Author: anil.saldhana(a)jboss.com
Date: 2009-02-13 18:29:27 -0500 (Fri, 13 Feb 2009)
New Revision: 319
Added:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/holder/
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/holder/ServiceProviderSAMLContext.java
Modified:
identity-federation/trunk/identity-bindings/.project
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java
Log:
handle jboss registration
Modified: identity-federation/trunk/identity-bindings/.project
===================================================================
--- identity-federation/trunk/identity-bindings/.project 2009-02-13 23:28:53 UTC (rev
318)
+++ identity-federation/trunk/identity-bindings/.project 2009-02-13 23:29:27 UTC (rev
319)
@@ -1,6 +1,6 @@
<projectDescription>
<name>jboss-identity-bindings</name>
- <comment>JBoss Identity OpenSAML contains the foundation for Federated Identity
Needs.</comment>
+ <comment>JBoss Identity Bindings</comment>
<projects>
<project>jboss-identity-fed-api</project>
<project>jboss-identity-fed-core</project>
@@ -15,4 +15,4 @@
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
-</projectDescription>
\ No newline at end of file
+</projectDescription>
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-02-13
23:28:53 UTC (rev 318)
+++
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-02-13
23:29:27 UTC (rev 319)
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
+import java.util.Arrays;
import java.util.List;
import javax.servlet.ServletException;
@@ -44,8 +45,7 @@
import org.jboss.identity.federation.api.util.DeflateUtil;
import org.jboss.identity.federation.bindings.config.SPType;
import org.jboss.identity.federation.bindings.config.TrustType;
-import org.jboss.identity.federation.bindings.jboss.DefaultJBossSubjectRegistration;
-import org.jboss.identity.federation.bindings.jboss.JBossSubjectRegistration;
+import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
@@ -64,35 +64,18 @@
* @since Dec 12, 2008
*/
public class SPRedirectFormAuthenticator extends FormAuthenticator
-{
-
+{
private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class);
protected SPType spConfiguration = null;
private String serviceURL = null;
private String identityURL = null;
-
- //Only important if you are deploying in JBoss environment
- private JBossSubjectRegistration jbossRegistration = new
DefaultJBossSubjectRegistration();
public SPRedirectFormAuthenticator()
{
super();
}
-
- /**
- * For JBoss Deployment, you can change the value of
- * the {@code}JBossSubjectRegistration class
- * @param fqn
- * @throws Exception
- */
- public void setJBossSubjectRegistration(String fqn) throws Exception
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- Class<?> clazz = tcl.loadClass(fqn);
- this.jbossRegistration = (JBossSubjectRegistration) clazz.newInstance();
- }
@Override
public void start() throws LifecycleException
@@ -131,24 +114,34 @@
//Try to get the username
try
{
- Principal p = process(request,response);
- if(p == null)
+ principal = (GenericPrincipal) process(request,response);
+
+ if(principal == null)
{
String destination = createSAMLRequestMessage( relayState, response);
HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
return false;
}
- String username = p.getName();
- String password = "FED_IDENTITY";
+
+ String username = principal.getName();
+ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
+
+ //Map to JBoss specific principal
+ if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
+ {
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ //Push a context
+ ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
+ principal = context.getRealm().authenticate(username, password);
+ ServiceProviderSAMLContext.clear();
+ }
+
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- request.setUserPrincipal(p);
- register(request, response, p, Constants.FORM_METHOD, username, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, Constants.FORM_METHOD, username,
password);
- //Also register in JBoss SecurityAssociation
- this.jbossRegistration.register((GenericPrincipal) principal);
-
return true;
}
catch(AssertionExpiredException aie)
@@ -161,14 +154,12 @@
}
catch (Exception e)
{
- //TODO: send a saml response message
log.trace("Exception:",e);
}
return false;
}
catch(Exception e)
{
- //TODO: send a saml response message
log.debug("Exception :",e);
}
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java
===================================================================
---
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-02-13
23:28:53 UTC (rev 318)
+++
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-02-13
23:29:27 UTC (rev 319)
@@ -75,6 +75,7 @@
* Handle the SAMLResponse from the IDP
* @param request entire request from IDP
* @param responseType ResponseType that has been generated
+ * @param serverEnvironment tomcat,jboss etc
* @return
* @throws Exception
*/
Added:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/holder/ServiceProviderSAMLContext.java
===================================================================
---
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/holder/ServiceProviderSAMLContext.java
(rev 0)
+++
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/holder/ServiceProviderSAMLContext.java 2009-02-13
23:29:27 UTC (rev 319)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp.holder;
+
+import java.util.List;
+
+/**
+ * A context of username/roles to be used by login modules
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Feb 13, 2009
+ */
+public class ServiceProviderSAMLContext
+{
+ public static final String EMPTY_PASSWORD = "EMPTY_STR";
+
+ private static ThreadLocal<String> username = new ThreadLocal<String>();
+ private static ThreadLocal<List<String>> userRoles = new
ThreadLocal<List<String>>();
+
+ public static void push(String user, List<String> roles)
+ {
+ username.set(user);
+ userRoles.set(roles);
+ }
+
+ public static void clear()
+ {
+ username.remove();
+ userRoles.remove();
+ }
+
+ public static String getUserName()
+ {
+ return username.get();
+ }
+
+ public static List<String> getRoles()
+ {
+ return userRoles.get();
+ }
+}
\ No newline at end of file