e);
+ }
+ return;
+ }
+
+ //User is authenticated as we are on the return path
+ userPrincipal = request.getPrincipal();
+ if(userPrincipal != null)
+ {
+ //Send valid saml response after processing the request
+ if(containsSAMLRequestMessage)
+ {
+ RequestAbstractType requestAbstractType = null;
+ try
+ {
+ requestAbstractType = getSAMLRequest(request);
+ boolean isValid = this.validate(request);
+ if(!isValid)
+ throw new GeneralSecurityException("Validity Checks
Failed");
+
+ this.isTrusted(requestAbstractType.getIssuer().getValue());
+
+ ResponseType responseType = this.getResponse(request,
userPrincipal);
+ send(responseType, request.getParameter("RelayState"),
response);
+ }
+ catch (Exception e)
+ {
+ log.error("Exception:" ,e);
+ if(requestAbstractType != null)
+ referer = requestAbstractType.getIssuer().getValue();
+ ResponseType errorResponseType = this.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_RESPONDER.get());
+ try
+ {
+ send(errorResponseType,
request.getParameter("RelayState"), response);
+ }
+ catch (ParsingException e1)
+ {
+ log.error(e1);
+ }
+ catch (ProcessingException e1)
+ {
+ log.error(e1);
+ }
+ }
+ }
+ else
+ {
+ log.error("No SAML Request Message");
+ if(trace)
+ log.trace("Referer="+referer);
+ throw new ServletException("No SAML Request Message");
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Verify that the issuer is trusted
+ * @param issuer
+ * @throws IssuerNotTrustedException
+ */
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ TrustType idpTrust = idpConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ protected void send(ResponseType responseType, String relayState, Response response)
+ throws ParsingException, ProcessingException
+ {
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Response.marshall(responseType, baos);
+
+ String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
+
+ String destination = responseType.getDestination();
+ if(trace) log.trace("IDP:Destination=" + destination);
+
+ if(relayState != null && relayState.length() > 0)
+ relayState = RedirectBindingUtil.urlEncode(relayState);
+
+ String finalDest = destination + this.getDestination(urlEncodedResponse,
relayState);
+ HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+
+ /**
+ * Generate a Destination URL for the HTTPRedirect binding
+ * with the saml response and relay state
+ * @param urlEncodedResponse
+ * @param urlEncodedRelayState
+ * @return
+ */
+ protected String getDestination(String urlEncodedResponse, String
urlEncodedRelayState)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?SAMLResponse=").append(urlEncodedResponse);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+ }
+
+ /**
+ * Validate the incoming Request
+ * @param request
+ * @return
+ */
+ protected boolean validate(Request request) throws
IOException,GeneralSecurityException
+ {
+ return this.hasSAMLRequestMessage(request);
+ }
+
+ private boolean hasSAMLRequestMessage(Request request)
+ {
+ return request.getParameter("SAMLRequest") != null;
+ }
+
+ private RequestAbstractType getSAMLRequest(Request request) throws ParsingException,
IOException
+ {
+ String samlMessage = getSAMLMessage(request);
+ InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ SAML2Request saml2Request = new SAML2Request();
+ return saml2Request.getRequestType(is);
+ }
+
+
+ /**
+ * Create a response type
+ * @param request
+ * @param userPrincipal
+ * @return
+ * @throws ParsingException
+ * @throws ConfigurationException
+ * @throws ProcessingException
+ */
+ protected ResponseType getResponse(Request request, Principal userPrincipal)
+ throws ParsingException, ConfigurationException, ProcessingException
+ {
+ ResponseType responseType = null;
+
+ String samlMessage = getSAMLMessage(request);
+ InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ SAML2Request saml2Request = new SAML2Request();
+
+ AuthnRequestType authnRequestType = null;
+ try
+ {
+ authnRequestType = saml2Request.getAuthnRequestType(is);
+ }
+ catch (JAXBException e2)
+ {
+ throw new ParsingException(e2);
+ }
+ catch (SAXException e2)
+ {
+ throw new ParsingException(e2);
+ }
+ if(authnRequestType == null)
+ throw new IllegalStateException("AuthnRequest is null");
+
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Request.marshall(authnRequestType, sw);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
+ }
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
+ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(userPrincipal.getName());
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+ //Add information on the roles
+ List<String> roles = rg.generateRoles(userPrincipal);
+ AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+
+ AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+
+ //Add timed conditions
+ try
+ {
+ saml2Response.createTimedConditions(assertion, this.assertionValidity);
+ }
+ catch (IssueInstantMissingException e1)
+ {
+ log.error(e1);
+ }
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("IDPRedirectValve::Response="+sw.toString());
+ }
+
+ return responseType;
+ }
+
+ private ResponseType getErrorResponse(String responseURL, String status) throws
ServletException
+ {
+ try
+ {
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(this.identityURL);
+ issuerHolder.setStatusCode(status);
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ log.trace("ResponseType = ");
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+ log.trace("IDPRedirectValve::Response="+sw.toString());
+ }
+
+ return responseType;
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in getErrorResponse::",e);
+ throw new ServletException(e.getLocalizedMessage());
+ }
+ }
+
+ private String getSAMLMessage(Request request)
+ {
+ return request.getParameter("SAMLRequest");
+ }
+
+ //***************Catalina Lifecyle methods
+ /**
+ * The lifecycle event support for this component.
+ */
+ protected LifecycleSupport lifecycle = new LifecycleSupport(this);
+
+ /**
+ * Has this component been started yet?
+ */
+ private boolean started = false;
+
+
+
+ /**
+ * Add a lifecycle event listener to this component.
+ *
+ * @param listener The listener to add
+ */
+ public void addLifecycleListener(LifecycleListener listener)
+ {
+ lifecycle.addLifecycleListener(listener);
+ }
+
+
+ /**
+ * Get the lifecycle listeners associated with this lifecycle. If this
+ * Lifecycle has no listeners registered, a zero-length array is returned.
+ */
+ public LifecycleListener[] findLifecycleListeners()
+ {
+ return lifecycle.findLifecycleListeners();
+ }
+
+
+ /**
+ * Remove a lifecycle event listener from this component.
+ *
+ * @param listener The listener to add
+ */
+ public void removeLifecycleListener(LifecycleListener listener)
+ {
+ lifecycle.removeLifecycleListener(listener);
+ }
+
+
+ /**
+ * Prepare for the beginning of active use of the public methods of this
+ * component. This method should be called after
<code>configure()</code>,
+ * and before any of the public methods of the component are utilized.
+ *
+ * @exception LifecycleException if this component detects a fatal error
+ * that prevents this component from being used
+ */
+ public void start() throws LifecycleException
+ {
+ // Validate and update our current component state
+ if (started)
+ throw new LifecycleException
+ ("IDPRedirectValve already Started");
+ lifecycle.fireLifecycleEvent(START_EVENT, null);
+ started = true;
+
+ String configFile = "/WEB-INF/jboss-idfed.xml";
+ Context context = (Context) getContainer();
+ InputStream is = context.getServletContext().getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
+ this.identityURL = idpConfiguration.getIdentityURL();
+ if(trace)
+ log.trace("Identity Provider URL=" + this.identityURL);
+ this.assertionValidity = idpConfiguration.getAssertionValidity();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+ /**
+ * Gracefully terminate the active use of the public methods of this
+ * component. This method should be the last one called on a given
+ * instance of this component.
+ *
+ * @exception LifecycleException if this component detects a fatal error
+ * that needs to be reported
+ */
+ public void stop() throws LifecycleException
+ {
+ // Validate and update our current component state
+ if (!started)
+ throw new LifecycleException
+ ("IDPRedirectValve NotStarted");
+ lifecycle.fireLifecycleEvent(STOP_EVENT, null);
+ started = false;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,270 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.idp;
-
-import java.io.IOException;
-import java.io.StringReader;
-import java.io.StringWriter;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import javax.crypto.SecretKey;
-import javax.xml.bind.JAXBException;
-import javax.xml.namespace.QName;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.connector.Request;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.web.config.EncryptionType;
-import org.jboss.identity.federation.web.config.KeyProviderType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
-import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-
-/**
- * Valve at the Identity Provider that supports
- * SAML2 HTTP/Redirect binding with digital signature support
- * and xml encryption
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 14, 2009
- */
-public class IDPRedirectWithSignatureValve extends IDPRedirectValve
-{
- private static Logger log = Logger.getLogger(IDPRedirectWithSignatureValve.class);
-
- private boolean ignoreSignature = false;
-
- private TrustKeyManager keyManager;
-
- public IDPRedirectWithSignatureValve()
- {
- super();
- }
-
- /**
- * Indicate whether the signature parameter in the request
- * needs to be ignored
- * @param val
- */
- public void setIgnoreSignature(String val)
- {
- if(val != null && val.length() > 0)
- this.ignoreSignature = Boolean.valueOf(val);
- }
-
- @Override
- public void start() throws LifecycleException
- {
- super.start();
- KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
- try
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
- keyManager.setAuthProperties(keyProvider.getAuth());
- keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
- }
- catch(Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
- log.trace("Key Provider=" + keyProvider.getClassName());
- }
-
- @Override
- protected boolean validate(Request request) throws IOException,
GeneralSecurityException
- {
- boolean result = super.validate(request);
- if( result == false)
- return result;
-
- if(this.ignoreSignature)
- {
- log.trace("Since signature is to be ignored, validation returns");
- return true;
- }
-
- String queryString = request.getQueryString();
- //Check if there is a signature
- byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
- if(sigValue == null)
- return false;
-
- PublicKey validatingKey;
- try
- {
- validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
- }
- catch (TrustKeyConfigurationException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
- catch (TrustKeyProcessingException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
-
- return RedirectBindingSignatureUtil.validateSignature(queryString, validatingKey,
sigValue);
- }
-
- @Override
- protected String getDestination(String urlEncodedResponse, String
urlEncodedRelayState)
- {
- try
- {
- //Get the signing key
- PrivateKey signingKey = keyManager.getSigningKey();
- StringBuffer sb = new StringBuffer();
- String url =
RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, signingKey);
- sb.append("?").append(url);
- return sb.toString();
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- protected ResponseType getResponse(Request request, Principal userPrincipal)
- throws ParsingException, ConfigurationException, ProcessingException
- {
- SAML2Response saml2Response = new SAML2Response();
-
- ResponseType responseType = super.getResponse(request, userPrincipal);
-
- //If there is a configuration to encrypt
- if(this.idpConfiguration.isEncrypt())
- {
- //Need to encrypt the assertion
- String sp = responseType.getDestination();
- if(sp == null)
- throw new IllegalStateException("Unable to handle encryption as SP url
is null");
- try
- {
- URL spurl = new URL(sp);
- PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
- EncryptionType enc = idpConfiguration.getEncryption();
- if(enc == null)
- throw new IllegalStateException("EncryptionType not
configured");
- String encAlgo = enc.getEncAlgo().value();
- int keyLength = enc.getKeySize();
- //Generate a key on the fly
- SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo,
keyLength);
-
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
-
- Document responseDoc = DocumentUtil.getDocument(new
StringReader(sw.toString()));
-
- String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
-
- QName assertionQName = new QName(assertionNS, "EncryptedAssertion",
"saml");
-
- Element encAssertion =
XMLEncryptionUtil.encryptElementInDocument(responseDoc,
- publicKey, sk, keyLength, assertionQName, true);
-
-
- EncryptedElementType eet =
saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
- responseType.getAssertionOrEncryptedAssertion().set(0, eet);
- }
- catch (MalformedURLException e)
- {
- throw new ParsingException(e);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new ConfigurationException(e);
- }
- catch (IOException e)
- {
- throw new ProcessingException(e);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
- catch (Exception e)
- {
- throw new ProcessingException(e);
- }
- }
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("IDPRedirectValveWithSignature::Response="+sw.toString());
- }
- return responseType;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,271 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import javax.crypto.SecretKey;
+import javax.xml.bind.JAXBException;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.web.config.EncryptionType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+
+/**
+ * Valve at the Identity Provider that supports
+ * SAML2 HTTP/Redirect binding with digital signature support
+ * and xml encryption
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 14, 2009
+ */
+public class IDPRedirectWithSignatureValve extends IDPRedirectValve
+{
+ private static Logger log = Logger.getLogger(IDPRedirectWithSignatureValve.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private boolean ignoreSignature = false;
+
+ private TrustKeyManager keyManager;
+
+ public IDPRedirectWithSignatureValve()
+ {
+ super();
+ }
+
+ /**
+ * Indicate whether the signature parameter in the request
+ * needs to be ignored
+ * @param val
+ */
+ public void setIgnoreSignature(String val)
+ {
+ if(val != null && val.length() > 0)
+ this.ignoreSignature = Boolean.valueOf(val);
+ }
+
+ @Override
+ public void start() throws LifecycleException
+ {
+ super.start();
+ KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
+ @Override
+ protected boolean validate(Request request) throws IOException,
GeneralSecurityException
+ {
+ boolean result = super.validate(request);
+ if( result == false)
+ return result;
+
+ if(this.ignoreSignature)
+ {
+ if(trace) log.trace("Since signature is to be ignored, validation
returns");
+ return true;
+ }
+
+ String queryString = request.getQueryString();
+ //Check if there is a signature
+ byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
+ if(sigValue == null)
+ return false;
+
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+
+ return RedirectBindingSignatureUtil.validateSignature(queryString, validatingKey,
sigValue);
+ }
+
+ @Override
+ protected String getDestination(String urlEncodedResponse, String
urlEncodedRelayState)
+ {
+ try
+ {
+ //Get the signing key
+ PrivateKey signingKey = keyManager.getSigningKey();
+ StringBuffer sb = new StringBuffer();
+ String url =
RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, signingKey);
+ sb.append("?").append(url);
+ return sb.toString();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ protected ResponseType getResponse(Request request, Principal userPrincipal)
+ throws ParsingException, ConfigurationException, ProcessingException
+ {
+ SAML2Response saml2Response = new SAML2Response();
+
+ ResponseType responseType = super.getResponse(request, userPrincipal);
+
+ //If there is a configuration to encrypt
+ if(this.idpConfiguration.isEncrypt())
+ {
+ //Need to encrypt the assertion
+ String sp = responseType.getDestination();
+ if(sp == null)
+ throw new IllegalStateException("Unable to handle encryption as SP url
is null");
+ try
+ {
+ URL spurl = new URL(sp);
+ PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
+ EncryptionType enc = idpConfiguration.getEncryption();
+ if(enc == null)
+ throw new IllegalStateException("EncryptionType not
configured");
+ String encAlgo = enc.getEncAlgo().value();
+ int keyLength = enc.getKeySize();
+ //Generate a key on the fly
+ SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo,
keyLength);
+
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+
+ Document responseDoc = DocumentUtil.getDocument(new
StringReader(sw.toString()));
+
+ String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
+
+ QName assertionQName = new QName(assertionNS, "EncryptedAssertion",
"saml");
+
+ Element encAssertion =
XMLEncryptionUtil.encryptElementInDocument(responseDoc,
+ publicKey, sk, keyLength, assertionQName, true);
+
+
+ EncryptedElementType eet =
saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
+ responseType.getAssertionOrEncryptedAssertion().set(0, eet);
+ }
+ catch (MalformedURLException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ if(trace) log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ if(trace) log.trace(e);
+ }
+ log.trace("IDPRedirectValveWithSignature::Response="+sw.toString());
+ }
+ return responseType;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,59 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.idp;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.valves.ValveBase;
-import org.apache.log4j.Logger;
-
-/**
- * Debug Valve on the IDP end that will
- * inform whether the SP is sending the SAMLRequest or not
- * properly
- * @author Anil.Saldhana(a)redhat.com
- * @since May 22, 2009
- */
-public class IDPSAMLDebugValve extends ValveBase
-{
- private static Logger log = Logger.getLogger(IDPSAMLDebugValve.class);
-
- @Override
- public void invoke(Request request, Response response)
- throws IOException, ServletException
- {
- StringBuilder builder = new StringBuilder();
- String param = request.getParameter("SAMLRequest");
- builder.append("Method = " +
request.getMethod()).append("\n");
- builder.append("SAMLRequest=" + param).append("\n");
- builder.append("Parameter exists?="+ param !=
null).append("\n");
- String debugInfo = builder.toString();
- log.debug("SP Sent::"+ debugInfo);
-
- getNext().invoke(request, response);
- }
-
-}
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,60 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.valves.ValveBase;
+import org.apache.log4j.Logger;
+
+/**
+ * Debug Valve on the IDP end that will
+ * inform whether the SP is sending the SAMLRequest or not
+ * properly
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 22, 2009
+ */
+public class IDPSAMLDebugValve extends ValveBase
+{
+ private static Logger log = Logger.getLogger(IDPSAMLDebugValve.class);
+ private boolean debugEnabled = log.isDebugEnabled();
+ @Override
+ public void invoke(Request request, Response response)
+ throws IOException, ServletException
+ {
+ StringBuilder builder = new StringBuilder();
+ String param = request.getParameter("SAMLRequest");
+ builder.append("Method = " +
request.getMethod()).append("\n");
+ builder.append("SAMLRequest=" + param).append("\n");
+ builder.append("Parameter exists?="+ param !=
null).append("\n");
+ String debugInfo = builder.toString();
+ if(debugEnabled)
+ log.debug("SP Sent::"+ debugInfo);
+
+ getNext().invoke(request, response);
+ }
+
+}
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,547 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.idp;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.Session;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.util.LifecycleSupport;
-import org.apache.catalina.valves.ValveBase;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.KeyProviderType;
-import org.jboss.identity.federation.web.interfaces.RoleGenerator;
-import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.w3c.dom.Document;
-
-/**
- * Generic Web Browser SSO valve for the IDP
- *
- * Handles both the SAML Redirect as well as Post Bindings
- *
- * Note: Most of the work is done by {@code IDPWebRequestUtil}
- * @author Anil.Saldhana(a)redhat.com
- * @since May 18, 2009
- */
-public class IDPWebBrowserSSOValve extends ValveBase implements Lifecycle
-{
- private static Logger log = Logger.getLogger(IDPWebBrowserSSOValve.class);
-
- protected IDPType idpConfiguration = null;
-
- private RoleGenerator rg = new TomcatRoleGenerator();
-
- private long assertionValidity = 5000; // 5 seconds in miliseconds
-
- private String identityURL = null;
-
- private TrustKeyManager keyManager;
-
- private Boolean ignoreIncomingSignatures = true;
-
- private Boolean signOutgoingMessages = true;
-
- public Boolean getIgnoreIncomingSignatures()
- {
- return ignoreIncomingSignatures;
- }
-
- public void setIgnoreIncomingSignatures(Boolean ignoreIncomingSignature)
- {
- this.ignoreIncomingSignatures = ignoreIncomingSignature;
- }
-
- public Boolean getSignOutgoingMessages()
- {
- return signOutgoingMessages;
- }
-
- public void setSignOutgoingMessages(Boolean signOutgoingMessages)
- {
- this.signOutgoingMessages = signOutgoingMessages;
- }
-
- @Override
- public void invoke(Request request, Response response) throws IOException,
ServletException
- {
- String referer = request.getHeader("Referer");
- String relayState = request.getParameter("RelayState");
- String samlMessage = request.getParameter("SAMLRequest");
- String signature = request.getParameter("Signature");
- String sigAlg = request.getParameter("SigAlg");
-
- boolean containsSAMLRequestMessage = samlMessage != null;
-
- Session session = request.getSessionInternal();
-
- if(containsSAMLRequestMessage)
- {
- log.trace("Storing the SAMLRequest and RelayState in session");
- session.setNote("SAMLRequest", samlMessage);
- if(relayState != null && relayState.length() > 0)
- session.setNote("RelayState", relayState.trim());
- if(signature != null && signature.length() > 0)
- session.setNote("Signature", signature.trim());
- if(sigAlg != null && sigAlg.length() > 0)
- session.setNote("sigAlg", sigAlg.trim());
- }
-
- //Lets check if the user has been authenticated
- Principal userPrincipal = request.getPrincipal();
- if(userPrincipal == null)
- {
- try
- {
- //Next in the invocation chain
- getNext().invoke(request, response);
- }
- finally
- {
- userPrincipal = request.getPrincipal();
- referer = request.getHeader("Referer");
- log.debug("Referer in finally block="+ referer + ":user
principal=" + userPrincipal);
- }
- }
-
-
- IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration,
keyManager);
-
- Document samlErrorResponse = null;
- //Look for unauthorized status
- if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
- {
- try
- {
- samlErrorResponse =
- webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
-
- if(this.signOutgoingMessages)
- webRequestUtil.send(samlErrorResponse, referer, relayState, response,
true,
- this.keyManager.getSigningKey());
- else
- webRequestUtil.send(samlErrorResponse, referer,relayState, response,
false,null);
-
- }
- catch (GeneralSecurityException e)
- {
- throw new ServletException(e);
- }
- return;
- }
-
- if(userPrincipal != null)
- {
- /**
- * Since the container has finished the authentication,
- * we can retrieve the original saml message as well as
- * any relay state from the SP
- */
- samlMessage = (String) session.getNote("SAMLRequest");
- relayState = (String) session.getNote("RelayState");
- signature = (String) session.getNote("Signature");
- sigAlg = (String) session.getNote("sigAlg");
-
- log.trace("Retrieved saml message and relay state from session");
- log.trace("saml message=" + samlMessage + "::relay state="+
relayState);
- log.trace("Signature=" + signature + "::sigAlg="+ sigAlg);
-
-
- session.removeNote("SAMLRequest");
-
- if(relayState != null && relayState.length() > 0)
- session.removeNote("RelayState");
-
- if(signature != null && signature.length() > 0)
- session.removeNote("Signature");
- if(sigAlg != null && sigAlg.length() > 0)
- session.removeNote("sigAlg");
-
- //Send valid saml response after processing the request
- if(samlMessage != null)
- {
- //Get the SAML Request Message
- RequestAbstractType requestAbstractType = null;
- Document samlResponse = null;
- String destination = null;
- try
- {
- requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
- boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
- boolean isValid = validate(request.getRemoteAddr(),
- request.getQueryString(),
- new SessionHolder(samlMessage, signature, sigAlg), isPost);
- if(!isValid)
- throw new GeneralSecurityException("Validation check
failed");
-
- webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
-
- List<String> roles = rg.generateRoles(userPrincipal);
-
- log.trace("Roles have been determined:Creating response");
-
- AuthnRequestType art = (AuthnRequestType) requestAbstractType;
- destination = art.getAssertionConsumerServiceURL();
-
- samlResponse =
- webRequestUtil.getResponse(destination,
- userPrincipal, roles,
- this.identityURL, this.assertionValidity,
this.signOutgoingMessages);
- }
- catch (IssuerNotTrustedException e)
- {
- log.trace(e);
-
- samlResponse =
- webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (ParsingException e)
- {
- log.trace(e);
-
- samlResponse =
- webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (ConfigurationException e)
- {
- log.trace(e);
-
- samlResponse =
- webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (IssueInstantMissingException e)
- {
- log.trace(e);
-
- samlResponse =
- webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch(GeneralSecurityException e)
- {
- log.trace(e);
-
- samlResponse =
- webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- finally
- {
- try
- {
- if(webRequestUtil.hasSAMLRequestInPostProfile())
- recycle(response);
-
- if(this.signOutgoingMessages)
- webRequestUtil.send(samlResponse, destination,relayState,
response, true,
- this.keyManager.getSigningKey());
- else
- webRequestUtil.send(samlResponse, destination, relayState,
response, false,null);
- }
- catch (ParsingException e)
- {
- log.trace(e);
- }
- catch (GeneralSecurityException e)
- {
- log.trace(e);
- }
- }
- return;
- }
- else
- {
- log.error("No SAML Request Message");
- log.trace("Referer="+referer);
-
- try
- {
- sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
- }
- catch (ConfigurationException e)
- {
- log.trace(e);
- }
- }
- }
- }
-
- protected void sendErrorResponseToSP(String referrer, Response response, String
relayState,
- IDPWebRequestUtil webRequestUtil) throws ServletException, IOException,
ConfigurationException
- {
- log.trace("About to send error response to SP:" + referrer);
-
- Document samlResponse =
- webRequestUtil.getErrorResponse(referrer,
JBossSAMLURIConstants.STATUS_RESPONDER.get(),
- this.identityURL, this.signOutgoingMessages);
- try
- {
- if(webRequestUtil.hasSAMLRequestInPostProfile())
- recycle(response);
-
- if(this.signOutgoingMessages)
- webRequestUtil.send(samlResponse, referrer, relayState, response, true,
- this.keyManager.getSigningKey());
- else
- webRequestUtil.send(samlResponse, referrer, relayState, response,
false,null);
- }
- catch (ParsingException e1)
- {
- throw new ServletException(e1);
- }
- catch (GeneralSecurityException e)
- {
- throw new ServletException(e);
- }
- }
-
- protected boolean validate(String remoteAddress,
- String queryString,
- SessionHolder holder, boolean isPost) throws IOException,
GeneralSecurityException
- {
- if (holder.samlRequest == null || holder.samlRequest.length() == 0)
- {
- return false;
- }
-
- if (!this.ignoreIncomingSignatures && !isPost)
- {
- String sig = holder.signature;
- if (sig == null || sig.length() == 0)
- {
- log.error("Signature received from SP is null:" + remoteAddress);
- return false;
- }
-
- //Check if there is a signature
- byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
- if(sigValue == null)
- return false;
-
- PublicKey validatingKey;
- try
- {
- validatingKey = keyManager.getValidatingKey(remoteAddress);
- }
- catch (TrustKeyConfigurationException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
- catch (TrustKeyProcessingException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
-
- return RedirectBindingSignatureUtil.validateSignature(queryString,
validatingKey, sigValue);
- }
- else
- {
- //Post binding no signature verification. The SAML message signature is
verified
- return true;
- }
- }
-
- //***************Lifecycle
- /**
- * The lifecycle event support for this component.
- */
- protected LifecycleSupport lifecycle = new LifecycleSupport(this);
-
- /**
- * Has this component been started yet?
- */
- private boolean started = false;
-
- /**
- * Add a lifecycle event listener to this component.
- *
- * @param listener The listener to add
- */
- public void addLifecycleListener(LifecycleListener listener)
- {
- lifecycle.addLifecycleListener(listener);
- }
-
-
- /**
- * Get the lifecycle listeners associated with this lifecycle. If this
- * Lifecycle has no listeners registered, a zero-length array is returned.
- */
- public LifecycleListener[] findLifecycleListeners()
- {
- return lifecycle.findLifecycleListeners();
- }
-
-
- /**
- * Remove a lifecycle event listener from this component.
