JBoss Identity SVN: r873 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp and 17 other directories.
12:18 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2009-10-27 13:18:50 -0400 (Tue, 27 Oct 2009)
New Revision: 873
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.settings/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.settings/org.eclipse.jdt.core.prefs
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/pom.xml
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/resources/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/MANIFEST.MF
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/context.xml
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/lib/
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/error.jsp
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/index.jsp
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/login.jsp
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/logout.jsp
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/piechart.gif
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/jbid-handlers.xml
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/index.jsp
identity-federation/trunk/jboss-identity-webapps/pom.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/index.jsp
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/index.jsp
Log:
JBID-40: saml2 logout
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-10-27
17:18:50 UTC (rev 873)
@@ -626,7 +626,14 @@
if(trace) log.trace(e);
}
}
- }
+ }/*
+ else
+ {
+ //User Principal is null
+
+ //TODO: Send a formal unauthorized message
+ throw new ServletException("Unauthorized");
+ }*/
}
protected void sendErrorResponseToSP(String referrer, Response response, String
relayState,
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-10-27
17:18:50 UTC (rev 873)
@@ -21,18 +21,18 @@
*/
package org.jboss.identity.federation.bindings.tomcat.sp;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
+import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
+
import java.io.IOException;
import java.io.InputStream;
-import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
+import java.util.Set;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
+import javax.servlet.RequestDispatcher;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
@@ -47,21 +47,29 @@
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.interfaces.ProtocolContext;
import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
-import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.jboss.identity.federation.web.util.ServerDetector;
-import org.xml.sax.SAXException;
+import org.w3c.dom.Document;
-
-import static org.jboss.identity.federation.core.util.StringUtil.isNotNull;
-
/**
* Authenticator at the Service Provider
* that handles HTTP/Post binding of SAML 2
@@ -76,6 +84,8 @@
private boolean trace = log.isTraceEnabled();
private boolean jbossEnv = false;
+ private String logOutPage = "/logout.jsp";
+
public SPPostFormAuthenticator()
{
super();
@@ -88,108 +98,329 @@
{
SPUtil spUtil = new SPUtil();
+ //Eagerly look for Global LogOut
+ String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT);
+ boolean logOutRequest = isNotNull(gloStr) &&
"true".equalsIgnoreCase(gloStr);
+
+ String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
+ String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
+
Principal principal = request.getUserPrincipal();
- if (principal != null)
- {
- if(trace)
- log.trace("Already authenticated '" + principal.getName() +
"'");
+
+ //If we have already authenticated the user and there is no request from IDP or
logout from user
+ if(principal != null && !(logOutRequest || isNotNull(samlRequest) ||
isNotNull(samlResponse) ) )
return true;
- }
-
+
+ SAML2Request saml2Request = new SAML2Request();
+
Session session = request.getSessionInternal(true);
String relayState = request.getParameter(GeneralConstants.RELAY_STATE);
- //Try to get the username
- try
+ boolean willSendRequest = false;
+
+ if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
{
- principal = (GenericPrincipal) process(request,response);
-
- if(principal == null)
+ //Neither saml request nor response from IDP
+ //So this is a user request
+
+ //Ask the handler chain to generate the saml request
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), null,
+ HANDLER_TYPE.SP);
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ saml2HandlerResponse.setDestination(identityURL);
+
+ //Reset the state
+ try
{
- AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL,
identityURL);
- sendRequestToIDP(authnRequest, relayState, response);
- return false;
+ for(SAML2Handler handler: handlers)
+ {
+ handler.reset();
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+
+ if(logOutRequest)
+
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
+ else
+
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
+ handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
+ }
}
+ catch(ProcessingException pe)
+ {
+ throw new RuntimeException(pe);
+ }
- String username = principal.getName();
- String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
+ willSendRequest = saml2HandlerResponse.getSendRequest();
- //Map to JBoss specific principal
- if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS") ||
jbossEnv)
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+ if(destination != null &&
+ samlResponseDocument != null)
{
- GenericPrincipal gp = (GenericPrincipal) principal;
- //Push a context
- ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
- principal = context.getRealm().authenticate(username, password);
- ServiceProviderSAMLContext.clear();
- }
-
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- request.setUserPrincipal(principal);
- register(request, response, principal, Constants.FORM_METHOD, username,
password);
-
- return true;
+ try
+ {
+ sendRequestToIDP(destination, samlResponseDocument, relayState, response,
+ willSendRequest);
+ return false;
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Exception:",e);
+ throw new IOException("Server Error");
+ }
+ }
}
- catch(AssertionExpiredException aie)
+
+ //See if we got a response from IDP
+ if(isNotNull(samlResponse) )
{
- if(trace)
- log.trace("Assertion has expired. Issuing a new saml2 request to the
IDP");
+ boolean isValid = false;
try
- {
- AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL,
identityURL);
- sendRequestToIDP(authnRequest, relayState, response);
+ {
+ isValid = this.validate(request);
}
catch (Exception e)
{
- if(trace) log.trace("Exception:",e);
+ log.error("Exception:",e);
+ throw new IOException();
}
- return false;
+ if(!isValid)
+ throw new IOException("Validity check failed");
+
+ //deal with SAML response from IDP
+ InputStream decodedResponseStream =
PostBindingUtil.base64DecodeAsStream(samlResponse);
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+
+ SAML2Object samlObject =
saml2Response.getSAML2ObjectFromStream(decodedResponseStream);
+ SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();
+
+ Set<SAML2Handler> handlers = chain.handlers();
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), documentHolder,
+ HANDLER_TYPE.SP);
+
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+
+ //Deal with handler chains
+ for(SAML2Handler handler : handlers)
+ {
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if(samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
+
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+ willSendRequest = saml2HandlerResponse.getSendRequest();
+
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
+ sendRequestToIDP(destination, samlResponseDocument, relayState, response,
willSendRequest);
+ }
+ else
+ {
+ //See if the session has been invalidated
+
+ boolean sessionValidity = session.isValid();
+ if(!sessionValidity)
+ {
+ //we are invalidated.