- *
- * @param listener The listener to add
- */
- public void removeLifecycleListener(LifecycleListener listener)
- {
- lifecycle.removeLifecycleListener(listener);
- }
-
-
- /**
- * Prepare for the beginning of active use of the public methods of this
- * component. This method should be called after
<code>configure()</code>,
- * and before any of the public methods of the component are utilized.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that prevents this component from being used
- */
- public void start() throws LifecycleException
- {
- // Validate and update our current component state
- if (started)
- throw new LifecycleException
- ("IDPRedirectValve already Started");
- lifecycle.fireLifecycleEvent(START_EVENT, null);
- started = true;
-
- String configFile = "/WEB-INF/jboss-idfed.xml";
- Context context = (Context) getContainer();
- InputStream is = context.getServletContext().getResourceAsStream(configFile);
- if(is == null)
- throw new RuntimeException(configFile + " missing");
- try
- {
- idpConfiguration = ValveUtil.getIDPConfiguration(is);
- this.identityURL = idpConfiguration.getIdentityURL();
- log.trace("Identity Provider URL=" + this.identityURL);
- this.assertionValidity = idpConfiguration.getAssertionValidity();
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
-
- if(this.signOutgoingMessages)
- {
- KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
- if(keyProvider == null)
- throw new LifecycleException("Key Provider is null for context=" +
context.getName());
-
- try
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
- keyManager.setAuthProperties(keyProvider.getAuth());
- keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
- }
- catch(Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
- log.trace("Key Provider=" + keyProvider.getClassName());
- }
- }
-
-
- /**
- * Gracefully terminate the active use of the public methods of this
- * component. This method should be the last one called on a given
- * instance of this component.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that needs to be reported
- */
- public void stop() throws LifecycleException
- {
- // Validate and update our current component state
- if (!started)
- throw new LifecycleException
- ("IDPRedirectValve NotStarted");
- lifecycle.fireLifecycleEvent(STOP_EVENT, null);
- started = false;
- }
- //Private Methods
-
- protected class SessionHolder
- {
- String samlRequest;
- String signature;
- String sigAlg;
-
- public SessionHolder(String req, String sig, String alg)
- {
- this.samlRequest = req;
- this.signature = sig;
- this.sigAlg = alg;
- }
- }
-
- private void recycle(Response response)
- {
- /**
- * Since the container finished authentication, it will try to locate
- * index.jsp or index.html. We need to recycle whatever is in the
- * response object such that we direct it to the html that is being
- * created as part of the HTTP/POST binding
- */
- response.recycle();
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,564 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Session;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.LifecycleSupport;
+import org.apache.catalina.valves.ValveBase;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.w3c.dom.Document;
+
+/**
+ * Generic Web Browser SSO valve for the IDP
+ *
+ * Handles both the SAML Redirect as well as Post Bindings
+ *
+ * Note: Most of the work is done by {@code IDPWebRequestUtil}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 18, 2009
+ */
+public class IDPWebBrowserSSOValve extends ValveBase implements Lifecycle
+{
+ private static Logger log = Logger.getLogger(IDPWebBrowserSSOValve.class);
+ private boolean trace = log.isTraceEnabled();
+
+ protected IDPType idpConfiguration = null;
+
+ private RoleGenerator rg = new TomcatRoleGenerator();
+
+ private long assertionValidity = 5000; // 5 seconds in miliseconds
+
+ private String identityURL = null;
+
+ private TrustKeyManager keyManager;
+
+ private Boolean ignoreIncomingSignatures = true;
+
+ private Boolean signOutgoingMessages = true;
+
+ public Boolean getIgnoreIncomingSignatures()
+ {
+ return ignoreIncomingSignatures;
+ }
+
+ public void setIgnoreIncomingSignatures(Boolean ignoreIncomingSignature)
+ {
+ this.ignoreIncomingSignatures = ignoreIncomingSignature;
+ }
+
+ public Boolean getSignOutgoingMessages()
+ {
+ return signOutgoingMessages;
+ }
+
+ public void setSignOutgoingMessages(Boolean signOutgoingMessages)
+ {
+ this.signOutgoingMessages = signOutgoingMessages;
+ }
+
+ public void setRoleGenerator(String rgName)
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(rgName);
+ rg = (RoleGenerator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public void invoke(Request request, Response response) throws IOException,
ServletException
+ {
+ String referer = request.getHeader("Referer");
+ String relayState = request.getParameter("RelayState");
+ String samlMessage = request.getParameter("SAMLRequest");
+ String signature = request.getParameter("Signature");
+ String sigAlg = request.getParameter("SigAlg");
+
+ boolean containsSAMLRequestMessage = samlMessage != null;
+
+ Session session = request.getSessionInternal();
+
+ if(containsSAMLRequestMessage)
+ {
+ if(trace) log.trace("Storing the SAMLRequest and RelayState in
session");
+ session.setNote("SAMLRequest", samlMessage);
+ if(relayState != null && relayState.length() > 0)
+ session.setNote("RelayState", relayState.trim());
+ if(signature != null && signature.length() > 0)
+ session.setNote("Signature", signature.trim());
+ if(sigAlg != null && sigAlg.length() > 0)
+ session.setNote("sigAlg", sigAlg.trim());
+ }
+
+ //Lets check if the user has been authenticated
+ Principal userPrincipal = request.getPrincipal();
+ if(userPrincipal == null)
+ {
+ try
+ {
+ //Next in the invocation chain
+ getNext().invoke(request, response);
+ }
+ finally
+ {
+ userPrincipal = request.getPrincipal();
+ referer = request.getHeader("Referer");
+ if(trace)
+ log.trace("Referer in finally block="+ referer + ":user
principal=" + userPrincipal);
+ }
+ }
+
+
+ IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration,
keyManager);
+
+ Document samlErrorResponse = null;
+ //Look for unauthorized status
+ if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
+ {
+ try
+ {
+ samlErrorResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlErrorResponse, referer, relayState, response,
true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlErrorResponse, referer,relayState, response,
false,null);
+
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new ServletException(e);
+ }
+ return;
+ }
+
+ if(userPrincipal != null)
+ {
+ /**
+ * Since the container has finished the authentication,
+ * we can retrieve the original saml message as well as
+ * any relay state from the SP
+ */
+ samlMessage = (String) session.getNote("SAMLRequest");
+ relayState = (String) session.getNote("RelayState");
+ signature = (String) session.getNote("Signature");
+ sigAlg = (String) session.getNote("sigAlg");
+
+ if(trace)
+ {
+ log.trace("Retrieved saml message and relay state from session");
+ log.trace("saml message=" + samlMessage + "::relay
state="+ relayState);
+ log.trace("Signature=" + signature + "::sigAlg="+
sigAlg);
+ }
+
+ session.removeNote("SAMLRequest");
+
+ if(relayState != null && relayState.length() > 0)
+ session.removeNote("RelayState");
+
+ if(signature != null && signature.length() > 0)
+ session.removeNote("Signature");
+ if(sigAlg != null && sigAlg.length() > 0)
+ session.removeNote("sigAlg");
+
+ //Send valid saml response after processing the request
+ if(samlMessage != null)
+ {
+ //Get the SAML Request Message
+ RequestAbstractType requestAbstractType = null;
+ Document samlResponse = null;
+ String destination = null;
+ try
+ {
+ requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
+ boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
+ boolean isValid = validate(request.getRemoteAddr(),
+ request.getQueryString(),
+ new SessionHolder(samlMessage, signature, sigAlg), isPost);
+ if(!isValid)
+ throw new GeneralSecurityException("Validation check
failed");
+
+ webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
+
+ List<String> roles = rg.generateRoles(userPrincipal);
+
+ log.trace("Roles have been determined:Creating response");
+
+ AuthnRequestType art = (AuthnRequestType) requestAbstractType;
+ destination = art.getAssertionConsumerServiceURL();
+
+ samlResponse =
+ webRequestUtil.getResponse(destination,
+ userPrincipal, roles,
+ this.identityURL, this.assertionValidity,
this.signOutgoingMessages);
+ }
+ catch (IssuerNotTrustedException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (ParsingException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (ConfigurationException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (IssueInstantMissingException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch(GeneralSecurityException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ finally
+ {
+ try
+ {
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, destination,relayState,
response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, destination, relayState,
response, false,null);
+ }
+ catch (ParsingException e)
+ {
+ if(trace) log.trace(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ return;
+ }
+ else
+ {
+ log.error("No SAML Request Message");
+ if(trace) log.trace("Referer="+referer);
+
+ try
+ {
+ sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ }
+ catch (ConfigurationException e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ }
+ }
+
+ protected void sendErrorResponseToSP(String referrer, Response response, String
relayState,
+ IDPWebRequestUtil webRequestUtil) throws ServletException, IOException,
ConfigurationException
+ {
+ if(trace) log.trace("About to send error response to SP:" + referrer);
+
+ Document samlResponse =
+ webRequestUtil.getErrorResponse(referrer,
JBossSAMLURIConstants.STATUS_RESPONDER.get(),
+ this.identityURL, this.signOutgoingMessages);
+ try
+ {
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, referrer, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, referrer, relayState, response,
false,null);
+ }
+ catch (ParsingException e1)
+ {
+ throw new ServletException(e1);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new ServletException(e);
+ }
+ }
+
+ protected boolean validate(String remoteAddress,
+ String queryString,
+ SessionHolder holder, boolean isPost) throws IOException,
GeneralSecurityException
+ {
+ if (holder.samlRequest == null || holder.samlRequest.length() == 0)
+ {
+ return false;
+ }
+
+ if (!this.ignoreIncomingSignatures && !isPost)
+ {
+ String sig = holder.signature;
+ if (sig == null || sig.length() == 0)
+ {
+ log.error("Signature received from SP is null:" + remoteAddress);
+ return false;
+ }
+
+ //Check if there is a signature
+ byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
+ if(sigValue == null)
+ return false;
+
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(remoteAddress);
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+
+ return RedirectBindingSignatureUtil.validateSignature(queryString,
validatingKey, sigValue);
+ }
+ else
+ {
+ //Post binding no signature verification. The SAML message signature is
verified
+ return true;
+ }
+ }
+
+ //***************Lifecycle
+ /**
+ * The lifecycle event support for this component.
+ */
+ protected LifecycleSupport lifecycle = new LifecycleSupport(this);
+
+ /**
+ * Has this component been started yet?
+ */
+ private boolean started = false;
+
+ /**
+ * Add a lifecycle event listener to this component.
+ *
+ * @param listener The listener to add
+ */
+ public void addLifecycleListener(LifecycleListener listener)
+ {
+ lifecycle.addLifecycleListener(listener);
+ }
+
+
+ /**
+ * Get the lifecycle listeners associated with this lifecycle. If this
+ * Lifecycle has no listeners registered, a zero-length array is returned.
+ */
+ public LifecycleListener[] findLifecycleListeners()
+ {
+ return lifecycle.findLifecycleListeners();
+ }
+
+
+ /**
+ * Remove a lifecycle event listener from this component.
+ *
+ * @param listener The listener to add
+ */
+ public void removeLifecycleListener(LifecycleListener listener)
+ {
+ lifecycle.removeLifecycleListener(listener);
+ }
+
+
+ /**
+ * Prepare for the beginning of active use of the public methods of this
+ * component. This method should be called after
<code>configure()</code>,
+ * and before any of the public methods of the component are utilized.
+ *
+ * @exception LifecycleException if this component detects a fatal error
+ * that prevents this component from being used
+ */
+ public void start() throws LifecycleException
+ {
+ // Validate and update our current component state
+ if (started)
+ throw new LifecycleException
+ ("IDPRedirectValve already Started");
+ lifecycle.fireLifecycleEvent(START_EVENT, null);
+ started = true;
+
+ String configFile = "/WEB-INF/jboss-idfed.xml";
+ Context context = (Context) getContainer();
+ InputStream is = context.getServletContext().getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
+ this.identityURL = idpConfiguration.getIdentityURL();
+ if(trace) log.trace("Identity Provider URL=" + this.identityURL);
+ this.assertionValidity = idpConfiguration.getAssertionValidity();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ if(this.signOutgoingMessages)
+ {
+ KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new LifecycleException("Key Provider is null for context=" +
context.getName());
+
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+ }
+
+
+ /**
+ * Gracefully terminate the active use of the public methods of this
+ * component. This method should be the last one called on a given
+ * instance of this component.
+ *
+ * @exception LifecycleException if this component detects a fatal error
+ * that needs to be reported
+ */
+ public void stop() throws LifecycleException
+ {
+ // Validate and update our current component state
+ if (!started)
+ throw new LifecycleException
+ ("IDPRedirectValve NotStarted");
+ lifecycle.fireLifecycleEvent(STOP_EVENT, null);
+ started = false;
+ }
+ //Private Methods
+
+ protected class SessionHolder
+ {
+ String samlRequest;
+ String signature;
+ String sigAlg;
+
+ public SessionHolder(String req, String sig, String alg)
+ {
+ this.samlRequest = req;
+ this.signature = sig;
+ this.sigAlg = alg;
+ }
+ }
+
+ private void recycle(Response response)
+ {
+ /**
+ * Since the container finished authentication, it will try to locate
+ * index.jsp or index.html. We need to recycle whatever is in the
+ * response object such that we direct it to the html that is being
+ * created as part of the HTTP/POST binding
+ */
+ response.recycle();
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,98 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.sp;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.authenticator.FormAuthenticator;
-import org.apache.catalina.connector.Request;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.web.config.SPType;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-
-/**
- * Base Class for Form Authenticators
- * @author Anil.Saldhana(a)redhat.com
- * @since Jun 9, 2009
- */
-public class BaseFormAuthenticator extends FormAuthenticator
-{
- private static Logger log = Logger.getLogger(BaseFormAuthenticator.class);
-
- protected SPType spConfiguration = null;
-
- protected String serviceURL = null;
- protected String identityURL = null;
-
- protected String configFile = "/WEB-INF/jboss-idfed.xml";
-
- public BaseFormAuthenticator()
- {
- super();
- }
-
- public String getConfigFile()
- {
- return configFile;
- }
-
- public void setConfigFile(String configFile)
- {
- this.configFile = configFile;
- }
-
- /**
- * Perform validation os the request object
- * @param request
- * @return
- * @throws IOException
- * @throws GeneralSecurityException
- */
- protected boolean validate(Request request) throws IOException,
GeneralSecurityException
- {
- return request.getParameter("SAMLResponse") != null;
- }
-
- @Override
- public void start() throws LifecycleException
- {
- super.start();
-
- InputStream is = context.getServletContext().getResourceAsStream(configFile);
- if(is == null)
- throw new RuntimeException(configFile + " missing");
- try
- {
- spConfiguration = ValveUtil.getSPConfiguration(is);
- this.identityURL = spConfiguration.getIdentityURL();
- this.serviceURL = spConfiguration.getServiceURL();
- log.trace("Identity Provider URL=" + this.identityURL);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,99 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.authenticator.FormAuthenticator;
+import org.apache.catalina.connector.Request;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.web.config.SPType;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+
+/**
+ * Base Class for Form Authenticators
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jun 9, 2009
+ */
+public class BaseFormAuthenticator extends FormAuthenticator
+{
+ private static Logger log = Logger.getLogger(BaseFormAuthenticator.class);
+ private boolean trace = log.isTraceEnabled();
+
+ protected SPType spConfiguration = null;
+
+ protected String serviceURL = null;
+ protected String identityURL = null;
+
+ protected String configFile = "/WEB-INF/jboss-idfed.xml";
+
+ public BaseFormAuthenticator()
+ {
+ super();
+ }
+
+ public String getConfigFile()
+ {
+ return configFile;
+ }
+
+ public void setConfigFile(String configFile)
+ {
+ this.configFile = configFile;
+ }
+
+ /**
+ * Perform validation os the request object
+ * @param request
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ protected boolean validate(Request request) throws IOException,
GeneralSecurityException
+ {
+ return request.getParameter("SAMLResponse") != null;
+ }
+
+ @Override
+ public void start() throws LifecycleException
+ {
+ super.start();
+
+ InputStream is = context.getServletContext().getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ spConfiguration = ConfigurationUtil.getSPConfiguration(is);
+ this.identityURL = spConfiguration.getIdentityURL();
+ this.serviceURL = spConfiguration.getServiceURL();
+ if(trace) log.trace("Identity Provider URL=" + this.identityURL);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,269 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.sp;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
-
-import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.Constants;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.web.config.TrustType;
-import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
-import org.jboss.identity.federation.web.util.PostBindingUtil;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.xml.sax.SAXException;
-
-/**
- * Authenticator at the Service Provider
- * that handles HTTP/Post binding of SAML 2
- * but falls back on Form Authentication
- *
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 12, 2008
- */
-public class SPPostFormAuthenticator extends BaseFormAuthenticator
-{
- private static Logger log = Logger.getLogger(SPPostFormAuthenticator.class);
-
- public SPPostFormAuthenticator()
- {
- super();
- }
-
- @Override
- public boolean authenticate(Request request, Response response, LoginConfig
loginConfig) throws IOException
- {
- SPUtil spUtil = new SPUtil();
-
- Principal principal = request.getUserPrincipal();
- if (principal != null)
- {
- log.debug("Already authenticated '" + principal.getName() +
"'");
- return true;
- }
-
- Session session = request.getSessionInternal(true);
- String relayState = request.getParameter("RelayState");
-
- //Try to get the username
- try
- {
- principal = (GenericPrincipal) process(request,response);
-
- if(principal == null)
- {
- AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL,
identityURL);
- sendRequestToIDP(authnRequest, relayState, response);
- return false;
- }
-
- String username = principal.getName();
- String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
-
- //Map to JBoss specific principal
- if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
- {
- GenericPrincipal gp = (GenericPrincipal) principal;
- //Push a context
- ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
- principal = context.getRealm().authenticate(username, password);
- ServiceProviderSAMLContext.clear();
- }
-
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- request.setUserPrincipal(principal);
- register(request, response, principal, Constants.FORM_METHOD, username,
password);
-
- return true;
- }
- catch(AssertionExpiredException aie)
- {
- log.debug("Assertion has expired. Issuing a new saml2 request to the
IDP");
- try
- {
- AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL,
identityURL);
- sendRequestToIDP(authnRequest, relayState, response);
- }
- catch (Exception e)
- {
- log.trace("Exception:",e);
- }
- return false;
- }
- catch(Exception e)
- {
- log.debug("Exception :",e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
-
- //fallback
- return super.authenticate(request, response, loginConfig);
- }
-
- protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
Response response)
- throws IOException, SAXException, JAXBException,GeneralSecurityException
- {
- SAML2Request saml2Request = new SAML2Request();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(authnRequest, baos);
-
- String samlMessage = PostBindingUtil.base64Encode(baos.toString());
- String destination = authnRequest.getDestination();
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
- response, true);
- }
-
- protected AuthnRequestType createSAMLRequestMessage(String relayState, Response
response)
- throws ServletException, ConfigurationException
- {
- //create a saml request
- if(this.serviceURL == null)
- throw new ServletException("serviceURL is not configured");
-
- SPUtil spUtil = new SPUtil();
- return spUtil.createSAMLRequest(serviceURL, identityURL);
- }
-
- protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?SAMLRequest=").append(urlEncodedRequest);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- sb.append("&RelayState=").append(urlEncodedRelayState);
- return sb.toString();
- }
-
- protected void isTrusted(String issuer) throws IssuerNotTrustedException
- {
- try
- {
- String issuerDomain = ValveUtil.getDomain(issuer);
- TrustType idpTrust = spConfiguration.getTrust();
- if(idpTrust != null)
- {
- String domainsTrusted = idpTrust.getDomains();
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- throw new IssuerNotTrustedException(issuer);
- }
- }
- catch (Exception e)
- {
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
- }
- }
-
- /**
- * Subclasses should provide the implementation
- * @param responseType ResponseType that contains the encrypted assertion
- * @return response type with the decrypted assertion
- */
- protected ResponseType decryptAssertion(ResponseType responseType)
- {
- throw new RuntimeException("This authenticator does not handle
encryption");
- }
-
- private Principal process(Request request, Response response)
- throws JAXBException, SAXException, IssuerNotTrustedException,
- AssertionExpiredException, ConfigurationException, GeneralSecurityException
- {
- Principal userPrincipal = null;
-
- String samlResponse = request.getParameter("SAMLResponse");
- if(samlResponse != null && samlResponse.length() > 0 )
- {
- boolean isValid = false;
- try
- {
- isValid = this.validate(request);
- }
- catch (IOException e)
- {
- throw new GeneralSecurityException(e);
- }
- if(!isValid)
- throw new GeneralSecurityException("Validity check failed");
-
- //deal with SAML response from IDP
- byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
- InputStream is = new ByteArrayInputStream(base64DecodedResponse);
-
- SAML2Response saml2Response = new SAML2Response();
-
- ResponseType responseType = saml2Response.getResponseType(is);
-
- SAMLDocumentHolder samlDocumentHolder = saml2Response.getSamlDocumentHolder();
-
- boolean validSignature = this.verifySignature(samlDocumentHolder);
-
- if(validSignature == false)
- throw new IssuerNotTrustedException("Signature in saml document is
invalid");
-
- this.isTrusted(responseType.getIssuer().getValue());
-
- List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
- if(assertions.size() == 0)
- throw new IllegalStateException("No assertions in reply from IDP");
-
- Object assertion = assertions.get(0);
- if(assertion instanceof EncryptedElementType)
- {
- responseType = this.decryptAssertion(responseType);
- }
-
- SPUtil spUtil = new SPUtil();
- return spUtil.handleSAMLResponse(request, responseType);
- }
- return userPrincipal;
- }
-
- protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws
IssuerNotTrustedException
- {
- //this authenticator does not deal with signatures.
- return true;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,273 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBException;
+
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.web.config.TrustType;
+import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.xml.sax.SAXException;
+
+/**
+ * Authenticator at the Service Provider
+ * that handles HTTP/Post binding of SAML 2
+ * but falls back on Form Authentication
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 12, 2008
+ */
+public class SPPostFormAuthenticator extends BaseFormAuthenticator
+{
+ private static Logger log = Logger.getLogger(SPPostFormAuthenticator.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public SPPostFormAuthenticator()
+ {
+ super();
+ }
+
+ @Override
+ public boolean authenticate(Request request, Response response, LoginConfig
loginConfig) throws IOException
+ {
+ SPUtil spUtil = new SPUtil();
+
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ if(trace)
+ log.trace("Already authenticated '" + principal.getName() +
"'");
+ return true;
+ }
+
+ Session session = request.getSessionInternal(true);
+ String relayState = request.getParameter("RelayState");
+
+ //Try to get the username
+ try
+ {
+ principal = (GenericPrincipal) process(request,response);
+
+ if(principal == null)
+ {
+ AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL,
identityURL);
+ sendRequestToIDP(authnRequest, relayState, response);
+ return false;
+ }
+
+ String username = principal.getName();
+ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
+
+ //Map to JBoss specific principal
+ if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
+ {
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ //Push a context
+ ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
+ principal = context.getRealm().authenticate(username, password);
+ ServiceProviderSAMLContext.clear();
+ }
+
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, Constants.FORM_METHOD, username,
password);
+
+ return true;
+ }
+ catch(AssertionExpiredException aie)
+ {
+ if(trace)
+ log.trace("Assertion has expired. Issuing a new saml2 request to the
IDP");
+ try
+ {
+ AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL,
identityURL);
+ sendRequestToIDP(authnRequest, relayState, response);
+ }
+ catch (Exception e)
+ {
+ if(trace) log.trace("Exception:",e);
+ }
+ return false;
+ }
+ catch(Exception e)
+ {
+ if(trace)
+ log.trace("Exception :",e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+
+ //fallback
+ return super.authenticate(request, response, loginConfig);
+ }
+
+ protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
Response response)
+ throws IOException, SAXException, JAXBException,GeneralSecurityException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Request.marshall(authnRequest, baos);
+
+ String samlMessage = PostBindingUtil.base64Encode(baos.toString());
+ String destination = authnRequest.getDestination();
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, true);
+ }
+
+ protected AuthnRequestType createSAMLRequestMessage(String relayState, Response
response)
+ throws ServletException, ConfigurationException
+ {
+ //create a saml request
+ if(this.serviceURL == null)
+ throw new ServletException("serviceURL is not configured");
+
+ SPUtil spUtil = new SPUtil();
+ return spUtil.createSAMLRequest(serviceURL, identityURL);
+ }
+
+ protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?SAMLRequest=").append(urlEncodedRequest);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+ }
+
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ TrustType idpTrust = spConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ /**
+ * Subclasses should provide the implementation
+ * @param responseType ResponseType that contains the encrypted assertion
+ * @return response type with the decrypted assertion
+ */
+ protected ResponseType decryptAssertion(ResponseType responseType)
+ {
+ throw new RuntimeException("This authenticator does not handle
encryption");
+ }
+
+ private Principal process(Request request, Response response)
+ throws JAXBException, SAXException, IssuerNotTrustedException,
+ AssertionExpiredException, ConfigurationException, GeneralSecurityException
+ {
+ Principal userPrincipal = null;
+
+ String samlResponse = request.getParameter("SAMLResponse");
+ if(samlResponse != null && samlResponse.length() > 0 )
+ {
+ boolean isValid = false;
+ try
+ {
+ isValid = this.validate(request);
+ }
+ catch (IOException e)
+ {
+ throw new GeneralSecurityException(e);
+ }
+ if(!isValid)
+ throw new GeneralSecurityException("Validity check failed");
+
+ //deal with SAML response from IDP
+ byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
+ InputStream is = new ByteArrayInputStream(base64DecodedResponse);
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ ResponseType responseType = saml2Response.getResponseType(is);
+
+ SAMLDocumentHolder samlDocumentHolder = saml2Response.getSamlDocumentHolder();
+
+ boolean validSignature = this.verifySignature(samlDocumentHolder);
+
+ if(validSignature == false)
+ throw new IssuerNotTrustedException("Signature in saml document is
invalid");
+
+ this.isTrusted(responseType.getIssuer().getValue());
+
+ List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
+ Object assertion = assertions.get(0);
+ if(assertion instanceof EncryptedElementType)
+ {
+ responseType = this.decryptAssertion(responseType);
+ }
+
+ SPUtil spUtil = new SPUtil();
+ return spUtil.handleSAMLResponse(request, responseType);
+ }
+ return userPrincipal;
+ }
+
+ protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws
IssuerNotTrustedException
+ {
+ //this authenticator does not deal with signatures.
+ return true;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,165 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.sp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.PublicKey;
-
-import javax.xml.bind.JAXBException;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.XMLSignatureException;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.connector.Response;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
-import org.jboss.identity.federation.web.config.KeyProviderType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.web.util.PostBindingUtil;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-/**
- * JBID-142: POST form authenticator that can
- * handle signatures at the SP side
- * @author Anil.Saldhana(a)redhat.com
- * @since Jul 24, 2009
- */
-public class SPPostSignatureFormAuthenticator extends SPPostFormAuthenticator
-{
- private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class);
-
- private TrustKeyManager keyManager;
-
- private boolean signAssertions = false;
-
- public boolean isSignAssertions()
- {
- return signAssertions;
- }
-
- public void setSignAssertions(boolean signAssertions)
- {
- this.signAssertions = signAssertions;
- }
-
- @Override
- public void start() throws LifecycleException
- {
- super.start();
- KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
- if(keyProvider == null)
- throw new LifecycleException("KeyProvider is null");
- try
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
- keyManager.setAuthProperties(keyProvider.getAuth());
- keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
- }
- catch(Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
- log.trace("Key Provider=" + keyProvider.getClassName());
- }
-
- protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
Response response)
- throws IOException, SAXException, JAXBException, GeneralSecurityException
- {
- SAML2Request saml2Request = new SAML2Request();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(authnRequest, baos);
-
- String samlMessage = PostBindingUtil.base64Encode(baos.toString());
- String destination = authnRequest.getDestination();
-
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
- response, true);
- }
-
- @Override
- protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws
IssuerNotTrustedException
- {
- Document samlResponse = samlDocumentHolder.getSamlDocument();
- ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
-
- String issuerID = response.getIssuer().getValue();
-
- if(issuerID == null)
- throw new IssuerNotTrustedException("Issue missing");
-
- URL issuerURL;
- try
- {
- issuerURL = new URL(issuerID);
- }
- catch (MalformedURLException e1)
- {
- throw new IssuerNotTrustedException(e1);
- }
-
- try
- {
- PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
- log.trace("Going to verify signature in the saml response from IDP");
- boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
- log.trace("Signature verification="+sigResult);
- return sigResult;
- }
- catch (TrustKeyConfigurationException e)
- {
- log.error("Unable to verify signature",e);
- }
- catch (TrustKeyProcessingException e)
- {
- log.error("Unable to verify signature",e);
- }
- catch (MarshalException e)
- {
- log.error("Unable to verify signature",e);
- }
- catch (XMLSignatureException e)
- {
- log.error("Unable to verify signature",e);
- }
- return false;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,166 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignatureException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Response;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+/**
+ * JBID-142: POST form authenticator that can
+ * handle signatures at the SP side
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 24, 2009
+ */
+public class SPPostSignatureFormAuthenticator extends SPPostFormAuthenticator
+{
+ private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private TrustKeyManager keyManager;
+
+ private boolean signAssertions = false;
+
+ public boolean isSignAssertions()
+ {
+ return signAssertions;
+ }
+
+ public void setSignAssertions(boolean signAssertions)
+ {
+ this.signAssertions = signAssertions;
+ }
+
+ @Override
+ public void start() throws LifecycleException
+ {
+ super.start();
+ KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new LifecycleException("KeyProvider is null");
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
+ protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
Response response)
+ throws IOException, SAXException, JAXBException, GeneralSecurityException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Request.marshall(authnRequest, baos);
+
+ String samlMessage = PostBindingUtil.base64Encode(baos.toString());
+ String destination = authnRequest.getDestination();
+
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, true);
+ }
+
+ @Override
+ protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws
IssuerNotTrustedException
+ {
+ Document samlResponse = samlDocumentHolder.getSamlDocument();
+ ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
+
+ String issuerID = response.getIssuer().getValue();
+
+ if(issuerID == null)
+ throw new IssuerNotTrustedException("Issue missing");
+
+ URL issuerURL;
+ try
+ {
+ issuerURL = new URL(issuerID);
+ }
+ catch (MalformedURLException e1)
+ {
+ throw new IssuerNotTrustedException(e1);
+ }
+
+ try
+ {
+ PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
+ if(trace) log.trace("Going to verify signature in the saml response from
IDP");
+ boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
+ if(trace) log.trace("Signature verification="+sigResult);
+ return sigResult;
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (MarshalException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (XMLSignatureException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ return false;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,262 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.sp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletException;
-import javax.xml.bind.JAXBException;
-
-import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.Constants;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.api.util.Base64;
-import org.jboss.identity.federation.api.util.DeflateUtil;
-import org.jboss.identity.federation.web.config.TrustType;
-import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
-import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.xml.sax.SAXException;
-
-/**
- * Authenticator at the Service Provider
- * that handles HTTP/Redirect binding of SAML 2
- * but falls back on Form Authentication
- *
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 12, 2008
- */
-public class SPRedirectFormAuthenticator extends BaseFormAuthenticator
-{
- private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class);
-
- public SPRedirectFormAuthenticator()
- {
- super();
- }
-
- @Override
- public boolean authenticate(Request request, Response response, LoginConfig
loginConfig) throws IOException
- {
- Principal principal = request.getUserPrincipal();
- if (principal != null)
- {
- log.debug("Already authenticated '" + principal.getName() +
"'");
- return true;
- }
-
- Session session = request.getSessionInternal(true);
- String relayState = request.getParameter("RelayState");
-
- //Try to get the username
- try
- {
- principal = (GenericPrincipal) process(request,response);
-
- if(principal == null)
- {
- String destination = createSAMLRequestMessage( relayState, response);
- HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
-
- return false;
- }
-
- String username = principal.getName();
- String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
-
- //Map to JBoss specific principal
- if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
- {
- GenericPrincipal gp = (GenericPrincipal) principal;
- //Push a context
- ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
- principal = context.getRealm().authenticate(username, password);
- ServiceProviderSAMLContext.clear();
- }
-
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- request.setUserPrincipal(principal);
- register(request, response, principal, Constants.FORM_METHOD, username,
password);
-
- return true;
- }
- catch(AssertionExpiredException aie)
- {
- log.debug("Assertion has expired. Issuing a new saml2 request to the
IDP");
- try
- {
- String destination = createSAMLRequestMessage( relayState, response);
- HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
- }
- catch (Exception e)
- {
- log.trace("Exception:",e);
- }
- return false;
- }
- catch(Exception e)
- {
- log.debug("Exception :",e);
- }
-
- //fallback
- return super.authenticate(request, response, loginConfig);
- }
-
- protected String createSAMLRequestMessage(String relayState, Response response)
- throws ServletException, ConfigurationException, SAXException, JAXBException,
IOException
- {
- //create a saml request
- if(this.serviceURL == null)
- throw new ServletException("serviceURL is not configured");
-
- SAML2Request saml2Request = new SAML2Request();
-
- SPUtil spUtil = new SPUtil();
- AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(authnRequest, baos);
-
- String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
- String destination = authnRequest.getDestination() + getDestination(base64Request,
relayState);
- log.debug("Sending to destination="+destination);
-
- return destination;
- }
-
- protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?SAMLRequest=").append(urlEncodedRequest);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- sb.append("&RelayState=").append(urlEncodedRelayState);
- return sb.toString();
- }
-
- protected void isTrusted(String issuer) throws IssuerNotTrustedException
- {
- try
- {
- String issuerDomain = ValveUtil.getDomain(issuer);
- TrustType spTrust = spConfiguration.getTrust();
- if(spTrust != null)
- {
- String domainsTrusted = spTrust.getDomains();
- log.trace("Domains that SP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- {
- //Let us do string parts checking
- StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
- while(st != null && st.hasMoreTokens())
- {
- String uriBit = st.nextToken();
- log.trace("Matching uri bit="+ uriBit);
- if(issuerDomain.indexOf(uriBit) > 0)
- {
- log.trace("Matched " + uriBit + " trust for " +
issuerDomain );
- return;
- }
- }
- throw new IssuerNotTrustedException(issuer);
- }
- }
- }
- catch (Exception e)
- {
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
- }
- }
-
- /**
- * Subclasses should provide the implementation
- * @param responseType ResponseType that contains the encrypted assertion
- * @return response type with the decrypted assertion
- */
- protected ResponseType decryptAssertion(ResponseType responseType)
- throws IOException, GeneralSecurityException, ConfigurationException,
ParsingException
- {
- throw new RuntimeException("This authenticator does not handle
encryption");
- }
-
- private Principal process(Request request, Response response)
- throws IOException, GeneralSecurityException,
- ConfigurationException, ParsingException
- {
- Principal userPrincipal = null;
-
- String samlResponse = request.getParameter("SAMLResponse");
- if(samlResponse != null && samlResponse.length() > 0 )
- {
- boolean isValid = this.validate(request);
-
- if(!isValid)
- throw new GeneralSecurityException("Validity Checks failed");
-
- //deal with SAML response from IDP
- byte[] base64DecodedResponse = Base64.decode(samlResponse);
- InputStream is = DeflateUtil.decode(base64DecodedResponse);
-
- SAML2Response saml2Response = new SAML2Response();
-
- ResponseType responseType = saml2Response.getResponseType(is);
-
- this.isTrusted(responseType.getIssuer().getValue());
-
- List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
- if(assertions.size() == 0)
- throw new IllegalStateException("No assertions in reply from IDP");
-
- Object assertion = assertions.get(0);
- if(assertion instanceof EncryptedElementType)
- {
- responseType = this.decryptAssertion(responseType);
- }
-
- SPUtil spUtil = new SPUtil();
- return spUtil.handleSAMLResponse(request, responseType);
- }
- return userPrincipal;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,268 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import javax.servlet.ServletException;
+import javax.xml.bind.JAXBException;
+
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.api.util.DeflateUtil;
+import org.jboss.identity.federation.web.config.TrustType;
+import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.xml.sax.SAXException;
+
+/**
+ * Authenticator at the Service Provider
+ * that handles HTTP/Redirect binding of SAML 2
+ * but falls back on Form Authentication
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 12, 2008
+ */
+public class SPRedirectFormAuthenticator extends BaseFormAuthenticator
+{
+ private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public SPRedirectFormAuthenticator()
+ {
+ super();
+ }
+
+ @Override
+ public boolean authenticate(Request request, Response response, LoginConfig
loginConfig) throws IOException
+ {
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ if(trace)
+ log.trace("Already authenticated '" + principal.getName() +
"'");
+ return true;
+ }
+
+ Session session = request.getSessionInternal(true);
+ String relayState = request.getParameter("RelayState");
+
+ //Try to get the username
+ try
+ {
+ principal = (GenericPrincipal) process(request,response);
+
+ if(principal == null)
+ {
+ String destination = createSAMLRequestMessage( relayState, response);
+ HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
+
+ return false;
+ }
+
+ String username = principal.getName();
+ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
+
+ //Map to JBoss specific principal
+ if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
+ {
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ //Push a context
+ ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
+ principal = context.getRealm().authenticate(username, password);
+ ServiceProviderSAMLContext.clear();
+ }
+
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, Constants.FORM_METHOD, username,
password);
+
+ return true;
+ }
+ catch(AssertionExpiredException aie)
+ {
+ if(trace)
+ log.trace("Assertion has expired. Issuing a new saml2 request to the
IDP");
+ try
+ {
+ String destination = createSAMLRequestMessage( relayState, response);
+ HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
+ }
+ catch (Exception e)
+ {
+ if(trace) log.trace("Exception:",e);
+ }
+ return false;
+ }
+ catch(Exception e)
+ {
+ if(trace)
+ log.trace("Exception :",e);
+ }
+
+ //fallback
+ return super.authenticate(request, response, loginConfig);
+ }
+
+ protected String createSAMLRequestMessage(String relayState, Response response)
+ throws ServletException, ConfigurationException, SAXException, JAXBException,
IOException
+ {
+ //create a saml request
+ if(this.serviceURL == null)
+ throw new ServletException("serviceURL is not configured");
+
+ SAML2Request saml2Request = new SAML2Request();
+
+ SPUtil spUtil = new SPUtil();
+ AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Request.marshall(authnRequest, baos);
+
+ String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
+ String destination = authnRequest.getDestination() + getDestination(base64Request,
relayState);
+ if(trace)
+ log.trace("Sending to destination="+destination);
+
+ return destination;
+ }
+
+ protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?SAMLRequest=").append(urlEncodedRequest);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+ }
+
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ TrustType spTrust = spConfiguration.getTrust();
+ if(spTrust != null)
+ {
+ String domainsTrusted = spTrust.getDomains();
+ if(trace)
+ log.trace("Domains that SP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ if(trace) log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ if(trace) log.trace("Matched " + uriBit + " trust for
" + issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ /**
+ * Subclasses should provide the implementation
+ * @param responseType ResponseType that contains the encrypted assertion
+ * @return response type with the decrypted assertion
+ */
+ protected ResponseType decryptAssertion(ResponseType responseType)
+ throws IOException, GeneralSecurityException, ConfigurationException,
ParsingException
+ {
+ throw new RuntimeException("This authenticator does not handle
encryption");
+ }
+
+ private Principal process(Request request, Response response)
+ throws IOException, GeneralSecurityException,
+ ConfigurationException, ParsingException
+ {
+ Principal userPrincipal = null;
+
+ String samlResponse = request.getParameter("SAMLResponse");
+ if(samlResponse != null && samlResponse.length() > 0 )
+ {
+ boolean isValid = this.validate(request);
+
+ if(!isValid)
+ throw new GeneralSecurityException("Validity Checks failed");
+
+ //deal with SAML response from IDP
+ byte[] base64DecodedResponse = Base64.decode(samlResponse);
+ InputStream is = DeflateUtil.decode(base64DecodedResponse);
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ ResponseType responseType = saml2Response.getResponseType(is);
+
+ this.isTrusted(responseType.getIssuer().getValue());
+
+ List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
+ Object assertion = assertions.get(0);
+ if(assertion instanceof EncryptedElementType)
+ {
+ responseType = this.decryptAssertion(responseType);
+ }
+
+ SPUtil spUtil = new SPUtil();
+ return spUtil.handleSAMLResponse(request, responseType);
+ }
+ return userPrincipal;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,193 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.sp;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import javax.xml.bind.JAXBException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.connector.Request;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.web.config.KeyProviderType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
-import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
-import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Tomcat Authenticator for the HTTP/Redirect binding with Signature support
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 12, 2009
- */
-public class SPRedirectSignatureFormAuthenticator extends SPRedirectFormAuthenticator
-{
- private static Logger log =
Logger.getLogger(SPRedirectSignatureFormAuthenticator.class);
-
- private TrustKeyManager keyManager;
-
- public SPRedirectSignatureFormAuthenticator()
- {
- super();
- }
-
- @Override
- public void start() throws LifecycleException
- {
- super.start();
- Context context = (Context) getContainer();
-
- KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
- if(keyProvider == null)
- throw new LifecycleException("KeyProvider is null for context="+
context.getName());
- try
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
- keyManager.setAuthProperties(keyProvider.getAuth());
- keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
- }
- catch(Exception e)
- {
- log.error("Exception reading configuration:",e);
- throw new LifecycleException(e.getLocalizedMessage());
- }
- log.trace("Key Provider=" + keyProvider.getClassName());
- }
-
- protected boolean validate(Request request) throws IOException,
GeneralSecurityException
- {
- boolean result = super.validate(request);
- if( result == false)
- return result;
-
- String queryString = request.getQueryString();
- //Check if there is a signature
- byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
- if(sigValue == null)
- return false;
-
- //Construct the url again
- String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SAMLResponse");
- String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"RelayState");
- String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SigAlg");
-
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLResponse=").append(reqFromURL);
-
- if(relayStateFromURL != null && relayStateFromURL.length() > 0)
- {
- sb.append("&RelayState=").append(relayStateFromURL);
- }
- sb.append("&SigAlg=").append(sigAlgFromURL);
-
- PublicKey validatingKey;
- try
- {
- validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
- }
- catch (TrustKeyConfigurationException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
- catch (TrustKeyProcessingException e)
- {
- throw new GeneralSecurityException(e.getCause());
- }
- boolean isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"),
sigValue, validatingKey);
- return isValid;
- }
-
- @Override
- protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
- {
- try
- {
- //Get the signing key
- PrivateKey signingKey = keyManager.getSigningKey();
- StringBuffer sb = new StringBuffer();
- String url =
RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest,
urlEncodedRelayState, signingKey);
- sb.append("?").append(url);
- return sb.toString();
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- protected ResponseType decryptAssertion(ResponseType responseType)
- throws IOException, GeneralSecurityException, ConfigurationException,
ParsingException
- {
- try
- {
- SAML2Response saml2Response = new SAML2Response();
- PrivateKey privateKey = keyManager.getSigningKey();
-
- EncryptedElementType myEET = (EncryptedElementType)
responseType.getAssertionOrEncryptedAssertion().get(0);
- Document eetDoc = saml2Response.convert(myEET);
-
- Element decryptedDocumentElement =
XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);
-
- //Let us use the encrypted doc element to decrypt it
- return
saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
- }
- catch (JAXBException e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ParsingException(e);
- }
- catch (Exception e)
- {
- throw new GeneralSecurityException(e);
- }
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
(from rev 729,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,194 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Tomcat Authenticator for the HTTP/Redirect binding with Signature support
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 12, 2009
+ */
+public class SPRedirectSignatureFormAuthenticator extends SPRedirectFormAuthenticator
+{
+ private static Logger log =
Logger.getLogger(SPRedirectSignatureFormAuthenticator.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private TrustKeyManager keyManager;
+
+ public SPRedirectSignatureFormAuthenticator()
+ {
+ super();
+ }
+
+ @Override
+ public void start() throws LifecycleException
+ {
+ super.start();
+ Context context = (Context) getContainer();
+
+ KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new LifecycleException("KeyProvider is null for context="+
context.getName());
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+ if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
+ protected boolean validate(Request request) throws IOException,
GeneralSecurityException
+ {
+ boolean result = super.validate(request);
+ if( result == false)
+ return result;
+
+ String queryString = request.getQueryString();
+ //Check if there is a signature
+ byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
+ if(sigValue == null)
+ return false;
+
+ //Construct the url again
+ String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SAMLResponse");
+ String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"RelayState");
+ String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SigAlg");
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("SAMLResponse=").append(reqFromURL);
+
+ if(relayStateFromURL != null && relayStateFromURL.length() > 0)
+ {
+ sb.append("&RelayState=").append(relayStateFromURL);
+ }
+ sb.append("&SigAlg=").append(sigAlgFromURL);
+
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ boolean isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"),
sigValue, validatingKey);
+ return isValid;
+ }
+
+ @Override
+ protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
+ {
+ try
+ {
+ //Get the signing key
+ PrivateKey signingKey = keyManager.getSigningKey();
+ StringBuffer sb = new StringBuffer();
+ String url =
RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest,
urlEncodedRelayState, signingKey);
+ sb.append("?").append(url);
+ return sb.toString();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ protected ResponseType decryptAssertion(ResponseType responseType)
+ throws IOException, GeneralSecurityException, ConfigurationException,
ParsingException
+ {
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ PrivateKey privateKey = keyManager.getSigningKey();
+
+ EncryptedElementType myEET = (EncryptedElementType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+ Document eetDoc = saml2Response.convert(myEET);
+
+ Element decryptedDocumentElement =
XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);
+
+ //Let us use the encrypted doc element to decrypt it
+ return
saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
+ }
+ catch (JAXBException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (Exception e)
+ {
+ throw new GeneralSecurityException(e);
+ }
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,151 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.util;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.SPType;
-import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
-import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.xml.sax.SAXException;
-
-/**
- * Util for tomcat valves
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 22, 2009
- */
-public class ValveUtil
-{
- /**
- * Seek the input stream to the KeyStore
- * @param keyStore
- * @return
- */
- public static InputStream getKeyStoreInputStream(String keyStore)
- {
- InputStream is = null;
-
- try
- {
- //Try the file method
- File file = new File(keyStore);
- is = new FileInputStream(file);
- }
- catch(Exception e)
- {
- try
- {
- URL url = new URL(keyStore);
- is = url.openStream();
- }
- catch(Exception ex)
- {
- is = SecurityActions.getContextClassLoader().getResourceAsStream(keyStore);
- }
- }
-
- if(is == null)
- {
- //Try the user.home dir
- String userHome = SecurityActions.getSystemProperty("user.home",
"") + "/jbid-keystore";
- File ksDir = new File(userHome);
- if(ksDir.exists())
- {
- try
- {
- is = new FileInputStream(new File(userHome + "/" + keyStore));
- }
- catch (FileNotFoundException e)
- {
- is = null;
- }
- }
- }
- if(is == null)
- throw new RuntimeException("Keystore not located:" + keyStore);
- return is;
- }
-
- @SuppressWarnings("unchecked")
- public static IDPType getIDPConfiguration(InputStream is) throws JAXBException,
SAXException
- {
- if(is == null)
- throw new IllegalArgumentException("inputstream is null");
- String schema = "schema/config/jboss-identity-fed.xsd";
-
- String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
- boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
-
- String pkgName = "org.jboss.identity.federation.web.config";
- Unmarshaller un = null;
- if(validate)
- un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
- else
- un = JAXBUtil.getUnmarshaller(pkgName);
-
- JAXBElement<IDPType> jaxbSp = (JAXBElement<IDPType>)
un.unmarshal(is);
- return jaxbSp.getValue();
- }
-
- @SuppressWarnings("unchecked")
- public static SPType getSPConfiguration(InputStream is) throws JAXBException,
SAXException
- {
- if(is == null)
- throw new IllegalArgumentException("inputstream is null");
- String schema = "schema/config/jboss-identity-fed.xsd";
-
- String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
- boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
-
- String pkgName = "org.jboss.identity.federation.web.config";
- Unmarshaller un = null;
- if(validate)
- un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
- else
- un = JAXBUtil.getUnmarshaller(pkgName);
-
- JAXBElement<SPType> jaxbSp = (JAXBElement<SPType>) un.unmarshal(is);
- return jaxbSp.getValue();
- }
-
- /**
- * Given a SP or IDP issuer from the assertion, return the host
- * @param domainURL
- * @return
- * @throws IOException
- */
- public static String getDomain(String domainURL) throws IOException
- {
- URL url = new URL(domainURL);
- return url.getHost();
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
(from rev 725,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,101 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+
+/**
+ * Util for tomcat valves
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 22, 2009
+ */
+public class ValveUtil
+{
+ /**
+ * Seek the input stream to the KeyStore
+ * @param keyStore
+ * @return
+ */
+ public static InputStream getKeyStoreInputStream(String keyStore)
+ {
+ InputStream is = null;
+
+ try
+ {
+ //Try the file method
+ File file = new File(keyStore);
+ is = new FileInputStream(file);
+ }
+ catch(Exception e)
+ {
+ try
+ {
+ URL url = new URL(keyStore);
+ is = url.openStream();
+ }
+ catch(Exception ex)
+ {
+ is = SecurityActions.getContextClassLoader().getResourceAsStream(keyStore);
+ }
+ }
+
+ if(is == null)
+ {
+ //Try the user.home dir
+ String userHome = SecurityActions.getSystemProperty("user.home",
"") + "/jbid-keystore";
+ File ksDir = new File(userHome);
+ if(ksDir.exists())
+ {
+ try
+ {
+ is = new FileInputStream(new File(userHome + "/" + keyStore));
+ }
+ catch (FileNotFoundException e)
+ {
+ is = null;
+ }
+ }
+ }
+ if(is == null)
+ throw new RuntimeException("Keystore not located:" + keyStore);
+ return is;
+ }
+
+
+
+ /**
+ * Given a SP or IDP issuer from the assertion, return the host
+ * @param domainURL
+ * @return
+ * @throws IOException
+ */
+ public static String getDomain(String domainURL) throws IOException
+ {
+ URL url = new URL(domainURL);
+ return url.getHost();
+ }
+}
\ No newline at end of file
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-bindings-jboss/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,113 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-bindings-jboss</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Server Bindings for JBoss</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity OpenSAML contains the foundation for Federated
Identity Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-bindings</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.4</version>
- </dependency>
- <dependency>
- <groupId>org.apache.tomcat</groupId>
- <artifactId>catalina</artifactId>
- <version>6.0.18</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
- <version>2.0.2.SP6</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-bindings-jboss/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-bindings-jboss/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,113 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-bindings-jboss</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Server Bindings for JBoss</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity OpenSAML contains the foundation for Federated
Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-bindings</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.4</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>catalina</artifactId>
+ <version>6.0.18</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx</artifactId>
+ <version>2.0.2.SP6</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,137 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-fed-api</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Consolidated API</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Federation API contains the API to be used by the
users of JBoss Identity Federation.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxws</groupId>
- <artifactId>jaxws-api</artifactId>
- <version>2.1.1</version>
- </dependency>
- <dependency>
- <groupId>org.openid4java</groupId>
- <artifactId>openid4java</artifactId>
- </dependency>
- <dependency>
- <groupId>nekohtml</groupId>
- <artifactId>nekohtml</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>stax</groupId>
- <artifactId>stax-api</artifactId>
- <version>1.0</version>
- </dependency>
- <dependency>
- <groupId>org.apache</groupId>
- <artifactId>xmlsec</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>codehaus-stax</groupId>
- <artifactId>stax</artifactId>
- <version>1.1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.9.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml (from rev 730,
identity-federation/trunk/jboss-identity-fed-api/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-fed-api/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,137 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-fed-api</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Consolidated API</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Federation API contains the API to be used by the
users of JBoss Identity Federation.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxws</groupId>
+ <artifactId>jaxws-api</artifactId>
+ <version>2.1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.openid4java</groupId>
+ <artifactId>openid4java</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>nekohtml</groupId>
+ <artifactId>nekohtml</artifactId>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache</groupId>
+ <artifactId>xmlsec</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>codehaus-stax</groupId>
+ <artifactId>stax</artifactId>
+ <version>1.1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.9.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,112 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-fed-core</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Core</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Federation Core contains the core infrastructure
code</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.openid4java</groupId>
- <artifactId>openid4java</artifactId>
- </dependency>
- <dependency>
- <groupId>stax</groupId>
- <artifactId>stax-api</artifactId>
- <version>1.0</version>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>codehaus-stax</groupId>
- <artifactId>stax</artifactId>
- <version>1.1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml (from rev
730, identity-federation/trunk/jboss-identity-fed-core/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,112 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-fed-core</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Core</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Federation Core contains the core infrastructure
code</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.openid4java</groupId>
+ <artifactId>openid4java</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>codehaus-stax</groupId>
+ <artifactId>stax</artifactId>
+ <version>1.1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,192 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.saml.v2.metadata.store;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.util.Map;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
-import org.jboss.identity.federation.saml.v2.metadata.ObjectFactory;
-
-/**
- * File based metadata store that uses
- * the ${user.home}/jbid-store location to
- * persist the data
- * @author Anil.Saldhana(a)redhat.com
- * @since Apr 27, 2009
- */
-public class FileBasedMetadataConfigurationStore implements IMetadataConfigurationStore
-{
- private static Logger log =
Logger.getLogger(FileBasedMetadataConfigurationStore.class);
-
- private static String EXTENSION = ".xml";
-
- private String userHome = null;
-
- private String pkgName = "org.jboss.identity.federation.saml.v2.metadata";
-
- public FileBasedMetadataConfigurationStore()
- {
- userHome = SecurityActions.getSystemProperty("user.home");
- if(userHome == null)
- throw new RuntimeException("user.home system property not set");
-
- File jbid = new File(userHome + "/jbid-store");
- if(jbid.exists() == false)
- {
- log.debug(jbid.getPath() + " does not exist. Hence creating.");
- jbid.mkdir();
- }
- }
-
- /**
- * @see IMetadataConfigurationStore#load(String)
- */
- @SuppressWarnings("unchecked")
- public EntityDescriptorType load(String id) throws IOException
- {
- File persistedFile = validateIdAndReturnMDFile(id);
-
- Unmarshaller un;
- try
- {
- un = JAXBUtil.getUnmarshaller(pkgName);
- JAXBElement<EntityDescriptorType> je =
- (JAXBElement<EntityDescriptorType>) un.unmarshal(persistedFile);
- return je.getValue();
- }
- catch (JAXBException e)
- {
- IOException ioe =new IOException(e.getLocalizedMessage());
- ioe.initCause(e);
- throw ioe;
- }
-
- }
-
- /**
- * @see IMetadataConfigurationStore#persist(EntityDescriptorType, String)
- */
- public void persist(EntityDescriptorType entity, String id) throws IOException
- {
- File persistedFile = validateIdAndReturnMDFile(id);
-
- ObjectFactory of = new ObjectFactory();
-
- JAXBElement<?> jentity = of.createEntityDescriptor(entity);
-
- Marshaller m;
- try
- {
- m = JAXBUtil.getMarshaller(pkgName);
- m.marshal(jentity, persistedFile);
- }
- catch (JAXBException e)
- {
- IOException ioe =new IOException(e.getLocalizedMessage());
- ioe.initCause(e);
- throw ioe;
- }
- log.trace("Persisted into " + persistedFile.getPath());
- }
-
- /**
- * @see IMetadataConfigurationStore#delete(String)
- */
- public void delete(String id)
- {
- File persistedFile = validateIdAndReturnMDFile(id);
-
- if(persistedFile.exists())
- persistedFile.delete();
- }
-
- /**
- * @throws IOException
- * @throws ClassNotFoundException
- * @see IMetadataConfigurationStore#loadTrustedProviders(String)
- */
- @SuppressWarnings("unchecked")
- public Map<String, String> loadTrustedProviders(String id) throws IOException,
ClassNotFoundException
- {
- File trustedFile = validateIdAndReturnTrustedProvidersFile(id);
- ObjectInputStream ois = new ObjectInputStream(new FileInputStream(trustedFile));
- Map<String, String> trustedMap = (Map<String, String>)
ois.readObject();
- return trustedMap;
- }
-
- /**
- * @throws IOException
- * @see IMetadataConfigurationStore#persistTrustedProviders(Map)
- */
- public void persistTrustedProviders(String id, Map<String, String> trusted)
- throws IOException
- {
- File trustedFile = validateIdAndReturnTrustedProvidersFile(id);
- ObjectOutputStream oos = new ObjectOutputStream(new
FileOutputStream(trustedFile));
- oos.writeObject(trusted);
- oos.close();
- log.trace("Persisted trusted map into "+ trustedFile.getPath());
- }
-
- /**
- * @see IMetadataConfigurationStore#deleteTrustedProviders(String)
- */
- public void deleteTrustedProviders(String id)
- {
- File persistedFile = validateIdAndReturnTrustedProvidersFile(id);
-
- if(persistedFile.exists())
- persistedFile.delete();
- }
-
- private File validateIdAndReturnMDFile(String id)
- {
- if(id == null)
- throw new IllegalArgumentException("id is null");
- if(!id.endsWith(EXTENSION))
- id += EXTENSION;
- return new File(userHome + "/jbid-store/" + id);
- }
-
- private File validateIdAndReturnTrustedProvidersFile(String id)
- {
- if(id == null)
- throw new IllegalArgumentException("id is null");
-
- id += "-trusted" + EXTENSION;
-
- return new File(userHome + "/jbid-store/" + id);
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
(from rev 729,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,194 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.metadata.store;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
+import org.jboss.identity.federation.saml.v2.metadata.ObjectFactory;
+
+/**
+ * File based metadata store that uses
+ * the ${user.home}/jbid-store location to
+ * persist the data
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Apr 27, 2009
+ */
+public class FileBasedMetadataConfigurationStore implements IMetadataConfigurationStore
+{
+ private static Logger log =
Logger.getLogger(FileBasedMetadataConfigurationStore.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private static String EXTENSION = ".xml";
+
+ private String userHome = null;
+
+ private String pkgName = "org.jboss.identity.federation.saml.v2.metadata";
+
+ public FileBasedMetadataConfigurationStore()
+ {
+ userHome = SecurityActions.getSystemProperty("user.home");
+ if(userHome == null)
+ throw new RuntimeException("user.home system property not set");
+
+ File jbid = new File(userHome + "/jbid-store");
+ if(jbid.exists() == false)
+ {
+ if(trace)
+ log.trace(jbid.getPath() + " does not exist. Hence creating.");
+ jbid.mkdir();
+ }
+ }
+
+ /**
+ * @see IMetadataConfigurationStore#load(String)
+ */
+ @SuppressWarnings("unchecked")
+ public EntityDescriptorType load(String id) throws IOException
+ {
+ File persistedFile = validateIdAndReturnMDFile(id);
+
+ Unmarshaller un;
+ try
+ {
+ un = JAXBUtil.getUnmarshaller(pkgName);
+ JAXBElement<EntityDescriptorType> je =
+ (JAXBElement<EntityDescriptorType>) un.unmarshal(persistedFile);
+ return je.getValue();
+ }
+ catch (JAXBException e)
+ {
+ IOException ioe =new IOException(e.getLocalizedMessage());
+ ioe.initCause(e);
+ throw ioe;
+ }
+
+ }
+
+ /**
+ * @see IMetadataConfigurationStore#persist(EntityDescriptorType, String)
+ */
+ public void persist(EntityDescriptorType entity, String id) throws IOException
+ {
+ File persistedFile = validateIdAndReturnMDFile(id);
+
+ ObjectFactory of = new ObjectFactory();
+
+ JAXBElement<?> jentity = of.createEntityDescriptor(entity);
+
+ Marshaller m;
+ try
+ {
+ m = JAXBUtil.getMarshaller(pkgName);
+ m.marshal(jentity, persistedFile);
+ }
+ catch (JAXBException e)
+ {
+ IOException ioe =new IOException(e.getLocalizedMessage());
+ ioe.initCause(e);
+ throw ioe;
+ }
+ if(trace) log.trace("Persisted into " + persistedFile.getPath());
+ }
+
+ /**
+ * @see IMetadataConfigurationStore#delete(String)
+ */
+ public void delete(String id)
+ {
+ File persistedFile = validateIdAndReturnMDFile(id);
+
+ if(persistedFile.exists())
+ persistedFile.delete();
+ }
+
+ /**
+ * @throws IOException
+ * @throws ClassNotFoundException
+ * @see IMetadataConfigurationStore#loadTrustedProviders(String)
+ */
+ @SuppressWarnings("unchecked")
+ public Map<String, String> loadTrustedProviders(String id) throws IOException,
ClassNotFoundException
+ {
+ File trustedFile = validateIdAndReturnTrustedProvidersFile(id);
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(trustedFile));
+ Map<String, String> trustedMap = (Map<String, String>)
ois.readObject();
+ return trustedMap;
+ }
+
+ /**
+ * @throws IOException
+ * @see IMetadataConfigurationStore#persistTrustedProviders(Map)
+ */
+ public void persistTrustedProviders(String id, Map<String, String> trusted)
+ throws IOException
+ {
+ File trustedFile = validateIdAndReturnTrustedProvidersFile(id);
+ ObjectOutputStream oos = new ObjectOutputStream(new
FileOutputStream(trustedFile));
+ oos.writeObject(trusted);
+ oos.close();
+ if(trace) log.trace("Persisted trusted map into "+
trustedFile.getPath());
+ }
+
+ /**
+ * @see IMetadataConfigurationStore#deleteTrustedProviders(String)
+ */
+ public void deleteTrustedProviders(String id)
+ {
+ File persistedFile = validateIdAndReturnTrustedProvidersFile(id);
+
+ if(persistedFile.exists())
+ persistedFile.delete();
+ }
+
+ private File validateIdAndReturnMDFile(String id)
+ {
+ if(id == null)
+ throw new IllegalArgumentException("id is null");
+ if(!id.endsWith(EXTENSION))
+ id += EXTENSION;
+ return new File(userHome + "/jbid-store/" + id);
+ }
+
+ private File validateIdAndReturnTrustedProvidersFile(String id)
+ {
+ if(id == null)
+ throw new IllegalArgumentException("id is null");
+
+ id += "-trusted" + EXTENSION;
+
+ return new File(userHome + "/jbid-store/" + id);
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,103 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.saml.v2.util;
-
-import javax.xml.datatype.XMLGregorianCalendar;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
-import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
-import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
-
-/**
- * Utility to deal with assertions
- * @author Anil.Saldhana(a)redhat.com
- * @since Jun 3, 2009
- */
-public class AssertionUtil
-{
- private static Logger log = Logger.getLogger(AssertionUtil.class);
-
- /**
- * Create an assertion
- * @param id
- * @param issuer
- * @return
- */
- public static AssertionType createAssertion(String id, NameIDType issuer)
- {
- AssertionType assertion =
SAMLAssertionFactory.getObjectFactory().createAssertionType();
- assertion.setID(id);
- assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
- assertion.setIssuer(issuer);
- return assertion;
- }
-
- /**
- * Add validity conditions to the SAML2 Assertion
- * @param assertion
- * @param durationInMilis
- * @throws ConfigurationException
- * @throws IssueInstantMissingException
- */
- public static void createTimedConditions(AssertionType assertion, long
durationInMilis)
- throws ConfigurationException, IssueInstantMissingException
- {
- XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
- if(issueInstant == null)
- throw new IssueInstantMissingException("assertion does not have issue
instant");
- XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant,
durationInMilis);
- ConditionsType conditionsType =
JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
- conditionsType.setNotBefore(issueInstant);
- conditionsType.setNotOnOrAfter(assertionValidityLength);
-
- assertion.setConditions(conditionsType);
- }
-
- /**
- * Check whether the assertion has expired
- * @param assertion
- * @return
- * @throws ConfigurationException
- */
- public static boolean hasExpired(AssertionType assertion) throws
ConfigurationException
- {
- //Check for validity of assertion
- ConditionsType conditionsType = assertion.getConditions();
- if(conditionsType != null)
- {
- XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
- XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
- XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
- log.trace("Now="+now.toXMLFormat() + "
::notBefore="+notBefore.toXMLFormat()
- + "::notOnOrAfter="+notOnOrAfter);
- return !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
- }
- //TODO: if conditions do not exist, assume the assertion to be everlasting?
- return false;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
(from rev 729,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,104 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.util;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+
+/**
+ * Utility to deal with assertions
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jun 3, 2009
+ */
+public class AssertionUtil
+{
+ private static Logger log = Logger.getLogger(AssertionUtil.class);
+ private static boolean trace = log.isTraceEnabled();
+
+ /**
+ * Create an assertion
+ * @param id
+ * @param issuer
+ * @return
+ */
+ public static AssertionType createAssertion(String id, NameIDType issuer)
+ {
+ AssertionType assertion =
SAMLAssertionFactory.getObjectFactory().createAssertionType();
+ assertion.setID(id);
+ assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(issuer);
+ return assertion;
+ }
+
+ /**
+ * Add validity conditions to the SAML2 Assertion
+ * @param assertion
+ * @param durationInMilis
+ * @throws ConfigurationException
+ * @throws IssueInstantMissingException
+ */
+ public static void createTimedConditions(AssertionType assertion, long
durationInMilis)
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
+ if(issueInstant == null)
+ throw new IssueInstantMissingException("assertion does not have issue
instant");
+ XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant,
durationInMilis);
+ ConditionsType conditionsType =
JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
+ conditionsType.setNotBefore(issueInstant);
+ conditionsType.setNotOnOrAfter(assertionValidityLength);
+
+ assertion.setConditions(conditionsType);
+ }
+
+ /**
+ * Check whether the assertion has expired
+ * @param assertion
+ * @return
+ * @throws ConfigurationException
+ */
+ public static boolean hasExpired(AssertionType assertion) throws
ConfigurationException
+ {
+ //Check for validity of assertion
+ ConditionsType conditionsType = assertion.getConditions();
+ if(conditionsType != null)
+ {
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+ XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+ XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+ if(trace) log.trace("Now="+now.toXMLFormat() + "
::notBefore="+notBefore.toXMLFormat()
+ + "::notOnOrAfter="+notOnOrAfter);
+ return !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
+ }
+ //TODO: if conditions do not exist, assume the assertion to be everlasting?
+ return false;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,334 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.saml.v2.util;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Reader;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.xpath.XPathException;
-
-import org.apache.log4j.Logger;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Utility dealing with DOM
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 14, 2009
- */
-public class DocumentUtil
-{
- private static Logger log = Logger.getLogger(DocumentUtil.class);
-
-
- /**
- * Check whether a node belongs to a document
- * @param doc
- * @param node
- * @return
- */
- public static boolean containsNode(Document doc, Node node)
- {
- if(node.getNodeType() == Node.ELEMENT_NODE)
- {
- Element elem = (Element) node;
- NodeList nl = doc.getElementsByTagNameNS(elem.getNamespaceURI(),
elem.getLocalName());
- if(nl != null && nl.getLength() > 0)
- return true;
- else
- return false;
- }
- throw new UnsupportedOperationException();
- }
-
- /**
- * Create a new document
- * @return
- * @throws ParserConfigurationException
- */
- public static Document createDocument() throws ParserConfigurationException
- {
- DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.newDocument();
- }
-
- /**
- * Parse a document from the string
- * @param docString
- * @return
- * @throws IOException
- * @throws SAXException
- * @throws ParserConfigurationException
- */
- public static Document getDocument(String docString) throws
ParserConfigurationException, SAXException, IOException
- {
- return getDocument(new StringReader(docString));
- }
-
- /**
- * Parse a document from a reader
- * @param reader
- * @return
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- */
- public static Document getDocument(Reader reader)
- throws ParserConfigurationException, SAXException, IOException
- {
- DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(new InputSource(reader));
- }
-
- /**
- * Get Document from a file
- * @param file
- * @return
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- */
- public static Document getDocument(File file) throws ParserConfigurationException,
SAXException, IOException
- {
- DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(file);
- }
-
- /**
- * Get Document from an inputstream
- * @param is
- * @return
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- */
- public static Document getDocument(InputStream is) throws
ParserConfigurationException, SAXException, IOException
- {
- DocumentBuilderFactory factory = getDocumentBuilderFactory();
- DocumentBuilder builder = factory.newDocumentBuilder();
-
- return builder.parse(is);
- }
-
- /**
- * Marshall a document into a String
- * @param signedDoc
- * @return
- * @throws TransformerFactoryConfigurationError
- * @throws TransformerException
- */
- public static String getDocumentAsString(Document signedDoc) throws
TransformerFactoryConfigurationError, TransformerException
- {
- Source source = new DOMSource(signedDoc);
- StringWriter sw = new StringWriter();
-
- Result streamResult = new StreamResult(sw);
- // Write the DOM document to the stream
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
- xformer.transform(source, streamResult);
-
- return sw.toString();
- }
-
- /**
- * Marshall a DOM Element as string
- * @param element
- * @return
- * @throws TransformerFactoryConfigurationError
- * @throws TransformerException
- */
- public static String getDOMElementAsString(Element element)
- throws TransformerFactoryConfigurationError, TransformerException
- {
- Source source = new DOMSource(element);
- StringWriter sw = new StringWriter();
-
- Result streamResult = new StreamResult(sw);
- // Write the DOM document to the file
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
- xformer.transform(source, streamResult);
-
- return sw.toString();
- }
-
- /**
- * Stream a DOM Node as an input stream
- * @param node
- * @return
- * @throws TransformerFactoryConfigurationError
- * @throws TransformerException
- */
- public static InputStream getNodeAsStream(Node node)
- throws TransformerFactoryConfigurationError, TransformerException
- {
- Source source = new DOMSource(node);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- Result streamResult = new StreamResult(baos);
- // Write the DOM document to the stream
- Transformer transformer = getTransformer();
- transformer.transform(source, streamResult);
-
- ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
-
- return bis;
- }
-
- /**
- * Stream a DOM Node as a String
- * @param node
- * @return
- * @throws TransformerFactoryConfigurationError
- * @throws TransformerException
- */
- public static String getNodeAsString(Node node)
- throws TransformerFactoryConfigurationError, TransformerException
- {
- Source source = new DOMSource(node);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- Result streamResult = new StreamResult(baos);
- // Write the DOM document to the stream
- Transformer transformer = getTransformer();
- transformer.transform(source, streamResult);
-
- return new String(baos.toByteArray());
- }
-
- /**
- * Given a document, return a Node with the given node name
- * and an attribute with a particular attribute value
- * @param document
- * @param nsURI
- * @param nodeName
- * @param attributeName
- * @param attributeValue
- * @return
- * @throws XPathException
- * @throws TransformerFactoryConfigurationError
- * @throws TransformerException
- */
- public static Node getNodeWithAttribute(Document document, final String nsURI,
- String nodeName,
- String attributeName, String attributeValue) throws XPathException,
- TransformerFactoryConfigurationError, TransformerException
- {
- NodeList nl = document.getElementsByTagNameNS(nsURI, nodeName);
- int len = nl != null ? nl.getLength() : 0;
-
- for (int i = 0; i < len; i++)
- {
- Node n = nl.item(i);
- if(n.getNodeType() != Node.ELEMENT_NODE)
- continue;
- Element el = (Element) n;
- String attrValue = el.getAttributeNS(nsURI, attributeName);
- if(attributeValue.equals(attrValue))
- return el;
- //Take care of attributes with null NS
- attrValue = el.getAttribute(attributeName);
- if(attributeValue.equals(attrValue))
- return el;
- }
- return null;
- }
-
- /**
- * Get a {@link Source} given a {@link Document}
- * @param doc
- * @return
- */
- public static Source getXMLSource(Document doc)
- {
- return new DOMSource(doc);
- }
-
- /**
- * Log the nodes in the document
- * @param doc
- */
- public static void logNodes(Document doc)
- {
- visit(doc, 0);
- }
-
- private static void visit(Node node, int level)
- {
- // Visit each child
- NodeList list = node.getChildNodes();
- for (int i=0; i<list.getLength(); i++)
- {
- // Get child node
- Node childNode = list.item(i);
- log.trace("Node="+ childNode.getNamespaceURI()+
"::"+childNode.getLocalName());
- // Visit child node
- visit(childNode, level+1);
- }
- }
-
- /**
- * Create a namespace aware Document builder factory
- * @return
- */
- private static DocumentBuilderFactory getDocumentBuilderFactory()
- {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setXIncludeAware(true);
- return factory;
- }
-
- private static Transformer getTransformer() throws TransformerConfigurationException,
- TransformerFactoryConfigurationError
- {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- transformer.setOutputProperty(OutputKeys.INDENT, "no");
- return transformer;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
(from rev 729,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,336 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.xpath.XPathException;
+
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Utility dealing with DOM
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 14, 2009
+ */
+public class DocumentUtil
+{
+ private static Logger log = Logger.getLogger(DocumentUtil.class);
+ private static boolean trace = log.isTraceEnabled();
+
+
+ /**
+ * Check whether a node belongs to a document
+ * @param doc
+ * @param node
+ * @return
+ */
+ public static boolean containsNode(Document doc, Node node)
+ {
+ if(node.getNodeType() == Node.ELEMENT_NODE)
+ {
+ Element elem = (Element) node;
+ NodeList nl = doc.getElementsByTagNameNS(elem.getNamespaceURI(),
elem.getLocalName());
+ if(nl != null && nl.getLength() > 0)
+ return true;
+ else
+ return false;
+ }
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Create a new document
+ * @return
+ * @throws ParserConfigurationException
+ */
+ public static Document createDocument() throws ParserConfigurationException
+ {
+ DocumentBuilderFactory factory = getDocumentBuilderFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.newDocument();
+ }
+
+ /**
+ * Parse a document from the string
+ * @param docString
+ * @return
+ * @throws IOException
+ * @throws SAXException
+ * @throws ParserConfigurationException
+ */
+ public static Document getDocument(String docString) throws
ParserConfigurationException, SAXException, IOException
+ {
+ return getDocument(new StringReader(docString));
+ }
+
+ /**
+ * Parse a document from a reader
+ * @param reader
+ * @return
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ public static Document getDocument(Reader reader)
+ throws ParserConfigurationException, SAXException, IOException
+ {
+ DocumentBuilderFactory factory = getDocumentBuilderFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(new InputSource(reader));
+ }
+
+ /**
+ * Get Document from a file
+ * @param file
+ * @return
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ public static Document getDocument(File file) throws ParserConfigurationException,
SAXException, IOException
+ {
+ DocumentBuilderFactory factory = getDocumentBuilderFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(file);
+ }
+
+ /**
+ * Get Document from an inputstream
+ * @param is
+ * @return
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ public static Document getDocument(InputStream is) throws
ParserConfigurationException, SAXException, IOException
+ {
+ DocumentBuilderFactory factory = getDocumentBuilderFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+
+ return builder.parse(is);
+ }
+
+ /**
+ * Marshall a document into a String
+ * @param signedDoc
+ * @return
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
+ */
+ public static String getDocumentAsString(Document signedDoc) throws
TransformerFactoryConfigurationError, TransformerException
+ {
+ Source source = new DOMSource(signedDoc);
+ StringWriter sw = new StringWriter();
+
+ Result streamResult = new StreamResult(sw);
+ // Write the DOM document to the stream
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, streamResult);
+
+ return sw.toString();
+ }
+
+ /**
+ * Marshall a DOM Element as string
+ * @param element
+ * @return
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
+ */
+ public static String getDOMElementAsString(Element element)
+ throws TransformerFactoryConfigurationError, TransformerException
+ {
+ Source source = new DOMSource(element);
+ StringWriter sw = new StringWriter();
+
+ Result streamResult = new StreamResult(sw);
+ // Write the DOM document to the file
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, streamResult);
+
+ return sw.toString();
+ }
+
+ /**
+ * Stream a DOM Node as an input stream
+ * @param node
+ * @return
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
+ */
+ public static InputStream getNodeAsStream(Node node)
+ throws TransformerFactoryConfigurationError, TransformerException
+ {
+ Source source = new DOMSource(node);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ Result streamResult = new StreamResult(baos);
+ // Write the DOM document to the stream
+ Transformer transformer = getTransformer();
+ transformer.transform(source, streamResult);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+
+ return bis;
+ }
+
+ /**
+ * Stream a DOM Node as a String
+ * @param node
+ * @return
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
+ */
+ public static String getNodeAsString(Node node)
+ throws TransformerFactoryConfigurationError, TransformerException
+ {
+ Source source = new DOMSource(node);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ Result streamResult = new StreamResult(baos);
+ // Write the DOM document to the stream
+ Transformer transformer = getTransformer();
+ transformer.transform(source, streamResult);
+
+ return new String(baos.toByteArray());
+ }
+
+ /**
+ * Given a document, return a Node with the given node name
+ * and an attribute with a particular attribute value
+ * @param document
+ * @param nsURI
+ * @param nodeName
+ * @param attributeName
+ * @param attributeValue
+ * @return
+ * @throws XPathException
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
+ */
+ public static Node getNodeWithAttribute(Document document, final String nsURI,
+ String nodeName,
+ String attributeName, String attributeValue) throws XPathException,
+ TransformerFactoryConfigurationError, TransformerException
+ {
+ NodeList nl = document.getElementsByTagNameNS(nsURI, nodeName);
+ int len = nl != null ? nl.getLength() : 0;
+
+ for (int i = 0; i < len; i++)
+ {
+ Node n = nl.item(i);
+ if(n.getNodeType() != Node.ELEMENT_NODE)
+ continue;
+ Element el = (Element) n;
+ String attrValue = el.getAttributeNS(nsURI, attributeName);
+ if(attributeValue.equals(attrValue))
+ return el;
+ //Take care of attributes with null NS
+ attrValue = el.getAttribute(attributeName);
+ if(attributeValue.equals(attrValue))
+ return el;
+ }
+ return null;
+ }
+
+ /**
+ * Get a {@link Source} given a {@link Document}
+ * @param doc
+ * @return
+ */
+ public static Source getXMLSource(Document doc)
+ {
+ return new DOMSource(doc);
+ }
+
+ /**
+ * Log the nodes in the document
+ * @param doc
+ */
+ public static void logNodes(Document doc)
+ {
+ visit(doc, 0);
+ }
+
+ private static void visit(Node node, int level)
+ {
+ // Visit each child
+ NodeList list = node.getChildNodes();
+ for (int i=0; i<list.getLength(); i++)
+ {
+ // Get child node
+ Node childNode = list.item(i);
+ if(trace)
+ log.trace("Node="+ childNode.getNamespaceURI()+
"::"+childNode.getLocalName());
+ // Visit child node
+ visit(childNode, level+1);
+ }
+ }
+
+ /**
+ * Create a namespace aware Document builder factory
+ * @return
+ */
+ private static DocumentBuilderFactory getDocumentBuilderFactory()
+ {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+ return factory;
+ }
+
+ private static Transformer getTransformer() throws TransformerConfigurationException,
+ TransformerFactoryConfigurationError
+ {
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ transformer.setOutputProperty(OutputKeys.INDENT, "no");
+ return transformer;
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,205 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.util;
-
-import java.net.URL;
-import java.util.HashMap;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-
-import org.apache.log4j.Logger;
-import org.xml.sax.ErrorHandler;
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXParseException;
-
-/**
- * Utility to obtain JAXB2 marshaller/unmarshaller etc
- * @author Anil.Saldhana(a)redhat.com
- * @since May 26, 2009
- */
-public class JAXBUtil
-{
- private static Logger log = Logger.getLogger(JAXBUtil.class);
-
- public static final String W3C_XML_SCHEMA_NS_URI =
"http://www.w3.org/2001/XMLSchema";
-
- private static HashMap<String,JAXBContext> jaxbContextHash = new
HashMap<String, JAXBContext>();
-
- static
- {
- //Useful on Sun VMs. Harmless on other VMs.
-
SecurityActions.setSystemProperty("com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot",
"true");
- }
-
- /**
- * Get the JAXB Marshaller
- * @param pkgName The package name for the jaxb context
- * @param schemaLocation location of the schema to validate against
- * @return Marshaller
- * @throws JAXBException
- * @throws SAXException
- */
- public static Marshaller getValidatingMarshaller(String pkgName, String
schemaLocation)
- throws JAXBException, SAXException
- {
- Marshaller marshaller = getMarshaller(pkgName);
-
- //Validate against schema
- Schema schema = getJAXPSchemaInstance(schemaLocation);
- marshaller.setSchema(schema);
-
- return marshaller;
- }
-
- /**
- * Get the JAXB Marshaller
- * @param pkgName The package name for the jaxb context
- * @return Marshaller
- * @throws JAXBException
- */
- public static Marshaller getMarshaller(String pkgName) throws JAXBException
- {
- if(pkgName == null)
- throw new IllegalArgumentException("pkgName is null");
-
- JAXBContext jc = getJAXBContext(pkgName);
- Marshaller marshaller = jc.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.FALSE); //Breaks
signatures
- return marshaller;
- }
-
- /**
- * Get the JAXB Unmarshaller
- * @param pkgName The package name for the jaxb context
- * @return unmarshaller
- * @throws JAXBException
- */
- public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException
- {
- if(pkgName == null)
- throw new IllegalArgumentException("pkgName is null");
- JAXBContext jc = getJAXBContext(pkgName);
- return jc.createUnmarshaller();
- }
-
- /**
- * Get the JAXB Unmarshaller
- * @param pkgName The package name for the jaxb context
- * @param schemaLocation location of the schema to validate against
- * @return unmarshaller
- * @throws JAXBException
- * @throws SAXException
- */
- public static Unmarshaller getValidatingUnmarshaller(String pkgName, String
schemaLocation)
- throws JAXBException, SAXException
- {
- Unmarshaller unmarshaller = getUnmarshaller(pkgName);
- Schema schema = getJAXPSchemaInstance(schemaLocation);
- unmarshaller.setSchema(schema);
-
- return unmarshaller;
- }
-
- private static Schema getJAXPSchemaInstance(String schemaLocation) throws
SAXException
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- URL schemaURL = tcl.getResource(schemaLocation);
- if(schemaURL == null)
- throw new IllegalStateException("Schema URL is null:" +
schemaLocation);
- SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
-
- //Always install the resolver unless the system property is set
-
if(SecurityActions.getSystemProperty("org.jboss.identity.federation.jaxb.ls",
null) == null)
- scFact.setResourceResolver( new IDFedLSInputResolver());
-
- scFact.setErrorHandler(new ErrorHandler()
- {
- public void error(SAXParseException exception) throws SAXException
- {
- StringBuilder builder = new StringBuilder();
- builder.append("Line Number=").append(exception.getLineNumber());
- builder.append(" Col
Number=").append(exception.getColumnNumber());
- builder.append(" Public ID=").append(exception.getPublicId());
- builder.append(" System ID=").append(exception.getSystemId());
- builder.append(" exc=").append(exception.getLocalizedMessage());
-
- log.trace("SAX Error:" + builder.toString());
- }
-
- public void fatalError(SAXParseException exception) throws SAXException
- {
- StringBuilder builder = new StringBuilder();
- builder.append("Line Number=").append(exception.getLineNumber());
- builder.append(" Col
Number=").append(exception.getColumnNumber());
- builder.append(" Public ID=").append(exception.getPublicId());
- builder.append(" System ID=").append(exception.getSystemId());
- builder.append(" exc=").append(exception.getLocalizedMessage());
-
- log.error("SAX Fatal Error:" + builder.toString());
- }
-
- public void warning(SAXParseException exception) throws SAXException
- {
- StringBuilder builder = new StringBuilder();
- builder.append("Line Number=").append(exception.getLineNumber());
- builder.append(" Col
Number=").append(exception.getColumnNumber());
- builder.append(" Public ID=").append(exception.getPublicId());
- builder.append(" System ID=").append(exception.getSystemId());
- builder.append(" exc=").append(exception.getLocalizedMessage());
-
- log.trace("SAX Warn:" + builder.toString());
- }
- });
- Schema schema = scFact.newSchema(schemaURL);
- return schema;
- }
-
- public static JAXBContext getJAXBContext(String path) throws JAXBException
- {
- JAXBContext jx = jaxbContextHash.get(path);
- if(jx == null)
- {
- jx = JAXBContext.newInstance(path);
- jaxbContextHash.put(path, jx);
- }
- return jx;
- }
-
- public static JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException
- {
- String clazzName = clazz.getName();
-
- JAXBContext jx = jaxbContextHash.get(clazzName);
- if(jx == null)
- {
- jx = JAXBContext.newInstance(clazz);
- jaxbContextHash.put(clazzName, jx);
- }
- return jx;
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
(from rev 729,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,206 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.util;
+
+import java.net.URL;
+import java.util.HashMap;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+
+import org.apache.log4j.Logger;
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+/**
+ * Utility to obtain JAXB2 marshaller/unmarshaller etc
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 26, 2009
+ */
+public class JAXBUtil
+{
+ private static Logger log = Logger.getLogger(JAXBUtil.class);
+ private static boolean trace = log.isTraceEnabled();
+
+ public static final String W3C_XML_SCHEMA_NS_URI =
"http://www.w3.org/2001/XMLSchema";
+
+ private static HashMap<String,JAXBContext> jaxbContextHash = new
HashMap<String, JAXBContext>();
+
+ static
+ {
+ //Useful on Sun VMs. Harmless on other VMs.
+
SecurityActions.setSystemProperty("com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot",
"true");
+ }
+
+ /**
+ * Get the JAXB Marshaller
+ * @param pkgName The package name for the jaxb context
+ * @param schemaLocation location of the schema to validate against
+ * @return Marshaller
+ * @throws JAXBException
+ * @throws SAXException
+ */
+ public static Marshaller getValidatingMarshaller(String pkgName, String
schemaLocation)
+ throws JAXBException, SAXException
+ {
+ Marshaller marshaller = getMarshaller(pkgName);
+
+ //Validate against schema
+ Schema schema = getJAXPSchemaInstance(schemaLocation);
+ marshaller.setSchema(schema);
+
+ return marshaller;
+ }
+
+ /**
+ * Get the JAXB Marshaller
+ * @param pkgName The package name for the jaxb context
+ * @return Marshaller
+ * @throws JAXBException
+ */
+ public static Marshaller getMarshaller(String pkgName) throws JAXBException
+ {
+ if(pkgName == null)
+ throw new IllegalArgumentException("pkgName is null");
+
+ JAXBContext jc = getJAXBContext(pkgName);
+ Marshaller marshaller = jc.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.FALSE); //Breaks
signatures
+ return marshaller;
+ }
+
+ /**
+ * Get the JAXB Unmarshaller
+ * @param pkgName The package name for the jaxb context
+ * @return unmarshaller
+ * @throws JAXBException
+ */
+ public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException
+ {
+ if(pkgName == null)
+ throw new IllegalArgumentException("pkgName is null");
+ JAXBContext jc = getJAXBContext(pkgName);
+ return jc.createUnmarshaller();
+ }
+
+ /**
+ * Get the JAXB Unmarshaller
+ * @param pkgName The package name for the jaxb context
+ * @param schemaLocation location of the schema to validate against
+ * @return unmarshaller
+ * @throws JAXBException
+ * @throws SAXException
+ */
+ public static Unmarshaller getValidatingUnmarshaller(String pkgName, String
schemaLocation)
+ throws JAXBException, SAXException
+ {
+ Unmarshaller unmarshaller = getUnmarshaller(pkgName);
+ Schema schema = getJAXPSchemaInstance(schemaLocation);
+ unmarshaller.setSchema(schema);
+
+ return unmarshaller;
+ }
+
+ private static Schema getJAXPSchemaInstance(String schemaLocation) throws
SAXException
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ URL schemaURL = tcl.getResource(schemaLocation);
+ if(schemaURL == null)
+ throw new IllegalStateException("Schema URL is null:" +
schemaLocation);
+ SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
+
+ //Always install the resolver unless the system property is set
+
if(SecurityActions.getSystemProperty("org.jboss.identity.federation.jaxb.ls",
null) == null)
+ scFact.setResourceResolver( new IDFedLSInputResolver());
+
+ scFact.setErrorHandler(new ErrorHandler()
+ {
+ public void error(SAXParseException exception) throws SAXException
+ {
+ StringBuilder builder = new StringBuilder();
+ builder.append("Line Number=").append(exception.getLineNumber());
+ builder.append(" Col
Number=").append(exception.getColumnNumber());
+ builder.append(" Public ID=").append(exception.getPublicId());
+ builder.append(" System ID=").append(exception.getSystemId());
+ builder.append(" exc=").append(exception.getLocalizedMessage());
+
+ if(trace) log.trace("SAX Error:" + builder.toString());
+ }
+
+ public void fatalError(SAXParseException exception) throws SAXException
+ {
+ StringBuilder builder = new StringBuilder();
+ builder.append("Line Number=").append(exception.getLineNumber());
+ builder.append(" Col
Number=").append(exception.getColumnNumber());
+ builder.append(" Public ID=").append(exception.getPublicId());
+ builder.append(" System ID=").append(exception.getSystemId());
+ builder.append(" exc=").append(exception.getLocalizedMessage());
+
+ log.error("SAX Fatal Error:" + builder.toString());
+ }
+
+ public void warning(SAXParseException exception) throws SAXException
+ {
+ StringBuilder builder = new StringBuilder();
+ builder.append("Line Number=").append(exception.getLineNumber());
+ builder.append(" Col
Number=").append(exception.getColumnNumber());
+ builder.append(" Public ID=").append(exception.getPublicId());
+ builder.append(" System ID=").append(exception.getSystemId());
+ builder.append(" exc=").append(exception.getLocalizedMessage());
+
+ if(trace) log.trace("SAX Warn:" + builder.toString());
+ }
+ });
+ Schema schema = scFact.newSchema(schemaURL);
+ return schema;
+ }
+
+ public static JAXBContext getJAXBContext(String path) throws JAXBException
+ {
+ JAXBContext jx = jaxbContextHash.get(path);
+ if(jx == null)
+ {
+ jx = JAXBContext.newInstance(path);
+ jaxbContextHash.put(path, jx);
+ }
+ return jx;
+ }
+
+ public static JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException
+ {
+ String clazzName = clazz.getName();
+
+ JAXBContext jx = jaxbContextHash.get(clazzName);
+ if(jx == null)
+ {
+ jx = JAXBContext.newInstance(clazz);
+ jaxbContextHash.put(clazzName, jx);
+ }
+ return jx;
+ }
+}
\ No newline at end of file
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/pom.xml 2009-08-17 21:15:02 UTC
(rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,130 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-fed-model</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Model</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Federation Model contains the JAXB2
model.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-xmlsec-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>apache-logging</groupId>
- <artifactId>commons-logging-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-impl</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbossxacml</artifactId>
- </dependency>
- <dependency>
- <groupId>stax</groupId>
- <artifactId>stax-api</artifactId>
- <version>1.0</version>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>codehaus-stax</groupId>
- <artifactId>stax</artifactId>
- <version>1.1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-xalan</groupId>
- <artifactId>serializer</artifactId>
- <version>2.7.0.patch01-brew</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml (from rev
730, identity-federation/trunk/jboss-identity-fed-model/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-fed-model/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,130 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Model</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Federation Model contains the JAXB2
model.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-xmlsec-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>apache-logging</groupId>
+ <artifactId>commons-logging-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbossxacml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>codehaus-stax</groupId>
+ <artifactId>stax</artifactId>
+ <version>1.1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-xalan</groupId>
+ <artifactId>serializer</artifactId>
+ <version>2.7.0.patch01-brew</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-seam/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml 2009-08-24 15:55:09
UTC (rev 731)
@@ -1,130 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent
- </artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-seam</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Bindings for Seam</name>
- <
url>http://labs.jboss.org/portal/jbossidentity/
- </url>
- <description>JBoss Identity Seam bindings contain the default
- bindings needed for Seam web applications.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt
- </url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>
- -Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed
- </argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model
- </artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-web</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.seam</groupId>
- <artifactId>jboss-seam</artifactId>
- <version>2.1.2.GA</version>
- <type>ejb</type>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>javax.faces</groupId>
- <artifactId>jsf-api</artifactId>
- <version>1.2</version>
- <scope>provided</scope>
- </dependency>
- </dependencies>
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam> -charset UTF-8 -docencoding UTF-8 -version
- -author -breakiterator -windowtitle "${project.name}
- ${project.version} API Reference" -doctitle "${project.name}
- ${project.version} API Reference" -bottom "Copyright ©
- ${project.inceptionYear}-Present ${project.organization.name}. All
- Rights Reserved." -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml (from rev 730,
identity-federation/trunk/jboss-identity-seam/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-seam/pom.xml 2009-08-24 15:55:09
UTC (rev 731)
@@ -0,0 +1,129 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent
+ </artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-seam</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Bindings for Seam</name>
+ <
url>http://labs.jboss.org/portal/jbossidentity/
+ </url>
+ <description>JBoss Identity Seam bindings contain the default
+ bindings needed for Seam web applications.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt
+ </url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>
+ -Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed
+ </argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model
+ </artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-web</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>jboss-seam</artifactId>
+ <version>2.1.2.GA</version>
+ <type>ejb</type>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.faces</groupId>
+ <artifactId>jsf-api</artifactId>
+ <version>1.2</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam> -charset UTF-8 -docencoding UTF-8 -version
+ -author -breakiterator -windowtitle "${project.name}
+ ${project.version} API Reference" -doctitle "${project.name}
+ ${project.version} API Reference" -bottom "Copyright ©
+ ${project.inceptionYear}-Present ${project.organization.name}. All
+ Rights Reserved." -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-web/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml 2009-08-24 15:55:09
UTC (rev 731)
@@ -1,201 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-web</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation Web</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Web contains code that will run in any web
container.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
-
- <!-- Profile to exclude the integration tests that take long time -->
- <profiles>
- <profile>
- <id>exclude-long-tests</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <excludes>
- <exclude>**/integration/*TestCase.java</exclude>
- </excludes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- . <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
-
- <profile>
- <id>long-tests</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <childDelegation>true</childDelegation>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/integration/*TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- . <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-api</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.4</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>nekohtml</groupId>
- <artifactId>nekohtml</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache</groupId>
- <artifactId>httpclient</artifactId>
- <version>3.0.1</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-codec</artifactId>
- <version>1.3</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>apache-xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.9.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-logging</groupId>
- <artifactId>commons-logging-api</artifactId>
- <version>1.0.3</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty-util</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml (from rev 730,
identity-federation/trunk/jboss-identity-web/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-web/pom.xml 2009-08-24 15:55:09
UTC (rev 731)
@@ -0,0 +1,201 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-web</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation Web</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Web contains code that will run in any web
container.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+
+ <!-- Profile to exclude the integration tests that take long time -->
+ <profiles>
+ <profile>
+ <id>exclude-long-tests</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <excludes>
+ <exclude>**/integration/*TestCase.java</exclude>
+ </excludes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ . <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+
+ <profile>
+ <id>long-tests</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <childDelegation>true</childDelegation>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/integration/*TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ . <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>nekohtml</groupId>
+ <artifactId>nekohtml</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>3.0.1</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.3</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>apache-xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.9.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-logging</groupId>
+ <artifactId>commons-logging-api</artifactId>
+ <version>1.0.3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.interfaces;
+
+import javax.security.auth.login.LoginException;
+
+/**
+ * Handle authentication
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 18, 2009
+ */
+public interface ILoginHandler
+{
+ /**
+ * Authenticate the user
+ * @param username username
+ * @param credential credential
+ * @return true - authenticated
+ * @throws LoginException
+ */
+ public boolean authenticate(String username, Object credential)
+ throws LoginException;
+}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.interfaces;
+
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Validate the passed Roles
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public interface IRoleValidator
+{
+ /**
+ * Initialize the validator
+ * @param options
+ */
+ void intialize(Map<String,String> options);
+
+ /**
+ * Validate whether the principal with the given
+ * list of roles is valid
+ * @param userPrincipal
+ * @param roles
+ * @return
+ */
+ boolean userInRole(Principal userPrincipal, List<String> roles);
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,209 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.web.openid;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.openid.OpenIDAttributeMap;
-import org.jboss.identity.federation.api.openid.OpenIDLifecycle;
-import org.jboss.identity.federation.api.openid.OpenIDLifecycleEvent;
-import org.jboss.identity.federation.api.openid.OpenIDProtocolAdapter;
-import org.jboss.identity.federation.api.openid.OpenIDLifecycleEvent.OP;
-import org.jboss.identity.federation.api.openid.OpenIDLifecycleEvent.TYPE;
-import org.jboss.identity.federation.api.openid.exceptions.OpenIDLifeCycleException;
-import org.jboss.identity.federation.api.openid.exceptions.OpenIDProtocolException;
-
-/**
- * Protocol adapter for HTTP
- * @author Anil.Saldhana(a)redhat.com
- * @since Jul 6, 2009
- */
-public class HTTPProtocolAdaptor implements OpenIDProtocolAdapter, OpenIDLifecycle
-{
- private static Logger log = Logger.getLogger(HTTPProtocolAdaptor.class);
-
- private HttpServletRequest request;
- private HttpServletResponse response;
- private ServletContext servletContext;
- private String returnURL;
-
- public HTTPProtocolAdaptor(HTTPOpenIDContext octx)
- {
- if(octx == null)
- throw new IllegalArgumentException("http openid context is null");
-
- this.request = octx.getRequest();
- this.response = octx.getResponse();
- this.returnURL = octx.getReturnURL();
- this.servletContext = octx.getServletContext();
- }
-
- public OpenIDAttributeMap getAttributeMap()
- {
- OpenIDAttributeMap map = new OpenIDAttributeMap();
- if ("1".equals(request.getParameter("nickname")))
- {
- map.put("nickname", "1");
- }
- if ("1".equals(request.getParameter("email")))
- {
- map.put("email", "1");
- }
- if ("1".equals(request.getParameter("fullname")))
- {
- map.put("fullname", "1");
- }
- if ("1".equals(request.getParameter("dob")))
- {
- map.put("dob", "1");
- }
- if ("1".equals(request.getParameter("gender")))
- {
- map.put("gender", "1");
- }
- if ("1".equals(request.getParameter("postcode")))
- {
- map.put("postcode", "1");
- }
- if ("1".equals(request.getParameter("country")))
- {
- map.put("country", "1");
- }
- if ("1".equals(request.getParameter("language")))
- {
- map.put("language", "1");
- }
- if ("1".equals(request.getParameter("timezone")))
- {
- map.put("timezone", "1");
- }
-
- return map;
- }
-
- public String getReturnURL()
- {
- return this.returnURL;
- }
-
- /**
- * @throws OpenIDLifeCycleException
- * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent)
- */
- public void handle(OpenIDLifecycleEvent event) throws OpenIDLifeCycleException
- {
- if(event == null)
- throw new IllegalArgumentException("event is null");
-
- if(event.getEventType() == TYPE.SESSION)
- {
- String attr = event.getAttributeName();
- Object attrVal = event.getAttributeValue();
-
- if(event.getOperation() == OP.ADD)
- {
- request.getSession().setAttribute(attr, attrVal);
- }
- else if(event.getOperation() == OP.REMOVE)
- {
- request.getSession().removeAttribute(attr);
- }
- }
-
- if(event.getEventType() == TYPE.SUCCESS)
- try
- {
- response.sendRedirect(".");
- }
- catch (IOException e)
- {
- throw new OpenIDLifeCycleException(e);
- }
- }
-
- /**
- * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent[])
- */
- public void handle(OpenIDLifecycleEvent[] eventArr) throws OpenIDLifeCycleException
- {
- for(OpenIDLifecycleEvent ev: eventArr)
- {
- this.handle(ev);
- }
- }
-
- public void sendToProvider(int version, String destinationURL,
- Map<String, String> paramMap) throws OpenIDProtocolException
- {
- log.trace("send to provider=" + version + "::destinationURL=" +
destinationURL);
-
- if(version == 1)
- {
- try
- {
- response.sendRedirect(destinationURL);
- return;
- }
- catch (IOException e)
- {
- throw new OpenIDProtocolException(e);
- }
- }
-
- //Version != 1
-
- // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
-
- RequestDispatcher dispatcher =
-
this.servletContext.getRequestDispatcher("/formredirection.jsp");
- request.setAttribute("parameterMap", paramMap);
- request.setAttribute("destinationUrl", destinationURL);
- try
- {
- dispatcher.forward(request, response);
- }
- catch(IOException io)
- {
- throw new OpenIDProtocolException(io);
- }
- catch (ServletException e)
- {
- throw new OpenIDProtocolException(e);
- }
- }
-
- /**
- * @see OpenIDLifecycle#getAttributeValue(String)
- */
- public Object getAttributeValue(String name)
- {
- return this.request.getSession().getAttribute(name);
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java
(from rev 729,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPProtocolAdaptor.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,211 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.openid;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.openid.OpenIDAttributeMap;
+import org.jboss.identity.federation.api.openid.OpenIDLifecycle;
+import org.jboss.identity.federation.api.openid.OpenIDLifecycleEvent;
+import org.jboss.identity.federation.api.openid.OpenIDProtocolAdapter;
+import org.jboss.identity.federation.api.openid.OpenIDLifecycleEvent.OP;
+import org.jboss.identity.federation.api.openid.OpenIDLifecycleEvent.TYPE;
+import org.jboss.identity.federation.api.openid.exceptions.OpenIDLifeCycleException;
+import org.jboss.identity.federation.api.openid.exceptions.OpenIDProtocolException;
+
+/**
+ * Protocol adapter for HTTP
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 6, 2009
+ */
+public class HTTPProtocolAdaptor implements OpenIDProtocolAdapter, OpenIDLifecycle
+{
+ private static Logger log = Logger.getLogger(HTTPProtocolAdaptor.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private HttpServletRequest request;
+ private HttpServletResponse response;
+ private ServletContext servletContext;
+ private String returnURL;
+
+ public HTTPProtocolAdaptor(HTTPOpenIDContext octx)
+ {
+ if(octx == null)
+ throw new IllegalArgumentException("http openid context is null");
+
+ this.request = octx.getRequest();
+ this.response = octx.getResponse();
+ this.returnURL = octx.getReturnURL();
+ this.servletContext = octx.getServletContext();
+ }
+
+ public OpenIDAttributeMap getAttributeMap()
+ {
+ OpenIDAttributeMap map = new OpenIDAttributeMap();
+ if ("1".equals(request.getParameter("nickname")))
+ {
+ map.put("nickname", "1");
+ }
+ if ("1".equals(request.getParameter("email")))
+ {
+ map.put("email", "1");
+ }
+ if ("1".equals(request.getParameter("fullname")))
+ {
+ map.put("fullname", "1");
+ }
+ if ("1".equals(request.getParameter("dob")))
+ {
+ map.put("dob", "1");
+ }
+ if ("1".equals(request.getParameter("gender")))
+ {
+ map.put("gender", "1");
+ }
+ if ("1".equals(request.getParameter("postcode")))
+ {
+ map.put("postcode", "1");
+ }
+ if ("1".equals(request.getParameter("country")))
+ {
+ map.put("country", "1");
+ }
+ if ("1".equals(request.getParameter("language")))
+ {
+ map.put("language", "1");
+ }
+ if ("1".equals(request.getParameter("timezone")))
+ {
+ map.put("timezone", "1");
+ }
+
+ return map;
+ }
+
+ public String getReturnURL()
+ {
+ return this.returnURL;
+ }
+
+ /**
+ * @throws OpenIDLifeCycleException
+ * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent)
+ */
+ public void handle(OpenIDLifecycleEvent event) throws OpenIDLifeCycleException
+ {
+ if(event == null)
+ throw new IllegalArgumentException("event is null");
+
+ if(event.getEventType() == TYPE.SESSION)
+ {
+ String attr = event.getAttributeName();
+ Object attrVal = event.getAttributeValue();
+
+ if(event.getOperation() == OP.ADD)
+ {
+ request.getSession().setAttribute(attr, attrVal);
+ }
+ else if(event.getOperation() == OP.REMOVE)
+ {
+ request.getSession().removeAttribute(attr);
+ }
+ }
+
+ if(event.getEventType() == TYPE.SUCCESS)
+ try
+ {
+ response.sendRedirect(".");
+ }
+ catch (IOException e)
+ {
+ throw new OpenIDLifeCycleException(e);
+ }
+ }
+
+ /**
+ * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent[])
+ */
+ public void handle(OpenIDLifecycleEvent[] eventArr) throws OpenIDLifeCycleException
+ {
+ for(OpenIDLifecycleEvent ev: eventArr)
+ {
+ this.handle(ev);
+ }
+ }
+
+ public void sendToProvider(int version, String destinationURL,
+ Map<String, String> paramMap) throws OpenIDProtocolException
+ {
+ if(trace)
+ log.trace("send to provider=" + version +
"::destinationURL=" + destinationURL);
+
+ if(version == 1)
+ {
+ try
+ {
+ response.sendRedirect(destinationURL);
+ return;
+ }
+ catch (IOException e)
+ {
+ throw new OpenIDProtocolException(e);
+ }
+ }
+
+ //Version != 1
+
+ // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)
+
+ RequestDispatcher dispatcher =
+
this.servletContext.getRequestDispatcher("/formredirection.jsp");
+ request.setAttribute("parameterMap", paramMap);
+ request.setAttribute("destinationUrl", destinationURL);
+ try
+ {
+ dispatcher.forward(request, response);
+ }
+ catch(IOException io)
+ {
+ throw new OpenIDProtocolException(io);
+ }
+ catch (ServletException e)
+ {
+ throw new OpenIDProtocolException(e);
+ }
+ }
+
+ /**
+ * @see OpenIDLifecycle#getAttributeValue(String)
+ */
+ public Object getAttributeValue(String name)
+ {
+ return this.request.getSession().getAttribute(name);
+ }
+}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.servlets;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.security.auth.login.LoginException;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.jboss.identity.federation.web.handlers.DefaultLoginHandler;
+import org.jboss.identity.federation.web.interfaces.ILoginHandler;
+
+/**
+ * Handles login at the IDP
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class IDPLoginServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+ private ServletContext context;
+ private String USERNAME_FIELD = "JBID_USERNAME";
+ private String PASS_FIELD = "JBID_PASSWORD";
+ private ILoginHandler loginHandler = null;
+
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ HttpSession session = request.getSession();
+
+ //Check if we are already authenticated
+ Principal principal = (Principal) session.getAttribute(IDPServlet.PRINCIPAL_ID);
+ if(principal != null)
+ {
+ this.saveRequest(request, session);
+ redirectToIDP(request,response);
+ return;
+ }
+
+ final String username = request.getParameter(USERNAME_FIELD);
+ String passwd = request.getParameter(PASS_FIELD);
+
+ if(username == null || passwd == null)
+ {
+ String samlMessage = request.getParameter("SAMLRequest");
+
+ if(samlMessage == null || "".equals(samlMessage))
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+
+ log("No username or password found. Redirecting to login page");
+ this.saveRequest(request, session);
+
+ this.redirectToLoginPage(request, response);
+ }
+ else
+ {
+ //we have the username and password
+ try
+ {
+ boolean isValid = loginHandler.authenticate(username, passwd);
+ if(!isValid)
+ {
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+
+ session.setAttribute(IDPServlet.PRINCIPAL_ID, new Principal()
+ {
+ public String getName()
+ {
+ return username;
+ }
+ });
+
+
+ this.redirectToIDP(request, response);
+ return;
+ }
+ catch (LoginException e)
+ {
+ log("Exception logging in :", e);
+ //TODO: Send back invalid user SAML
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+ }
+ }
+
+ @Override
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ this.context = config.getServletContext();
+ //Users can customize the username and password fields of their html forms here
+ String userNameField = config.getInitParameter("USERNAME_FIELD");
+ if(userNameField != null && userNameField.length() > 0)
+ USERNAME_FIELD = userNameField;
+
+ String pwdField = config.getInitParameter("PASSWORD_FIELD");
+ if(pwdField != null && pwdField.length() > 0)
+ PASS_FIELD = pwdField;
+
+ String loginClass = config.getInitParameter("loginClass");
+ if(loginClass == null || loginClass.length() == 0)
+ loginClass = DefaultLoginHandler.class.getName();
+ //Lets set up the login class
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(loginClass);
+ loginHandler = (ILoginHandler) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
+
+ private void saveRequest(HttpServletRequest request, HttpSession session)
+ {
+ //Save the SAMLRequest and relayState
+ session.setAttribute("SAMLRequest",
request.getParameter("SAMLRequest"));
+ String relayState = request.getParameter("RelayState");
+ if(relayState != null && !"".equals(relayState))
+ session.setAttribute("RelayState", relayState );
+ session.setAttribute("Referer", request.getHeader("Referer"));
+ }
+
+ private void redirectToIDP(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ RequestDispatcher dispatch = context.getRequestDispatcher("/IDPServlet");
+ if(dispatch == null)
+ log("Cannot dispatch to the IDP Servlet");
+ dispatch.forward(request, response);
+ return;
+ }
+
+ private void redirectToLoginPage(HttpServletRequest request, HttpServletResponse
response)
+ throws ServletException, IOException
+ {
+ RequestDispatcher dispatch =
context.getRequestDispatcher("/jsp/login.jsp");
+ if(dispatch == null)
+ log("Cannot find the login page");
+ dispatch.forward(request, response);
+ return;
+ }
+}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
(from rev 729,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,414 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.roles.DefaultRoleGenerator;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.w3c.dom.Document;
+
+/**
+ * SAML Web Browser SSO - POST binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 13, 2009
+ */
+public class IDPServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+ private static Logger log = Logger.getLogger(IDPServlet.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public static final String PRINCIPAL_ID = "jboss_identity.principal";
+ public static final String ROLES_ID = "jboss_identity.roles";
+
+ protected IDPType idpConfiguration = null;
+
+ private RoleGenerator rg = new DefaultRoleGenerator();
+
+ private long assertionValidity = 5000; // 5 seconds in miliseconds
+
+ private String identityURL = null;
+
+ private TrustKeyManager keyManager;
+
+ private Boolean ignoreIncomingSignatures = true;
+
+ private Boolean signOutgoingMessages = true;
+
+ private ServletContext context = null;
+
+ public Boolean getIgnoreIncomingSignatures()
+ {
+ return ignoreIncomingSignatures;
+ }
+
+ @Override
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ String configFile = "/WEB-INF/jboss-idfed.xml";
+ context = config.getServletContext();
+ InputStream is = context.getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
+ this.identityURL = idpConfiguration.getIdentityURL();
+ log.trace("Identity Provider URL=" + this.identityURL);
+ this.assertionValidity = idpConfiguration.getAssertionValidity();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ if(this.signOutgoingMessages)
+ {
+ KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new RuntimeException("Key Provider is null for context=" +
context.getContextPath());
+
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new RuntimeException(e.getLocalizedMessage());
+ }
+ if(trace)
+ log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
+ //handle the role generator
+ String rgString = config.getInitParameter("ROLE_GENERATOR");
+ if(rgString != null && !"".equals(rgString))
+ this.setRoleGenerator(rgString);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
+ {
+ //Some issue with filters and servlets
+ HttpSession session = request.getSession(false);
+
+ String samlMessage = (String) session.getAttribute("SAMLRequest");
+ String relayState = (String) session.getAttribute("RelayState");
+
+ String referer = request.getHeader("Referer");
+
+ //See if the user has already been authenticated
+ Principal userPrincipal = (Principal) session.getAttribute(PRINCIPAL_ID);
+
+ if(userPrincipal == null)
+ {
+ //The sys admin has not set up the login servlet filters for the IDP
+ if(trace)
+ log.trace("Login Filters have not been configured");
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+
+
+ IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request,
+ idpConfiguration, keyManager);
+
+ if(userPrincipal != null)
+ {
+ if(trace)
+ {
+ log.trace("Retrieved saml message and relay state from session");
+ log.trace("saml message=" + samlMessage + "::relay
state="+ relayState);
+ }
+ session.removeAttribute("SAMLRequest");
+
+ if(relayState != null && relayState.length() > 0)
+ session.removeAttribute("RelayState");
+
+ //Send valid saml response after processing the request
+ if(samlMessage != null)
+ {
+ //Get the SAML Request Message
+ RequestAbstractType requestAbstractType = null;
+ Document samlResponse = null;
+ String destination = null;
+ try
+ {
+ requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
+ boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
+ boolean isValid = validate(request.getRemoteAddr(),
+ request.getQueryString(),
+ new SessionHolder(samlMessage, null, null), isPost);
+
+ if(!isValid)
+ throw new GeneralSecurityException("Validation check
failed");
+
+ webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
+
+
+ List<String> roles = (List<String>)
session.getAttribute(ROLES_ID);
+ if(roles == null)
+ {
+ roles = rg.generateRoles(userPrincipal);
+ session.setAttribute(ROLES_ID, roles);
+ }
+
+
+ if(trace)
+ log.trace("Roles have been determined:Creating response");
+
+ AuthnRequestType art = (AuthnRequestType) requestAbstractType;
+ destination = art.getAssertionConsumerServiceURL();
+
+ samlResponse =
+ webRequestUtil.getResponse(destination,
+ userPrincipal, roles,
+ this.identityURL, this.assertionValidity,
this.signOutgoingMessages);
+ }
+ catch (IssuerNotTrustedException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (ParsingException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (ConfigurationException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (IssueInstantMissingException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch(GeneralSecurityException e)
+ {
+ if(trace) log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ finally
+ {
+ try
+ {
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, destination,relayState, response,
true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, destination, relayState, response,
false,null);
+ }
+ catch (ParsingException e)
+ {
+ if(trace) log.trace(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ return;
+ }
+ else
+ {
+ log.error("No SAML Request Message");
+ if(trace) log.trace("Referer="+referer);
+
+ try
+ {
+ sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ }
+ catch (ConfigurationException e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ }
+ }
+
+ protected void sendErrorResponseToSP(String referrer, HttpServletResponse response,
String relayState,
+ IDPWebRequestUtil webRequestUtil) throws ServletException, IOException,
ConfigurationException
+ {
+ if(trace) log.trace("About to send error response to SP:" + referrer);
+
+ Document samlResponse =
+ webRequestUtil.getErrorResponse(referrer,
JBossSAMLURIConstants.STATUS_RESPONDER.get(),
+ this.identityURL, this.signOutgoingMessages);
+ try
+ {
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, referrer, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, referrer, relayState, response,
false,null);
+ }
+ catch (ParsingException e1)
+ {
+ throw new ServletException(e1);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new ServletException(e);
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
+ {
+ resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ }
+
+
+ protected class SessionHolder
+ {
+ String samlRequest;
+ String signature;
+ String sigAlg;
+
+ public SessionHolder(String req, String sig, String alg)
+ {
+ this.samlRequest = req;
+ this.signature = sig;
+ this.sigAlg = alg;
+ }
+ }
+
+ protected boolean validate(String remoteAddress,
+ String queryString,
+ SessionHolder holder, boolean isPost) throws IOException,
GeneralSecurityException
+ {
+ if (holder.samlRequest == null || holder.samlRequest.length() == 0)
+ {
+ return false;
+ }
+
+ if (!this.ignoreIncomingSignatures && !isPost)
+ {
+ String sig = holder.signature;
+ if (sig == null || sig.length() == 0)
+ {
+ log.error("Signature received from SP is null:" + remoteAddress);
+ return false;
+ }
+
+ //Check if there is a signature
+ byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
+ if(sigValue == null)
+ return false;
+
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(remoteAddress);
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+
+ return RedirectBindingSignatureUtil.validateSignature(queryString,
validatingKey, sigValue);
+ }
+ else
+ {
+ //Post binding no signature verification. The SAML message signature is
verified
+ return true;
+ }
+ }
+
+ private void setRoleGenerator(String rgName)
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(rgName);
+ rg = (RoleGenerator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.servlets;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.InputStream;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.SPType;
+import org.xml.sax.SAXException;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class ConfigurationUtil
+{
+ @SuppressWarnings("unchecked")
+ public static IDPType getIDPConfiguration(InputStream is) throws JAXBException,
SAXException
+ {
+ if(is == null)
+ throw new IllegalArgumentException("inputstream is null");
+ String schema = "schema/config/jboss-identity-fed.xsd";
+
+ String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
+ boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
+
+ String pkgName = "org.jboss.identity.federation.web.config";
+ Unmarshaller un = null;
+ if(validate)
+ un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
+ else
+ un = JAXBUtil.getUnmarshaller(pkgName);
+
+ JAXBElement<IDPType> jaxbSp = (JAXBElement<IDPType>)
un.unmarshal(is);
+ return jaxbSp.getValue();
+ }
+
+ @SuppressWarnings("unchecked")
+ public static SPType getSPConfiguration(InputStream is) throws JAXBException,
SAXException
+ {
+ if(is == null)
+ throw new IllegalArgumentException("inputstream is null");
+ String schema = "schema/config/jboss-identity-fed.xsd";
+
+ String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
+ boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
+
+ String pkgName = "org.jboss.identity.federation.web.config";
+ Unmarshaller un = null;
+ if(validate)
+ un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
+ else
+ un = JAXBUtil.getUnmarshaller(pkgName);
+
+ JAXBElement<SPType> jaxbSp = (JAXBElement<SPType>) un.unmarshal(is);
+ return jaxbSp.getValue();
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,439 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.web.util;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.util.List;
-import java.util.StringTokenizer;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.TrustType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.web.util.PostBindingUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-/**
- * Request Util
- * <b> Not thread safe</b>
- * @author Anil.Saldhana(a)redhat.com
- * @since May 18, 2009
- */
-public class IDPWebRequestUtil
-{
- private static Logger log = Logger.getLogger(IDPWebRequestUtil.class);
-
- private boolean redirectProfile = false;
- private boolean postProfile = false;
-
- private IDPType idpConfiguration;
- private TrustKeyManager keyManager;
-
- public IDPWebRequestUtil(HttpServletRequest request, IDPType idp, TrustKeyManager
keym)
- {
- this.idpConfiguration = idp;
- this.keyManager = keym;
- this.redirectProfile = "GET".equals(request.getMethod());
- this.postProfile = "POST".equals(request.getMethod());
- }
-
- public boolean hasSAMLRequestInRedirectProfile()
- {
- return redirectProfile;
- }
-
- public boolean hasSAMLRequestInPostProfile()
- {
- return postProfile;
- }
-
- public RequestAbstractType getSAMLRequest(String samlMessage)
- throws ParsingException, IOException
- {
- InputStream is = null;
- SAML2Request saml2Request = new SAML2Request();
- if(redirectProfile)
- {
- is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
- }
- else
- {
- byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
- log.trace("SAMLRequest=" + new String(samlBytes));
- is = new ByteArrayInputStream(samlBytes);
- }
- return saml2Request.getRequestType(is);
- }
-
-
- public Document getResponse( String assertionConsumerURL,
- Principal userPrincipal,
- List<String> roles,
- String identityURL,
- long assertionValidity,
- boolean supportSignature)
- throws ConfigurationException, IssueInstantMissingException
- {
- Document samlResponseDocument = null;
-
- log.trace("AssertionConsumerURL=" + assertionConsumerURL +
- "::assertion validity=" + assertionValidity);
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(userPrincipal.getName());
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(assertionConsumerURL);
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
-
-
- //Add information on the roles
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
-
- AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
-
- //Add timed conditions
- saml2Response.createTimedConditions(assertion, assertionValidity);
-
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
-
- log.trace("Support Sig=" + supportSignature + " ::Post
Profile?=" + hasSAMLRequestInPostProfile());
- if(supportSignature && hasSAMLRequestInPostProfile())
- {
- try
- {
- SAML2Signature saml2Signature = new SAML2Signature();
- samlResponseDocument = saml2Signature.sign(responseType,
keyManager.getSigningKeyPair());
- }
- catch (Exception e)
- {
- log.trace(e);
- }
- }
- else
- try
- {
- samlResponseDocument = saml2Response.convert(responseType);
- }
- catch (Exception e)
- {
- log.trace(e);
- }
-
- return samlResponseDocument;
- }
-
-
-
- /**
- * Verify that the issuer is trusted
- * @param issuer
- * @throws IssuerNotTrustedException
- */
- public void isTrusted(String issuer) throws IssuerNotTrustedException
- {
- try
- {
- String issuerDomain = getDomain(issuer);
- TrustType idpTrust = idpConfiguration.getTrust();
- if(idpTrust != null)
- {
- String domainsTrusted = idpTrust.getDomains();
- log.trace("Domains that IDP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- {
- //Let us do string parts checking
- StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
- while(st != null && st.hasMoreTokens())
- {
- String uriBit = st.nextToken();
- log.trace("Matching uri bit="+ uriBit);
- if(issuerDomain.indexOf(uriBit) > 0)
- {
- log.trace("Matched " + uriBit + " trust for " +
issuerDomain );
- return;
- }
- }
- throw new IssuerNotTrustedException(issuer);
- }
- }
- }
- catch (Exception e)
- {
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
- }
- }
-
- /**
- * Send a response
- * @param responseDoc
- * @param relayState
- * @param response
- * @throws IOException
- * @throws GeneralSecurityException
- */
- public void send(Document responseDoc, String destination,
- String relayState,
- HttpServletResponse response,
- boolean supportSignature,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- if(responseDoc == null)
- throw new IllegalArgumentException("responseType is null");
-
- byte[] responseBytes = null;
- try
- {
- responseBytes =
DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
- }
- catch (TransformerFactoryConfigurationError e)
- {
- log.trace(e);
- }
- catch (TransformerException e)
- {
- log.trace(e);
- }
-
- if(redirectProfile)
- {
- String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
-
- log.trace("IDP:Destination=" + destination);
-
- if(relayState != null && relayState.length() > 0)
- relayState = RedirectBindingUtil.urlEncode(relayState);
-
- String finalDest = destination + getDestination(urlEncodedResponse, relayState,
- supportSignature);
- log.trace("Redirecting to="+ finalDest);
- HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
- }
- else
- {
- String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));
-
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination,
- samlResponse, relayState), response, false);
- }
- }
-
- /**
- * Generate a Destination URL for the HTTPRedirect binding
- * with the saml response and relay state
- * @param urlEncodedResponse
- * @param urlEncodedRelayState
- * @return
- */
- public String getDestination(String urlEncodedResponse, String urlEncodedRelayState,
- boolean supportSignature)
- {
- StringBuilder sb = new StringBuilder();
-
- if (supportSignature)
- {
- try
- {
-
sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
- urlEncodedRelayState, keyManager.getSigningKey()));
- }
- catch (Exception e)
- {
- log.trace(e);
- }
- }
- else
- {
- sb.append("?SAMLResponse=").append(urlEncodedResponse);
- if (urlEncodedRelayState != null && urlEncodedRelayState.length() >
0)
- sb.append("&RelayState=").append(urlEncodedRelayState);
- }
- return sb.toString();
- }
-
- /**
- * Create an Error Response
- * @param responseURL
- * @param status
- * @param identityURL
- * @param supportSignature
- * @return
- * @throws ConfigurationException
- */
- public Document getErrorResponse(String responseURL, String status,
- String identityURL, boolean supportSignature)
- {
- Document samlResponse = null;
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(status);
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(null);
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(responseURL);
- try
- {
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- }
- catch (ConfigurationException e1)
- {
- log.trace(e1);
- responseType = saml2Response.createResponseType();
- }
-
- log.debug("Error_ResponseType = ");
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
-
- if(supportSignature)
- {
- try
- {
- //SigAlg
- String algo = keyManager.getSigningKey().getAlgorithm();
- String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
-
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
-
- SAML2Signature ss = new SAML2Signature();
- samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
- }
- catch (Exception e)
- {
- log.trace(e);
- }
- }
- else
- try
- {
- samlResponse = saml2Response.convert(responseType);
- }
- catch (Exception e)
- {
- log.trace(e);
- }
-
- return samlResponse;
- }
-
- /**
- * Given a SP or IDP issuer from the assertion, return the host
- * @param domainURL
- * @return
- * @throws IOException
- */
- private static String getDomain(String domainURL) throws IOException
- {
- URL url = new URL(domainURL);
- return url.getHost();
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
(from rev 729,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,447 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.TrustType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+/**
+ * Request Util
+ * <b> Not thread safe</b>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 18, 2009
+ */
+public class IDPWebRequestUtil
+{
+ private static Logger log = Logger.getLogger(IDPWebRequestUtil.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private boolean redirectProfile = false;
+ private boolean postProfile = false;
+
+ private IDPType idpConfiguration;
+ private TrustKeyManager keyManager;
+
+ public IDPWebRequestUtil(HttpServletRequest request, IDPType idp, TrustKeyManager
keym)
+ {
+ this.idpConfiguration = idp;
+ this.keyManager = keym;
+ this.redirectProfile = "GET".equals(request.getMethod());
+ this.postProfile = "POST".equals(request.getMethod());
+ }
+
+ public boolean hasSAMLRequestInRedirectProfile()
+ {
+ return redirectProfile;
+ }
+
+ public boolean hasSAMLRequestInPostProfile()
+ {
+ return postProfile;
+ }
+
+ public RequestAbstractType getSAMLRequest(String samlMessage)
+ throws ParsingException, IOException
+ {
+ InputStream is = null;
+ SAML2Request saml2Request = new SAML2Request();
+ if(redirectProfile)
+ {
+ is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ }
+ else
+ {
+ byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
+ if(trace) log.trace("SAMLRequest=" + new String(samlBytes));
+ is = new ByteArrayInputStream(samlBytes);
+ }
+ return saml2Request.getRequestType(is);
+ }
+
+
+ public Document getResponse( String assertionConsumerURL,
+ Principal userPrincipal,
+ List<String> roles,
+ String identityURL,
+ long assertionValidity,
+ boolean supportSignature)
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ Document samlResponseDocument = null;
+
+ if(trace)
+ log.trace("AssertionConsumerURL=" + assertionConsumerURL +
+ "::assertion validity=" + assertionValidity);
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(userPrincipal.getName());
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(assertionConsumerURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+
+ //Add information on the roles
+ AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+
+ AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+
+ //Add timed conditions
+ saml2Response.createTimedConditions(assertion, assertionValidity);
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+
+ if(trace)
+ log.trace("Support Sig=" + supportSignature + " ::Post
Profile?=" + hasSAMLRequestInPostProfile());
+ if(supportSignature && hasSAMLRequestInPostProfile())
+ {
+ try
+ {
+ SAML2Signature saml2Signature = new SAML2Signature();
+ samlResponseDocument = saml2Signature.sign(responseType,
keyManager.getSigningKeyPair());
+ }
+ catch (Exception e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ else
+ try
+ {
+ samlResponseDocument = saml2Response.convert(responseType);
+ }
+ catch (Exception e)
+ {
+ log.trace(e);
+ }
+
+ return samlResponseDocument;
+ }
+
+
+
+ /**
+ * Verify that the issuer is trusted
+ * @param issuer
+ * @throws IssuerNotTrustedException
+ */
+ public void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ if(idpConfiguration == null)
+ throw new IllegalStateException("IDP Configuration is null");
+ try
+ {
+ String issuerDomain = getDomain(issuer);
+ TrustType idpTrust = idpConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(trace)
+ log.trace("Domains that IDP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ if(trace)
+ log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ if(trace)
+ log.trace("Matched " + uriBit + " trust for "
+ issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ /**
+ * Send a response
+ * @param responseDoc
+ * @param relayState
+ * @param response
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ public void send(Document responseDoc, String destination,
+ String relayState,
+ HttpServletResponse response,
+ boolean supportSignature,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ if(responseDoc == null)
+ throw new IllegalArgumentException("responseType is null");
+
+ byte[] responseBytes = null;
+ try
+ {
+ responseBytes =
DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ if(trace) log.trace(e);
+ }
+ catch (TransformerException e)
+ {
+ if(trace) log.trace(e);
+ }
+
+ if(redirectProfile)
+ {
+ String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
+
+ if(trace) log.trace("IDP:Destination=" + destination);
+
+ if(relayState != null && relayState.length() > 0)
+ relayState = RedirectBindingUtil.urlEncode(relayState);
+
+ String finalDest = destination + getDestination(urlEncodedResponse, relayState,
+ supportSignature);
+ if(trace) log.trace("Redirecting to="+ finalDest);
+ HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
+ }
+ else
+ {
+ String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));
+
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination,
+ samlResponse, relayState), response, false);
+ }
+ }
+
+ /**
+ * Generate a Destination URL for the HTTPRedirect binding
+ * with the saml response and relay state
+ * @param urlEncodedResponse
+ * @param urlEncodedRelayState
+ * @return
+ */
+ public String getDestination(String urlEncodedResponse, String urlEncodedRelayState,
+ boolean supportSignature)
+ {
+ StringBuilder sb = new StringBuilder();
+
+ if (supportSignature)
+ {
+ try
+ {
+
sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
+ urlEncodedRelayState, keyManager.getSigningKey()));
+ }
+ catch (Exception e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ else
+ {
+ sb.append("?SAMLResponse=").append(urlEncodedResponse);
+ if (urlEncodedRelayState != null && urlEncodedRelayState.length() >
0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ }
+ return sb.toString();
+ }
+
+ /**
+ * Create an Error Response
+ * @param responseURL
+ * @param status
+ * @param identityURL
+ * @param supportSignature
+ * @return
+ * @throws ConfigurationException
+ */
+ public Document getErrorResponse(String responseURL, String status,
+ String identityURL, boolean supportSignature)
+ {
+ Document samlResponse = null;
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(status);
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ try
+ {
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+ }
+ catch (ConfigurationException e1)
+ {
+ if(trace) log.trace(e1);
+ responseType = saml2Response.createResponseType();
+ }
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ log.trace("Error_ResponseType = ");
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+
+ if(supportSignature)
+ {
+ try
+ {
+ //SigAlg
+ String algo = keyManager.getSigningKey().getAlgorithm();
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ SAML2Signature ss = new SAML2Signature();
+ samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
+ }
+ catch (Exception e)
+ {
+ if(trace) log.trace(e);
+ }
+ }
+ else
+ try
+ {
+ samlResponse = saml2Response.convert(responseType);
+ }
+ catch (Exception e)
+ {
+ if(trace) log.trace(e);
+ }
+
+ return samlResponse;
+ }
+
+ /**
+ * Given a SP or IDP issuer from the assertion, return the host
+ * @param domainURL
+ * @return
+ * @throws IOException
+ */
+ private static String getDomain(String domainURL) throws IOException
+ {
+ URL url = new URL(domainURL);
+ return url.getHost();
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,108 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.web.util;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.util.Base64;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-
-/**
- * Utility for the HTTP/Post binding
- * @author Anil.Saldhana(a)redhat.com
- * @since May 22, 2009
- */
-public class PostBindingUtil
-{
- private static Logger log = Logger.getLogger(PostBindingUtil.class);
-
- public static String base64Encode(String stringToEncode) throws IOException
- {
- return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"),
Base64.DONT_BREAK_LINES);
- }
-
- public static byte[] base64Decode(String encodedString)
- {
- return Base64.decode(encodedString);
- }
-
- /**
- * Send the response to the redirected destination while
- * adding the character encoding of "UTF-8" as well as
- * adding headers for cache-control and Pragma
- * @param destination Destination URI where the response needs to redirect
- * @param response HttpServletResponse
- * @throws IOException
- */
- public static void sendPost(DestinationInfoHolder holder,
- HttpServletResponse response,
- boolean sendToIDP)
- throws IOException
- {
- String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
-
- String relayState = holder.getRelayState();
- String destination = holder.getDestination();
- String samlMessage = holder.getSamlMessage();
-
- response.setContentType("text/html");
- PrintWriter out = response.getWriter();
- common(holder.getDestination(), response);
- StringBuilder builder = new StringBuilder();
-
- builder.append("<HTML>");
- builder.append("<HEAD>");
- if(sendToIDP)
- builder.append("<TITLE>HTTP Post Binding To Identity
Provider</TITLE>");
- else
- builder.append("<TITLE>HTTP Post Binding Response To Service
Provider</TITLE>");
-
- builder.append("</HEAD>");
- builder.append("<BODY
Onload=\"document.forms[0].submit()\">");
-
- builder.append("<FORM METHOD=\"POST\" ACTION=\"" +
destination + "\">");
- builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\""+ key
+"\"" + " VALUE=\"" + samlMessage
- + "\"/>");
- if (relayState != null && relayState.length() > 0)
- {
- builder.append("<INPUT TYPE=\"HIDDEN\"
NAME=\"RelayState\" " +
- "VALUE=\"" + relayState + "\"/>");
- }
- builder.append("</FORM></BODY></HTML>");
-
- String str = builder.toString();
- log.debug(str);
- out.println(str);
- out.close();
- }
-
- private static void common(String destination, HttpServletResponse response)
- {
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-Control", "no-cache, no-store");
- }
-}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
(from rev 729,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,110 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+
+/**
+ * Utility for the HTTP/Post binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 22, 2009
+ */
+public class PostBindingUtil
+{
+ private static Logger log = Logger.getLogger(PostBindingUtil.class);
+ private static boolean trace = log.isTraceEnabled();
+
+ public static String base64Encode(String stringToEncode) throws IOException
+ {
+ return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"),
Base64.DONT_BREAK_LINES);
+ }
+
+ public static byte[] base64Decode(String encodedString)
+ {
+ return Base64.decode(encodedString);
+ }
+
+ /**
+ * Send the response to the redirected destination while
+ * adding the character encoding of "UTF-8" as well as
+ * adding headers for cache-control and Pragma
+ * @param destination Destination URI where the response needs to redirect
+ * @param response HttpServletResponse
+ * @throws IOException
+ */
+ public static void sendPost(DestinationInfoHolder holder,
+ HttpServletResponse response,
+ boolean sendToIDP)
+ throws IOException
+ {
+ String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
+
+ String relayState = holder.getRelayState();
+ String destination = holder.getDestination();
+ String samlMessage = holder.getSamlMessage();
+
+ response.setContentType("text/html");
+ PrintWriter out = response.getWriter();
+ common(holder.getDestination(), response);
+ StringBuilder builder = new StringBuilder();
+
+ builder.append("<HTML>");
+ builder.append("<HEAD>");
+ if(sendToIDP)
+ builder.append("<TITLE>HTTP Post Binding To Identity
Provider</TITLE>");
+ else
+ builder.append("<TITLE>HTTP Post Binding Response To Service
Provider</TITLE>");
+
+ builder.append("</HEAD>");
+ builder.append("<BODY
Onload=\"document.forms[0].submit()\">");
+
+ builder.append("<FORM METHOD=\"POST\" ACTION=\"" +
destination + "\">");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\""+ key
+"\"" + " VALUE=\"" + samlMessage
+ + "\"/>");
+ if (relayState != null && relayState.length() > 0)
+ {
+ builder.append("<INPUT TYPE=\"HIDDEN\"
NAME=\"RelayState\" " +
+ "VALUE=\"" + relayState + "\"/>");
+ }
+ builder.append("</FORM></BODY></HTML>");
+
+ String str = builder.toString();
+ if(trace)
+ log.trace(str);
+ out.println(str);
+ out.close();
+ }
+
+ private static void common(String destination, HttpServletResponse response)
+ {
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-Control", "no-cache, no-store");
+ }
+}
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java
(from rev 725,
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ /**
+ * Get the system property
+ * @param key
+ * @param defaultValue
+ * @return
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+}
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/circleoftrust/pom.xml 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,41 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>circleoftrust</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Circle Of Trust</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>circleoftrust</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
-
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/circleoftrust/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/circleoftrust/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,41 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>circleoftrust</artifactId>
+ <version>1.0.0.beta1</version>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Circle Of Trust</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>circleoftrust</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/employee/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>employee</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Web Apps Employee</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>employee</warName>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
-
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/employee/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/employee/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>employee</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Web Apps Employee</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>employee</warName>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/fed-example/pom.xml 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <groupId>org.jboss.identity</groupId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- </parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>fed-example</artifactId>
- <packaging>ear</packaging>
- <name>fed-example JEE5 Assembly</name>
- <url>http://maven.apache.org</url>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <source>1.5</source>
- <target>1.5</target>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-ear-plugin</artifactId>
- <version>2.3.2</version>
- <configuration>
- <version>5</version>
- </configuration>
- </plugin>
- </plugins>
- <finalName>fed-example</finalName>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>idp-sig-no-val</artifactId>
- <version>${project.version}</version>
- <type>war</type>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>seam-sp</artifactId>
- <version>${project.version}</version>
- <type>war</type>
- </dependency>
- </dependencies>
-</project>
\ No newline at end of file
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/fed-example/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/fed-example/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,49 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <groupId>org.jboss.identity</groupId>
+ <version>1.0.0.beta1</version>
+ </parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>fed-example</artifactId>
+ <packaging>ear</packaging>
+ <name>fed-example JEE5 Assembly</name>
+ <url>http://maven.apache.org</url>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-ear-plugin</artifactId>
+ <version>2.3.2</version>
+ <configuration>
+ <version>5</version>
+ </configuration>
+ </plugin>
+ </plugins>
+ <finalName>fed-example</finalName>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>idp-sig-no-val</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>seam-sp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp/pom.xml 2009-08-17 21:15:02 UTC
(rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>idp</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Identity Provider</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>idp</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml (from rev
730, identity-federation/trunk/jboss-identity-webapps/idp/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>idp-sig</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Identity Provider that supports
signature</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>idp-sig</warName>
- <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/idp-sig/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider that supports
signature</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp-sig</warName>
+ <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-sig-no-val/pom.xml 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>idp-sig-no-val</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Identity Provider that supports
signature</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>idp-sig-no-val</warName>
- <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/idp-sig-no-val/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-sig-no-val/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp-sig-no-val</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider that supports
signature</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp-sig-no-val</warName>
+ <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone (from
rev 728, identity-federation/trunk/jboss-identity-webapps/idp-standalone)
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>idp-standalone</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Identity Provider that supports signature and
that is a simple web application that can hosted on any web container</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>idp-standalone</warName>
- <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp-standalone</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider that supports signature and
that is a simple web application that can hosted on any web container</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp-standalone</warName>
+ <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks)
===================================================================
(Binary files differ)
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks)
===================================================================
(Binary files differ)
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties 2009-08-24
15:55:09 UTC (rev 731)
@@ -1 +0,0 @@
-manager=manager,sales,employee
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1 @@
+manager=manager,sales,employee
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties 2009-08-24
15:55:09 UTC (rev 731)
@@ -1 +0,0 @@
-manager=tomcat
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1 @@
+manager=tomcat
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,15 +0,0 @@
-<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0" >
-<IdentityURL>http://localhost:8080/idp-standalone/</IdentityURL>
-<Trust>
- <Domains>localhost,jboss.com,jboss.org</Domains>
-</Trust>
-<KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
- <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
- <Auth Key="KeyStorePass" Value="store123" />
- <Auth Key="SigningKeyPass" Value="test123" />
- <Auth Key="SigningKeyAlias" Value="servercert" />
- <ValidatingAlias Key="localhost" Value="servercert"/>
- <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
-</KeyProvider>
-
-</JBossIDP>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,15 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0" >
+<IdentityURL>http://localhost:8080/idp-standalone/</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org</Domains>
+</Trust>
+<KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+</KeyProvider>
+
+</JBossIDP>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- version="2.5">
-
- <display-name>Standalone IDP</display-name>
- <description>
- IDP Standalone Application
- </description>
-
- <!-- Define the login filter -->
-<!--
- <filter>
- <filter-name>LoginFilter</filter-name>
-
<filter-class>org.jboss.identity.federation.web.filters.LoginFilter</filter-class>
- <description>
- The Login Filter will do the login for the IDP.
- </description>
- </filter>
-
- <filter-mapping>
- <filter-name>LoginFilter</filter-name>
- <url-pattern>/*</url-pattern>
- <dispatcher>REQUEST</dispatcher>
- </filter-mapping>
- -->
-
- <!-- Create the servlet -->
- <servlet>
- <servlet-name>IDPLoginServlet</servlet-name>
-
<servlet-class>org.jboss.identity.federation.web.servlets.IDPLoginServlet</servlet-class>
- </servlet>
- <servlet>
- <servlet-name>IDPServlet</servlet-name>
-
<servlet-class>org.jboss.identity.federation.web.servlets.IDPServlet</servlet-class>
- </servlet>
-
- <servlet-mapping>
- <url-pattern>/</url-pattern>
- <servlet-name>IDPLoginServlet</servlet-name>
- </servlet-mapping>
-
- <servlet-mapping>
- <url-pattern>/IDPServlet</url-pattern>
- <servlet-name>IDPServlet</servlet-name>
- </servlet-mapping>
-
-</web-app>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>Standalone IDP</display-name>
+ <description>
+ IDP Standalone Application
+ </description>
+
+ <!-- Define the login filter -->
+<!--
+ <filter>
+ <filter-name>LoginFilter</filter-name>
+
<filter-class>org.jboss.identity.federation.web.filters.LoginFilter</filter-class>
+ <description>
+ The Login Filter will do the login for the IDP.
+ </description>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>LoginFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+ -->
+
+ <!-- Create the servlet -->
+ <servlet>
+ <servlet-name>IDPLoginServlet</servlet-name>
+
<servlet-class>org.jboss.identity.federation.web.servlets.IDPLoginServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>IDPServlet</servlet-name>
+
<servlet-class>org.jboss.identity.federation.web.servlets.IDPServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <url-pattern>/</url-pattern>
+ <servlet-name>IDPLoginServlet</servlet-name>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <url-pattern>/IDPServlet</url-pattern>
+ <servlet-name>IDPServlet</servlet-name>
+ </servlet-mapping>
+
+</web-app>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,12 +0,0 @@
-<html> <head> <title>Error!</title></head>
-<body>
-
-<font size='4' color='red'>
- The username and password you supplied are not valid.
-</p>
-Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
-to retry login
-
-</body>
-</form>
-</html>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,6 +0,0 @@
-<html><head><title>Login Page</title></head>
-<body>
-<font size='5' color='blue'>Login Error</font><hr>
-
-</body>
- </html>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,6 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Login Error</font><hr>
+
+</body>
+ </html>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp 2009-08-21
21:56:07 UTC (rev 728)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,16 +0,0 @@
-<html><head><title>Login Page</title></head>
-<body>
-<font size='5' color='blue'>Please Login</font><hr>
-
-<form action='j_security_check' method='post'>
-<table>
- <tr><td>Name:</td>
- <td><input type='text'
name='j_username'></td></tr>
- <tr><td>Password:</td>
- <td><input type='password' name='j_password'
size='8'></td>
- </tr>
-</table>
-<br>
- <input type='submit' value='login'>
-</form></body>
- </html>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text'
name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password'
size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-sts</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Security Token Service</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>jboss-sts</warName>
- <!--webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes-->
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/jboss-sts/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/jboss-sts/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-sts</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Security Token Service</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>jboss-sts</warName>
+ <!--webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes-->
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/metadata/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>metadata</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Metadata</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>metadata</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/metadata/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/metadata/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>metadata</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Metadata</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>metadata</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/openid-consumer/pom.xml 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>openid-consumer</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation OpenID Consumer</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>openid-consumer</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/openid-consumer/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-consumer/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>openid-consumer</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation OpenID Consumer</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>openid-consumer</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/openid-provider/pom.xml 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>openid-provider</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation OpenID Provider</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>openid-provider</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/openid-provider/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/openid-provider/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>openid-provider</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation OpenID Provider</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>openid-provider</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp (from rev 726,
identity-federation/trunk/jboss-identity-webapps/pdp)
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pdp/pom.xml 2009-08-21 21:55:16 UTC
(rev 726)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>pdp</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity XACML PDP</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>XACML PDP Web Application for the JBoss Identity
Project</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>pdp</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml (from rev
730, identity-federation/trunk/jboss-identity-webapps/pdp/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>pdp</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity XACML PDP</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>XACML PDP Web Application for the JBoss Identity
Project</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>pdp</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,114 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Top level policy set which combines the CDA and N confidentiality codes.
- </Description>
- <Target/>
- <PolicySet
-
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:emergency"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target/>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:emergency</PolicySetIdReference>
- </PolicySet>
- <PolicySet
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:CDA"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >UBA</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
-
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
- </PolicySet>
- <PolicySet
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:MA"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >MA</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
-
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
- RuleCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
- Effect="Permit">
- <Description>
- If a Deny was obtained for object above then set Permit by default.
- </Description>
- </Rule>
- </Policy>
- </PolicySet>
- <PolicySet
-
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:bus-rule"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
- </PolicySet>
- <PolicySet
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:N"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
- <Target/>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
- </PolicySet>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-01-top-level.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Top level policy set which combines the CDA and N confidentiality codes.
+ </Description>
+ <Target/>
+ <PolicySet
+
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:emergency"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:emergency</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:CDA"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >UBA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:MA"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >MA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
+ RuleCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
+ Effect="Permit">
+ <Description>
+ If a Deny was obtained for object above then set Permit by default.
+ </Description>
+ </Rule>
+ </Policy>
+ </PolicySet>
+ <PolicySet
+
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:bus-rule"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:N"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:CDA"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for the UBA confidentiality code.
- </Description>
- <Target/>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:CDA"
- RuleCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:1"
- Effect="Permit">
- <Description>
- If the access subject is NOT one of those users which consent has
- been removed, then permit.
- </Description>
- <Target/>
- <Condition>
- <!-- True if hl7:dissented-subject-id NOT EQUAL TO subject:subject-id -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- <ResourceAttributeDesignator
- AttributeId=
-
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:2"
- Effect="Deny">
- <Description>
- If a Permit was not obtained above then set Deny by default.
- </Description>
- </Rule>
- <Obligations>
- <!-- These obligations provide specific instructions to PEP in the response
-->
- <!-- This obligation instructs the PEP to apply privacy constraints to
-->
- <!-- user's responsibility for the data.
-->
- <Obligation
-
ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:privacy:constraint"
- FulfillOn="Deny"/>
- </Obligations>
- </Policy>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02a-CDA.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:CDA"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the UBA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:CDA"
+ RuleCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:1"
+ Effect="Permit">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then permit.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id NOT EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response
-->
+ <!-- This obligation instructs the PEP to apply privacy constraints to
-->
+ <!-- user's responsibility for the data.
-->
+ <Obligation
+
ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:privacy:constraint"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for evaluating the subject:role attributes.
- This implements an RBAC policy. This policy set matches
- subject roles and refers to permission policy sets.
- </Description>
- <Target/>
- <PolicySet
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:physician"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:role:hl7:physician</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- </Target>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
- </PolicySet>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02b-N.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for evaluating the subject:role attributes.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:physician"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:role:hl7:physician</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for evaluating the subject:hl7:permission attributes.
- This implements an RBAC policy. This policy set matches
- subject roles and refers to permission policy sets.
- </Description>
- <Target/>
- <PolicySet
-
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
- <Target/>
- <PolicySet
-
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-0"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target/>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
- </PolicySet>
- <PolicySet
-
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-1"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target>
- <Subjects>
- <Subject>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- <SubjectMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
- <SubjectAttributeDesignator
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </SubjectMatch>
- </Subject>
- </Subjects>
- </Target>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
- </PolicySet>
- </PolicySet>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02c-N-PermCollections.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for evaluating the subject:hl7:permission attributes.
+ This implements an RBAC policy. This policy set matches
+ subject roles and refers to permission policy sets.
+ </Description>
+ <Target/>
+ <PolicySet
+
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySet
+
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-0"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-1"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ <SubjectAttributeDesignator
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ </Target>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ </PolicySet>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,79 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for the business rule for unsigned progress notes.
- </Description>
- <Target/>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
- RuleCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
- Effect="Permit">
- <Description>
- If the progress-note is signed allow any user to see it. If not signed
- then only author may see it.
- </Description>
- <Target/>
- <Condition>
- <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >True</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
-
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
- Effect="Permit">
- <Description>
- If a Permit was not obtained then subject must be author.
- </Description>
- <Target/>
- <Condition>
- <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- <ResourceAttributeDesignator
- AttributeId=
-
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
- Effect="Deny">
- <Description>
- If a Permit was not obtained above then set Deny by default.
- </Description>
- </Rule>
- <Obligations>
- <!-- These obligations provide specific instructions to PEP in the response
-->
- <!-- This obligation informs the PEP access denied unsigned non-author
-->
- <Obligation
-
ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
- FulfillOn="Deny"/>
- </Obligations>
- </Policy>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02d-prog-note.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the business rule for unsigned progress notes.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
+ RuleCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
+ Effect="Permit">
+ <Description>
+ If the progress-note is signed allow any user to see it. If not signed
+ then only author may see it.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >True</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
+ Effect="Permit">
+ <Description>
+ If a Permit was not obtained then subject must be author.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response
-->
+ <!-- This obligation informs the PEP access denied unsigned non-author
-->
+ <Obligation
+
ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:MA"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for the MA confidentiality code.
- </Description>
- <Target/>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA"
- RuleCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:1"
- Effect="Deny">
- <Description>
- If the access subject is NOT one of those users which consent has
- been removed, then deny.
- Note: there is reverse logic here because the Obligation that denies
- access to the user for this object must be issued when the user has
- obtained a Permit. So, the caller of this policy must know to reverse
- sense as well.
- </Description>
- <Target/>
- <Condition>
- <!-- True if hl7:radiology:dissented-subject-id NOTEQUALTO subject:subject-id
-->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <!-- True if hl7:radiology:dissented-subject-id EQUALTO subject:subject-id
-->
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- <ResourceAttributeDesignator
- AttributeId=
-
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:2"
- Effect="Permit">
- <Description>
- If a Deny was not obtained above then set Permit by default.
- </Description>
- </Rule>
- <Obligations>
- <!-- These obligations provide specific instructions to PEP in the response
-->
- <!-- This obligation instructs the PEP to apply privacy constraints to
-->
- <!-- user's responsibility for the data.
-->
- <Obligation
- ObligationId=
-
"urn:va:xacml:2.0:interop:rsa8:obligation:ma:privacy:constraint:radiology"
- FulfillOn="Permit"/>
- </Obligations>
- </Policy>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02e-MA.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:MA"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the MA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA"
+ RuleCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:1"
+ Effect="Deny">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then deny.
+ Note: there is reverse logic here because the Obligation that denies
+ access to the user for this object must be issued when the user has
+ obtained a Permit. So, the caller of this policy must know to reverse
+ sense as well.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:radiology:dissented-subject-id NOTEQUALTO subject:subject-id
-->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:radiology:dissented-subject-id EQUALTO subject:subject-id
-->
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+
"urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:2"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above then set Permit by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response
-->
+ <!-- This obligation instructs the PEP to apply privacy constraints to
-->
+ <!-- user's responsibility for the data.
-->
+ <Obligation
+ ObligationId=
+
"urn:va:xacml:2.0:interop:rsa8:obligation:ma:privacy:constraint:radiology"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,101 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:emergency"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set to allow emergency access for non-facility subjects.
- Returns Deny if user not from supported facility AND does not have emergency perm
- Returns Permit if not from supported facility AND not denied access
- Returns NotApplicable if plain old user from supported facility
- </Description>
- <Target/>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:emergency"
- RuleCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:deny"
- Effect="Deny">
- <Description>
- If the subject is not from a supported facility AND
-. if the subject does not have emergency permission THEN Deny access.
- </Description>
- <Target/>
- <Condition>
- <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
- <!-- AND if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId=
- "urn:oasis:names:tc:xacml:1.0:subject:locality"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- <EnvironmentAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:environment:locality"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Apply>
- <!-- True if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
- <SubjectAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:permit"
- Effect="Permit">
- <Description>
- If a Deny was not obtained above AND subject not part of a supported
- facility then subject must have emergency permission.
- </Description>
- <Target/>
- <Condition>
- <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId=
- "urn:oasis:names:tc:xacml:1.0:subject:locality"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- <EnvironmentAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:environment:locality"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <!-- These obligations provide specific instructions to PEP in the response
-->
- <!-- This obligation informs the PEP user granted emergency access -->
- <Obligation
-
ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:emergency:permit"
- FulfillOn="Permit"/>
- </Obligations>
- </Policy>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-02f-emergency.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:emergency"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set to allow emergency access for non-facility subjects.
+ Returns Deny if user not from supported facility AND does not have emergency perm
+ Returns Permit if not from supported facility AND not denied access
+ Returns NotApplicable if plain old user from supported facility
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:emergency"
+ RuleCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:deny"
+ Effect="Deny">
+ <Description>
+ If the subject is not from a supported facility AND
+. if the subject does not have emergency permission THEN Deny access.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <!-- AND if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ <!-- True if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:permit"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above AND subject not part of a supported
+ facility then subject must have emergency permission.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response
-->
+ <!-- This obligation informs the PEP user granted emergency access -->
+ <Obligation
+
ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:emergency:permit"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId=
- "urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set that points to the Permission PolicySet for medical record
- resources and actions.
- </Description>
- <Target/>
- <PolicySetIdReference
-
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004</PolicySetIdReference>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId=
+ "urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set that points to the Permission PolicySet for medical record
+ resources and actions.
+ </Description>
+ <Target/>
+ <PolicySetIdReference
+
>urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004</PolicySetIdReference>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,180 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
-
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004"
- PolicyCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for the PRD-004 permission. This permission allows
- access to all medical records.
- </Description>
- <Target/>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:N:PPS:PRD-004:1"
- RuleCombiningAlgId=
-
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:demographics</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:resource:hl7:chart</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:problemlist</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:procedures</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:laboratory</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:vitals</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:patientsearch</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
-
DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:policy:N:PPS:PRD-004:1:rule:1"
- Effect="Permit">
- <Condition>
-
- <!-- Returns true iff the first argument is a subset of the second argument
-->
- <!-- i.e. the permissions required by the resource must be a
-->
- <!-- subset of the permissions supplied by the subject
-->
-
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
-
- <!-- 1st argument: returns the values of all Attributes with
-->
- <!--
DataType="http://www.w3.org/2001/XMLSchema#string" and
-->
- <!--
AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" -->
- <ResourceAttributeDesignator
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"/>
-
- <!-- 2nd argument: returns the values of all Attributes with
-->
- <!--
DataType="http://www.w3.org/2001/XMLSchema#string" and
-->
- <!--
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" -->
- <SubjectAttributeDesignator
-
DataType="http://www.w3.org/2001/XMLSchema#string"
-
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"/>
-
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:N:PPS:PRD-004:1:rule:2"
- Effect="Deny">
- <Description>
- If a Permit was not obtained above then set Deny by default.
- </Description>
- </Rule>
- </Policy>
-</PolicySet>
\ No newline at end of file
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/XacmlPolicySet-04-N-PPS-PRD-004.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,180 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004"
+ PolicyCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the PRD-004 permission. This permission allows
+ access to all medical records.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:N:PPS:PRD-004:1"
+ RuleCombiningAlgId=
+
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:demographics</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:chart</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:problemlist</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:procedures</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:laboratory</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:vitals</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:patientsearch</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+
DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:policy:N:PPS:PRD-004:1:rule:1"
+ Effect="Permit">
+ <Condition>
+
+ <!-- Returns true iff the first argument is a subset of the second argument
-->
+ <!-- i.e. the permissions required by the resource must be a
-->
+ <!-- subset of the permissions supplied by the subject
-->
+
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+
+ <!-- 1st argument: returns the values of all Attributes with
-->
+ <!--
DataType="http://www.w3.org/2001/XMLSchema#string" and
-->
+ <!--
AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" -->
+ <ResourceAttributeDesignator
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"/>
+
+ <!-- 2nd argument: returns the values of all Attributes with
-->
+ <!--
DataType="http://www.w3.org/2001/XMLSchema#string" and
-->
+ <!--
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" -->
+ <SubjectAttributeDesignator
+
DataType="http://www.w3.org/2001/XMLSchema#string"
+
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"/>
+
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:N:PPS:PRD-004:1:rule:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,601 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
- PolicySetId="urn:oasis:names:tc:xspa:1.0"
-
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target />
- <PolicySet PolicySetId="urn:oasis:names:tc:xspa:1.0:org"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>Contains all organizational policies which are evaluated on all
requests.</Description>
- <Target />
- <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org:allowed:organizations"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- The organization denies the request if the subject is attempting to access
- a resource and is not a member of the allowed organizations.
- </Description>
- <Target />
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:org:allowed:organizations:deny"
Effect="Deny">
- <Description>Evaluates the allowed-organizations (if available) against the
subject's locality.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
- <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org:hoursofoperations"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- The organization denies the request if the subject is attempting to access
- the resource outside of the alloted time.
- </Description>
- <Target />
- <Rule RuleId="urn:oasis:names:tc:xspa:1.0:org:hoursofoperation:deny"
Effect="Deny">
- <Description>Evaluates the environment time against the hours of operation
start and end.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
- <EnvironmentAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"
DataType="http://www.w3.org/2001/XMLSchema#time" />
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start"
DataType="http://www.w3.org/2001/XMLSchema#time" />
- </Apply>
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
- <EnvironmentAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"
DataType="http://www.w3.org/2001/XMLSchema#time" />
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end"
DataType="http://www.w3.org/2001/XMLSchema#time" />
- </Apply>
- </Apply>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
-
- <!-- SUBJECT.STRUCTURED-ROLE NOT IN ORG.REQUIRED-ROLES -->
- <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org:required:roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- The organization denies the request if the subject is attempting to access
- a resource and they are not a member of the required role(s).
- </Description>
- <Target />
- <Rule RuleId="urn:oasis:names:tc:xspa:1.0:org:required:roles:deny"
Effect="Deny">
- <Description>Evaluates the organization roles (if available) against the
subject's role.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <!-- MAY NEED TO SWITCH ~~ Is this a one to many relationship? Are
all roles required or does the subject just need to be included? -->
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
-
- <!-- SUBJECT.PERMISSIONS NOT IN ORG.RESOURCE.PERMISSIONS -->
- <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org.resource.permissions"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- The organization denies the request if the subject does not have adequate
- permissions to access the resource.
- </Description>
- <Target />
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:org:resource.permissions:deny"
Effect="Deny">
- <Description>Evaluates the required permissions (if available) against the
subject's permissions.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
- <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org.catch-all"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Description></Description>
- <Target />
- <Rule RuleId="" Effect="Permit"></Rule>
- </Policy>
- </PolicySet>
-
- <PolicySet PolicySetId="urn:oasis:names:tc:xspa:1.0:patient"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>These policies are patient consent directives and are invoked on
medical-record requests.</Description>
- <Target />
-
- <!-- (RESOURCE.RESOURCETYPE IN PATIENT.MASKEDOBJECT) AND (SUBJECT.ROLE IN
PATIENT.MA.DISSENTING-ROLES) -->
- <!-- PROBLEMS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for problems from the subject if the NPI is not permitted by
the patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-roles:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-roles for problems (if available)
against the subject's role.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-role"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
- <!-- MEDICATIONS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for medications from the subject if the NPI is not permitted
by the patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-roles:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-roles for medications (if available)
against the subject's role.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-role"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
- <!-- ALERTS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request alerts from the subject if the NPI is not permitted by the
patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-roles:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-roles for alerts (if available)
against the subject's role.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-role"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
-
- <!-- IMMUNIZATIONS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for immunizations from the subject if the NPI is not permitted
by the patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-roles:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-roles for immunizations (if
available) against the subject's role.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-role"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
-
- <!-- (RESOURCE.RESOURCETYPE IN PATIENT.MASKEDOBJECT) AND (SUBJECT.ROLE IN
PATIENT.MA.DISSENTING-ROLES) -->
- <!-- PROBLEMS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for problems from the subject if the NPI is not permitted by
the patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-subject-ids:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-subject-id's for problems (if
available) against the subject's NPI.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
- <!-- MEDICATIONS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for medications from the subject if the NPI is not permitted
by the patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-subject-ids:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-subject-id's for medications (if
available) against the subject's NPI.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
- <!-- ALERTS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for alerts from the subject if the NPI is not permitted by the
patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-subject-ids:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-subject-id's for alerts (if
available) against the subject's NPI.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
- <!-- IMMUNIZATIONS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request for immunizations from the subject if the NPI is not permitted
by the patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-subject-ids:permit"
Effect="Permit">
- <Description>Evaluates the dissenting-subject-id's for immunizations
(if available) against the subject's NPI.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- <Obligations>
- <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
- </Obligations>
- </Policy>
-
- <!-- SUBJECT.LOCALITY NOT IN PATIENT.ALLOWED-ORGANIZATIONS -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:patient:allowed:organizations"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request from the subject if their locality is not permitted by the
patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:patient:allowed:organizations:deny"
Effect="Deny">
- <Description>Evaluates the allowed-organizations (if available) against the
subject's locality.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
-
- <!-- SUBJECT.ROLE IN PATIENT.DISSENTING-ROLES -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting:role"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request from the subject if their role is not permitted by the
patient.
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:patient:dissenting:roles:deny"
Effect="Deny">
- <Description>Evaluates the dissenting-role (if available) against the
subject's role.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
-
- <!-- SUBJECT.ID IN PATIENT.DISSENTING-ID -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request from the subject if the NPI is not permitted by the patient.
- </Description>
- <Target />
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-subject-ids:deny"
Effect="Deny">
- <Description>Evaluates the dissenting-subject-id (if available) against the
subject's NPI.</Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
- </Apply>
- </Apply>
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
-
- <!-- CONFIDENTIALITY -->
- <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0.resource:patient:hl7:confidentiality-codes"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
- <Description>
- Denies the request from the subject if the confidentiality code is set to
"Sensitive". This policy
- is acting as the "Catch-All".
- </Description>
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <Rule
RuleId="urn:oasis:names:tc:xspa:1.0.resource:patient:hl7:confidentiality-code:deny"
Effect="Deny">
- <Description>Evaluates the HL7 confidentiality-code.</Description>
- <Target />
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
- <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
- <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">S</Att...
- <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0.resource:patient:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string" />
- </Apply>
- </Apply>
- </Condition>
- </Rule>
- </Policy>
- </PolicySet>
-</PolicySet>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policies/himss-policy.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,601 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o...
+ PolicySetId="urn:oasis:names:tc:xspa:1.0"
+
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target />
+ <PolicySet PolicySetId="urn:oasis:names:tc:xspa:1.0:org"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>Contains all organizational policies which are evaluated on all
requests.</Description>
+ <Target />
+ <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org:allowed:organizations"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ The organization denies the request if the subject is attempting to access
+ a resource and is not a member of the allowed organizations.
+ </Description>
+ <Target />
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:org:allowed:organizations:deny"
Effect="Deny">
+ <Description>Evaluates the allowed-organizations (if available) against the
subject's locality.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org:hoursofoperations"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ The organization denies the request if the subject is attempting to access
+ the resource outside of the alloted time.
+ </Description>
+ <Target />
+ <Rule RuleId="urn:oasis:names:tc:xspa:1.0:org:hoursofoperation:deny"
Effect="Deny">
+ <Description>Evaluates the environment time against the hours of operation
start and end.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+ <EnvironmentAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"
DataType="http://www.w3.org/2001/XMLSchema#time" />
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:start"
DataType="http://www.w3.org/2001/XMLSchema#time" />
+ </Apply>
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+ <EnvironmentAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"
DataType="http://www.w3.org/2001/XMLSchema#time" />
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hoursofoperation:end"
DataType="http://www.w3.org/2001/XMLSchema#time" />
+ </Apply>
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <!-- SUBJECT.STRUCTURED-ROLE NOT IN ORG.REQUIRED-ROLES -->
+ <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org:required:roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ The organization denies the request if the subject is attempting to access
+ a resource and they are not a member of the required role(s).
+ </Description>
+ <Target />
+ <Rule RuleId="urn:oasis:names:tc:xspa:1.0:org:required:roles:deny"
Effect="Deny">
+ <Description>Evaluates the organization roles (if available) against the
subject's role.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <!-- MAY NEED TO SWITCH ~~ Is this a one to many relationship? Are
all roles required or does the subject just need to be included? -->
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <!-- SUBJECT.PERMISSIONS NOT IN ORG.RESOURCE.PERMISSIONS -->
+ <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org.resource.permissions"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ The organization denies the request if the subject does not have adequate
+ permissions to access the resource.
+ </Description>
+ <Target />
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:org:resource.permissions:deny"
Effect="Deny">
+ <Description>Evaluates the required permissions (if available) against the
subject's permissions.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:org:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xspa:1.0:org.catch-all"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Description></Description>
+ <Target />
+ <Rule RuleId="" Effect="Permit"></Rule>
+ </Policy>
+ </PolicySet>
+
+ <PolicySet PolicySetId="urn:oasis:names:tc:xspa:1.0:patient"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>These policies are patient consent directives and are invoked on
medical-record requests.</Description>
+ <Target />
+
+ <!-- (RESOURCE.RESOURCETYPE IN PATIENT.MASKEDOBJECT) AND (SUBJECT.ROLE IN
PATIENT.MA.DISSENTING-ROLES) -->
+ <!-- PROBLEMS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for problems from the subject if the NPI is not permitted by
the patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-roles:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-roles for problems (if available)
against the subject's role.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-role"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+ <!-- MEDICATIONS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for medications from the subject if the NPI is not permitted
by the patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-roles:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-roles for medications (if available)
against the subject's role.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-role"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+ <!-- ALERTS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request alerts from the subject if the NPI is not permitted by the
patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-roles:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-roles for alerts (if available)
against the subject's role.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-role"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+
+ <!-- IMMUNIZATIONS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-roles"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for immunizations from the subject if the NPI is not permitted
by the patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-roles:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-roles for immunizations (if
available) against the subject's role.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-role"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+
+ <!-- (RESOURCE.RESOURCETYPE IN PATIENT.MASKEDOBJECT) AND (SUBJECT.ROLE IN
PATIENT.MA.DISSENTING-ROLES) -->
+ <!-- PROBLEMS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for problems from the subject if the NPI is not permitted by
the patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-subject-ids:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-subject-id's for problems (if
available) against the subject's NPI.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Problems:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+ <!-- MEDICATIONS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for medications from the subject if the NPI is not permitted
by the patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:medications:dissenting-subject-ids:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-subject-id's for medications (if
available) against the subject's NPI.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Medications:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+ <!-- ALERTS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for alerts from the subject if the NPI is not permitted by the
patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:alerts:dissenting-subject-ids:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-subject-id's for alerts (if
available) against the subject's NPI.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Alerts:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+ <!-- IMMUNIZATIONS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request for immunizations from the subject if the NPI is not permitted
by the patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:immunizations:dissenting-subject-ids:permit"
Effect="Permit">
+ <Description>Evaluates the dissenting-subject-id's for immunizations
(if available) against the subject's NPI.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <Obligation
ObligationId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:Immunizations:dissenting-subject-id"
FulfillOn="Permit"></Obligation>
+ </Obligations>
+ </Policy>
+
+ <!-- SUBJECT.LOCALITY NOT IN PATIENT.ALLOWED-ORGANIZATIONS -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:patient:allowed:organizations"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request from the subject if their locality is not permitted by the
patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:patient:allowed:organizations:deny"
Effect="Deny">
+ <Description>Evaluates the allowed-organizations (if available) against the
subject's locality.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:locality"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:allowed-organizations"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <!-- SUBJECT.ROLE IN PATIENT.DISSENTING-ROLES -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting:role"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request from the subject if their role is not permitted by the
patient.
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:patient:dissenting:roles:deny"
Effect="Deny">
+ <Description>Evaluates the dissenting-role (if available) against the
subject's role.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-role"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <!-- SUBJECT.ID IN PATIENT.DISSENTING-ID -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-ids"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request from the subject if the NPI is not permitted by the patient.
+ </Description>
+ <Target />
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0:resource:patient:masked:problems:dissenting-subject-ids:deny"
Effect="Deny">
+ <Description>Evaluates the dissenting-subject-id (if available) against the
subject's NPI.</Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag-size">
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#integer">0</At...
+ </Apply>
+ </Apply>
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+ <SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:subject:npi"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:patient:dissenting-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <!-- CONFIDENTIALITY -->
+ <Policy
PolicyId="urn:oasis:names:tc:xspa:1.0.resource:patient:hl7:confidentiality-codes"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Denies the request from the subject if the confidentiality code is set to
"Sensitive". This policy
+ is acting as the "Catch-All".
+ </Description>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">urn:oasis...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <Rule
RuleId="urn:oasis:names:tc:xspa:1.0.resource:patient:hl7:confidentiality-code:deny"
Effect="Deny">
+ <Description>Evaluates the HL7 confidentiality-code.</Description>
+ <Target />
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">S</Att...
+ <ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xspa:1.0.resource:patient:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+ </PolicySet>
+</PolicySet>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,11 +0,0 @@
-<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
- <ns:Policies>
- <ns:PolicySet>
- <ns:Location>policies/himss-policy.xml</ns:Location>
- </ns:PolicySet>
- </ns:Policies>
- <ns:Locators>
- <ns:Locator
Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
- </ns:Locator>
- </ns:Locators>
-</ns:jbosspdp>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/classes/policyConfig.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,11 @@
+<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>policies/himss-policy.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator
Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml 2009-08-21
21:55:16 UTC (rev 726)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- version="2.5">
-
- <display-name>PDP Endpoint</display-name>
- <description>
- XACML PDP Web Application for the JBoss Identity project
- </description>
-
- <context-param>
- <param-name>debug</param-name>
- <param-value>false</param-value>
- </context-param>
- <servlet>
- <servlet-name>SOAPServlet</servlet-name>
-
<servlet-class>org.jboss.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet</servlet-class>
- <!-- Issuer is the string used in the issuer of saml
messages/assertions/statements-->
- <init-param>
- <param-name>issuer</param-name>
- <param-value>redhatPdpEntity</param-value>
- </init-param>
- <init-param>
- <param-name>debug</param-name>
- <param-value>true</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>SOAPServlet</servlet-name>
- <url-pattern>/SOAPServlet</url-pattern>
- </servlet-mapping>
-</web-app>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml
(from rev 724,
identity-federation/trunk/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pdp/resources/WEB-INF/web.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>PDP Endpoint</display-name>
+ <description>
+ XACML PDP Web Application for the JBoss Identity project
+ </description>
+
+ <context-param>
+ <param-name>debug</param-name>
+ <param-value>false</param-value>
+ </context-param>
+ <servlet>
+ <servlet-name>SOAPServlet</servlet-name>
+
<servlet-class>org.jboss.identity.federation.bindings.servlets.SOAPSAMLXACMLServlet</servlet-class>
+ <!-- Issuer is the string used in the issuer of saml
messages/assertions/statements-->
+ <init-param>
+ <param-name>issuer</param-name>
+ <param-value>redhatPdpEntity</param-value>
+ </init-param>
+ <init-param>
+ <param-name>debug</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>SOAPServlet</servlet-name>
+ <url-pattern>/SOAPServlet</url-pattern>
+ </servlet-mapping>
+</web-app>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,43 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <packaging>pom</packaging>
- <name>JBoss Identity Federation Web Applications</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Web Applications contains the web
- applications for Federated Identity Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <modules>
- <module>sales</module>
- <module>sales-sig</module>
- <module>sales-post-sig</module>
- <module>employee</module>
- <module>circleoftrust</module>
- <module>idp</module>
- <module>idp-sig</module>
- <module>idp-sig-no-val</module>
- <module>metadata</module>
- <module>openid-provider</module>
- <module>openid-consumer</module>
- <module>jboss-sts</module>
- <module>pdp</module>
- <module>seam-sp</module>
- <module>fed-example</module>
- </modules>
-</project>
\ No newline at end of file
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml (from rev 730,
identity-federation/trunk/jboss-identity-webapps/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,44 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <packaging>pom</packaging>
+ <name>JBoss Identity Federation Web Applications</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Web Applications contains the web
+ applications for Federated Identity Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <modules>
+ <module>sales</module>
+ <module>sales-sig</module>
+ <module>sales-post-sig</module>
+ <module>sales-standalone</module>
+ <module>employee</module>
+ <module>circleoftrust</module>
+ <module>idp</module>
+ <module>idp-sig</module>
+ <module>idp-sig-no-val</module>
+ <module>idp-standalone</module>
+ <module>metadata</module>
+ <module>openid-provider</module>
+ <module>openid-consumer</module>
+ <module>jboss-sts</module>
+ <module>pdp</module>
+ <module>seam-sp</module>
+ <module>fed-example</module>
+ </modules>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales/pom.xml 2009-08-17 21:15:02 UTC
(rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,38 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>sales</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Sales</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>sales</warName>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/sales/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,38 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales</warName>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,38 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>sales-post-sig</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Sales App with http post signature</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>sales-post-sig</warName>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/sales-post-sig/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-post-sig/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,38 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales-post-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales App with http post signature</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales-post-sig</warName>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-sig/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>sales-sig</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Sales with HTTP-Redirect and
Signature</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>sales-sig</warName>
- <webappDirectory>${basedir}/resources/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml
(from rev 730, identity-federation/trunk/jboss-identity-webapps/sales-sig/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-sig/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales with HTTP-Redirect and
Signature</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales-sig</warName>
+ <webappDirectory>${basedir}/resources/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone (from
rev 727, identity-federation/trunk/jboss-identity-webapps/sales-standalone)
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,39 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>sales-standalone</artifactId>
- <packaging>war</packaging>
- <name>JBoss Identity Federation Sales Application that supports signature and
that is a simple web application that can be hosted on any web container</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>sales-standalone</warName>
- <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
- <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales-standalone</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales Application that supports signature and
that is a simple web application that can be hosted on any web container</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales-standalone</warName>
+ <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks)
===================================================================
(Binary files differ)
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks)
===================================================================
(Binary files differ)
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,13 +0,0 @@
-<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
ServerEnvironment="tomcat">
- <IdentityURL>http://localhost:8080/idp-standalone/</IdentityURL>
- <ServiceURL>http://localhost:8080/sales-standalone/</ServiceURL>
- <KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
- <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
- <Auth Key="KeyStorePass" Value="store123" />
- <Auth Key="SigningKeyPass" Value="test123" />
- <Auth Key="SigningKeyAlias" Value="servercert" />
- <ValidatingAlias Key="localhost" Value="servercert"/>
- <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
- </KeyProvider>
-
-</JBossSP>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,13 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
ServerEnvironment="tomcat">
+ <IdentityURL>http://localhost:8080/idp-standalone/</IdentityURL>
+ <ServiceURL>http://localhost:8080/sales-standalone/</ServiceURL>
+ <KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+ </KeyProvider>
+
+</JBossSP>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- version="2.5">
-
- <description>Sales Standalone Application</description>
-
- <filter>
- <filter-name>SPFilter</filter-name>
-
<filter-class>org.jboss.identity.federation.web.filters.SPFilter</filter-class>
- <init-param>
- <param-name>ROLES</param-name>
- <param-value>sales,manager</param-value>
- </init-param>
- <description>
- The SP Filter intersects all requests at the SP and sees if there is a need to
contact the IDP.
- </description>
- </filter>
-
- <filter-mapping>
- <filter-name>SPFilter</filter-name>
- <url-pattern>/*</url-pattern>
- <dispatcher>REQUEST</dispatcher>
- </filter-mapping>
-</web-app>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <description>Sales Standalone Application</description>
+
+ <filter>
+ <filter-name>SPFilter</filter-name>
+
<filter-class>org.jboss.identity.federation.web.filters.SPFilter</filter-class>
+ <init-param>
+ <param-name>ROLES</param-name>
+ <param-value>sales,manager</param-value>
+ </init-param>
+ <description>
+ The SP Filter intersects all requests at the SP and sees if there is a need to
contact the IDP.
+ </description>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SPFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+</web-app>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,12 +0,0 @@
-<html> <head> <title>Error!</title></head>
-<body>
-
-<font size='4' color='red'>
- The username and password you supplied are not valid.
-</p>
-Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
-to retry login
-
-</body>
-</form>
-</html>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,13 +0,0 @@
-<div align="center">
-<h1>SalesTool</h1>
-<br/>
-Welcome to the Sales Tool
-
-<br/>
-Here is your sales chart:
-<br/>
-<img src="piechart.gif"/>
-
-<br/>
-<a href="logout.jsp">Click to LogOut</a>
-</div>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,13 @@
+<div align="center">
+<h1>SalesTool</h1>
+<br/>
+Welcome to the Sales Tool
+
+<br/>
+Here is your sales chart:
+<br/>
+<img src="piechart.gif"/>
+
+<br/>
+<a href="logout.jsp">Click to LogOut</a>
+</div>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,16 +0,0 @@
-<html><head><title>Login Page</title></head>
-<body>
-<font size='5' color='blue'>Please Login</font><hr>
-
-<form action='j_security_check' method='post'>
-<table>
- <tr><td>Name:</td>
- <td><input type='text'
name='j_username'></td></tr>
- <tr><td>Password:</td>
- <td><input type='password' name='j_password'
size='8'></td>
- </tr>
-</table>
-<br>
- <input type='submit' value='login'>
-</form></body>
- </html>
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text'
name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password'
size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp 2009-08-21
21:55:41 UTC (rev 727)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,4 +0,0 @@
-<%
- session.invalidate();
-%>
-You are logged out.
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp)
===================================================================
---
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
(rev 0)
+++
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,4 @@
+<%
+ session.invalidate();
+%>
+You are logged out.
Deleted:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
===================================================================
(Binary files differ)
Copied:
identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
(from rev 725,
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif)
===================================================================
(Binary files differ)
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/seam-sp/pom.xml 2009-08-17 21:15:02
UTC (rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,88 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-federation-webapps</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>seam-sp</artifactId>
- <packaging>war</packaging>
- <name>Seam Service Provider</name>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-model</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-api</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-bindings</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <scope>provided</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-seam</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.seam</groupId>
- <artifactId>jboss-seam</artifactId>
- <version>2.1.2</version>
- <type>ejb</type>
- </dependency>
- <dependency>
- <groupId>org.jboss.seam</groupId>
- <artifactId>jboss-seam-ui</artifactId>
- <version>2.1.2</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.seam</groupId>
- <artifactId>jboss-seam-debug</artifactId>
- <version>2.1.2</version>
- </dependency>
- <dependency>
- <groupId>javax.faces</groupId>
- <artifactId>jsf-api</artifactId>
- <version>1.2</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.javaee</groupId>
- <artifactId>jboss-javaee</artifactId>
- <version>5.0.0.CR1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>javax.el</groupId>
- <artifactId>el-api</artifactId>
- <version>1.0</version>
- <scope>provided</scope>
- </dependency>
- </dependencies>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- <configuration>
- <warName>seam-sp</warName>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
\ No newline at end of file
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml (from
rev 730, identity-federation/trunk/jboss-identity-webapps/seam-sp/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-webapps/seam-sp/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,87 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>seam-sp</artifactId>
+ <packaging>war</packaging>
+ <name>Seam Service Provider</name>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-model</artifactId>
+ <version>1.0.0.beta1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-api</artifactId>
+ <version>1.0.0.beta1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-bindings</artifactId>
+ <version>1.0.0.beta1</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-seam</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>jboss-seam</artifactId>
+ <version>2.1.2</version>
+ <type>ejb</type>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>jboss-seam-ui</artifactId>
+ <version>2.1.2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>jboss-seam-debug</artifactId>
+ <version>2.1.2</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.faces</groupId>
+ <artifactId>jsf-api</artifactId>
+ <version>1.2</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-javaee</artifactId>
+ <version>5.0.0.CR1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.el</groupId>
+ <artifactId>el-api</artifactId>
+ <version>1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>seam-sp</warName>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
\ No newline at end of file
Deleted: identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-xmlsec-model/pom.xml 2009-08-17 21:15:02 UTC
(rev 724)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -1,112 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>../parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-identity-xmlsec-model</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Identity Federation XML Security Model</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Federation XML Security Model contains the JAXB2
model for W3C XML Signature and XML Encryption specifications.</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.4.3</version>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>false</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
-
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <dependency>
- <groupId>stax</groupId>
- <artifactId>stax-api</artifactId>
- <version>1.0</version>
- </dependency>
- <dependency>
- <groupId>org.apache</groupId>
- <artifactId>xmlsec</artifactId>
- <version>1.4.2</version>
- </dependency>
- <dependency>
- <groupId>sun-jaf</groupId>
- <artifactId>activation</artifactId>
- <version>1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>codehaus-stax</groupId>
- <artifactId>stax</artifactId>
- <version>1.1.1</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <doclet>org.jboss.apiviz.APIviz</doclet>
- <docletArtifact>
- <groupId>org.jboss.apiviz</groupId>
- <artifactId>apiviz</artifactId>
- <version>1.2.5.GA</version>
- </docletArtifact>
- <additionalparam>
- -charset UTF-8
- -docencoding UTF-8
- -version
- -author
- -breakiterator
- -windowtitle "${project.name} ${project.version} API Reference"
- -doctitle "${project.name} ${project.version} API Reference"
- -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
- -link
http://java.sun.com/javase/6/docs/api/
- -sourceclasspath ${project.build.outputDirectory}
- </additionalparam>
- <encoding>UTF-8</encoding>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-</project>
Copied: identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml (from rev
730, identity-federation/trunk/jboss-identity-xmlsec-model/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml
(rev 0)
+++ identity-federation/tags/1.0.0.beta1/jboss-identity-xmlsec-model/pom.xml 2009-08-24
15:55:09 UTC (rev 731)
@@ -0,0 +1,112 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>../parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-identity-xmlsec-model</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Identity Federation XML Security Model</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Federation XML Security Model contains the JAXB2
model for W3C XML Signature and XML Encryption specifications.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.4.3</version>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>false</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+
<argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>1.4.2</version>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaf</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>codehaus-stax</groupId>
+ <artifactId>stax</artifactId>
+ <version>1.1.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <doclet>org.jboss.apiviz.APIviz</doclet>
+ <docletArtifact>
+ <groupId>org.jboss.apiviz</groupId>
+ <artifactId>apiviz</artifactId>
+ <version>1.2.5.GA</version>
+ </docletArtifact>
+ <additionalparam>
+ -charset UTF-8
+ -docencoding UTF-8
+ -version
+ -author
+ -breakiterator
+ -windowtitle "${project.name} ${project.version} API Reference"
+ -doctitle "${project.name} ${project.version} API Reference"
+ -bottom "Copyright © ${project.inceptionYear}-Present
${project.organization.name}. All Rights Reserved."
+ -link
http://java.sun.com/javase/6/docs/api/
+ -sourceclasspath ${project.build.outputDirectory}
+ </additionalparam>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/parent/pom.xml
===================================================================
--- identity-federation/trunk/parent/pom.xml 2009-08-17 21:15:02 UTC (rev 724)
+++ identity-federation/tags/1.0.0.beta1/parent/pom.xml 2009-08-24 15:55:09 UTC (rev 731)
@@ -1,165 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss</groupId>
- <artifactId>jboss-parent</artifactId>
- <version>4</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <packaging>pom</packaging>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <name>JBoss Identity Federation- Parent</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity is a cross-cutting project that handles identity
needs for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <scm>
-
<
connection>scm:svn:http://anonsvn.jboss.org/repos/jbossidentity/identi...
-
<
developerConnection>scm:svn:https://svn.jboss.org/repos/jbossidentity/...
- </scm>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-release-plugin</artifactId>
- <configuration>
-
<
tagBase>https://svn.jboss.org/repos/jbossidentity/identity-federation/...
- </configuration>
- </plugin>
- </plugins>
- <pluginManagement>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>true</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- <argLine>${surefire.jvm.args}</argLine>
- <useFile>false</useFile>
- <trimStackTrace>false</trimStackTrace>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
- </build>
-
- <repositories>
- <repository>
- <id>repository.jboss.org</id>
- <name>JBoss Repository</name>
- <layout>default</layout>
- <
url>http://repository.jboss.org/maven2/</url>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
-
- <repository>
- <id>snapshots.jboss.org</id>
- <name>JBoss Snapshots Repository</name>
- <layout>default</layout>
- <
url>http://snapshots.jboss.org/maven2/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </repository>
- </repositories>
-
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.0.2</version>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>apache-log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.14</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.apache</groupId>
- <artifactId>xmlsec</artifactId>
- <version>1.4.2</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>apache-logging</groupId>
- <artifactId>commons-logging-api</artifactId>
- <version>1.0.3</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>javax.persistence</groupId>
- <artifactId>persistence-api</artifactId>
- <version>1.0</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-api</artifactId>
- <version>2.1.9</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>sun-jaxb</groupId>
- <artifactId>jaxb-impl</artifactId>
- <version>2.1.9</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbossxacml</artifactId>
- <version>2.0.3.SP2</version>
- </dependency>
- <dependency>
- <groupId>org.openid4java</groupId>
- <artifactId>openid4java</artifactId>
- <version>0.9.5</version>
- </dependency>
- <dependency>
- <groupId>nekohtml</groupId>
- <artifactId>nekohtml</artifactId>
- <version>1.9.12</version>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty</artifactId>
- <version>6.1.18</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty-util</artifactId>
- <version>6.1.18</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
-
-</project>
Copied: identity-federation/tags/1.0.0.beta1/parent/pom.xml (from rev 730,
identity-federation/trunk/parent/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/parent/pom.xml (rev 0)
+++ identity-federation/tags/1.0.0.beta1/parent/pom.xml 2009-08-24 15:55:09 UTC (rev 731)
@@ -0,0 +1,165 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-parent</artifactId>
+ <version>4</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <packaging>pom</packaging>
+ <version>1.0.0.beta1</version>
+ <name>JBoss Identity Federation- Parent</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity is a cross-cutting project that handles identity
needs for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <scm>
+
<
connection>scm:svn:http://anonsvn.jboss.org/repos/jbossidentity/identi...
+
<
developerConnection>scm:svn:https://svn.jboss.org/repos/jbossidentity/...
+ </scm>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-release-plugin</artifactId>
+ <configuration>
+
<
tagBase>https://svn.jboss.org/repos/jbossidentity/identity-federation/...
+ </configuration>
+ </plugin>
+ </plugins>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>true</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ <argLine>${surefire.jvm.args}</argLine>
+ <useFile>false</useFile>
+ <trimStackTrace>false</trimStackTrace>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+
+ <repositories>
+ <repository>
+ <id>repository.jboss.org</id>
+ <name>JBoss Repository</name>
+ <layout>default</layout>
+ <
url>http://repository.jboss.org/maven2/</url>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+
+ <repository>
+ <id>snapshots.jboss.org</id>
+ <name>JBoss Snapshots Repository</name>
+ <layout>default</layout>
+ <
url>http://snapshots.jboss.org/maven2/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </repository>
+ </repositories>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>1.4.2</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>apache-logging</groupId>
+ <artifactId>commons-logging-api</artifactId>
+ <version>1.0.3</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>javax.persistence</groupId>
+ <artifactId>persistence-api</artifactId>
+ <version>1.0</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-api</artifactId>
+ <version>2.1.9</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>sun-jaxb</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ <version>2.1.9</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbossxacml</artifactId>
+ <version>2.0.3.SP2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.openid4java</groupId>
+ <artifactId>openid4java</artifactId>
+ <version>0.9.5</version>
+ </dependency>
+ <dependency>
+ <groupId>nekohtml</groupId>
+ <artifactId>nekohtml</artifactId>
+ <version>1.9.12</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty</artifactId>
+ <version>6.1.18</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <version>6.1.18</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+</project>
Deleted: identity-federation/tags/1.0.0.beta1/pom.xml
===================================================================
--- identity-federation/trunk/pom.xml 2009-08-17 21:15:02 UTC (rev 724)
+++ identity-federation/tags/1.0.0.beta1/pom.xml 2009-08-24 15:55:09 UTC (rev 731)
@@ -1,42 +0,0 @@
-<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-parent</artifactId>
- <version>1.0.0.alpha5-SNAPSHOT</version>
- <relativePath>parent</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-fed-pom</artifactId>
- <packaging>pom</packaging>
- <name>JBoss Identity Federation- Aggregator</name>
- <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Identity Federation is the federated identity project for
JEMS projects</description>
-
- <modules>
- <module>parent</module>
- <module>jboss-identity-xmlsec-model</module>
- <module>jboss-identity-fed-model</module>
- <module>jboss-identity-fed-core</module>
- <module>jboss-identity-fed-api</module>
- <module>jboss-identity-web</module>
- <module>jboss-identity-bindings</module>
- <module>jboss-identity-bindings-jboss</module>
- <module>jboss-identity-webapps</module>
- <module>jboss-identity-seam</module>
- <module>assembly</module>
- </modules>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <aggregate>true</aggregate>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
-
-</project>
Copied: identity-federation/tags/1.0.0.beta1/pom.xml (from rev 730,
identity-federation/trunk/pom.xml)
===================================================================
--- identity-federation/tags/1.0.0.beta1/pom.xml (rev 0)
+++ identity-federation/tags/1.0.0.beta1/pom.xml 2009-08-24 15:55:09 UTC (rev 731)
@@ -0,0 +1,42 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-parent</artifactId>
+ <version>1.0.0.beta1</version>
+ <relativePath>parent</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-fed-pom</artifactId>
+ <packaging>pom</packaging>
+ <name>JBoss Identity Federation- Aggregator</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Federation is the federated identity project for
JEMS projects</description>
+
+ <modules>
+ <module>parent</module>
+ <module>jboss-identity-xmlsec-model</module>
+ <module>jboss-identity-fed-model</module>
+ <module>jboss-identity-fed-core</module>
+ <module>jboss-identity-fed-api</module>
+ <module>jboss-identity-web</module>
+ <module>jboss-identity-bindings</module>
+ <module>jboss-identity-bindings-jboss</module>
+ <module>jboss-identity-webapps</module>
+ <module>jboss-identity-seam</module>
+ <module>assembly</module>
+ </modules>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <configuration>
+ <aggregate>true</aggregate>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>