+ RequestDispatcher dispatch =
context.getServletContext().getRequestDispatcher(this.logOutPage);
+ if(dispatch == null)
+ log.error("Cannot dispatch to the logout page: no request
dispatcher:" + this.logOutPage);
+ else
+ dispatch.forward(request, response);
+ return false;
+ }
+
+
+ //We got a response with the principal
+ List<String> roles = saml2HandlerResponse.getRoles();
+ if(principal == null)
+ principal = (Principal)
session.getSession().getAttribute(GeneralConstants.PRINCIPAL_ID);
+
+ String username = principal.getName();
+ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
+
+ //Map to JBoss specific principal
+ if((new ServerDetector()).isJboss() || jbossEnv)
+ {
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ //Push a context
+ ServiceProviderSAMLContext.push(username,
Arrays.asList(gp.getRoles()));
+ principal = context.getRealm().authenticate(username, password);
+ ServiceProviderSAMLContext.clear();
+ }
+ else
+ {
+ //tomcat env
+ principal = spUtil.createGenericPrincipal(request, principal.getName(),
roles);
+ }
+
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, Constants.FORM_METHOD, username,
password);
+
+ return true;
+ }
+
+
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Server Exception:", e);
+ throw new IOException("Server Exception");
+ }
}
- catch(Exception e)
+
+
+ if(isNotNull(samlRequest))
{
- if(trace)
- log.trace("Exception :",e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
+ //we got a logout request
+ //deal with SAML response from IDP
+ InputStream is = PostBindingUtil.base64DecodeAsStream(samlRequest);
+
+ try
+ {
+ SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
+ SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder();
+
+ Set<SAML2Handler> handlers = chain.handlers();
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), documentHolder,
+ HANDLER_TYPE.SP);
+
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+
+ //Deal with handler chains
+ for(SAML2Handler handler : handlers)
+ {
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if(samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
+
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+ willSendRequest = saml2HandlerResponse.getSendRequest();
+
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
+ sendRequestToIDP(destination, samlResponseDocument, relayState, response,
willSendRequest);
+ return true;
+ }
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Server Exception:", e);
+ throw new IOException("Server Exception");
+ }
+ }//end else logoutrequest
+
//fallback
- return super.authenticate(request, response, loginConfig);
- }
+ return super.authenticate(request, response, loginConfig);
+ }
- protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
Response response)
- throws IOException, SAXException, JAXBException,GeneralSecurityException
+ /**
+ * Send the request to the IDP
+ * @param destination idp url
+ * @param samlDocument request or response document
+ * @param relayState
+ * @param response
+ * @param willSendRequest are we sending Request or Response to IDP
+ * @throws ProcessingException
+ * @throws ConfigurationException
+ */
+ protected void sendRequestToIDP(
+ String destination, Document samlDocument,String relayState, Response response,
+ boolean willSendRequest)
+ throws ProcessingException, ConfigurationException
{
- SAML2Request saml2Request = new SAML2Request();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(authnRequest, baos);
+ try
+ {
+ String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
+ samlMessage = PostBindingUtil.base64Encode(samlMessage);
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, willSendRequest);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
- String samlMessage = PostBindingUtil.base64Encode(baos.toString());
- String destination = authnRequest.getDestination();
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
- response, true);
- }
-
- protected AuthnRequestType createSAMLRequestMessage(String relayState, Response
response)
- throws ServletException, ConfigurationException
- {
- //create a saml request
- if(this.serviceURL == null)
- throw new ServletException("serviceURL is not configured");
-
- SPUtil spUtil = new SPUtil();
- return spUtil.createSAMLRequest(serviceURL, identityURL);
- }
-
- protected String getDestination(String urlEncodedRequest, String
urlEncodedRelayState)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?SAMLRequest=").append(urlEncodedRequest);
- if(isNotNull(urlEncodedRelayState))
- sb.append("&RelayState=").append(urlEncodedRelayState);
- return sb.toString();
- }
-
+ /**
+ * Trust handling
+ * @param issuer
+ * @throws IssuerNotTrustedException
+ */
protected void isTrusted(String issuer) throws IssuerNotTrustedException
{
try
@@ -217,65 +448,17 @@
protected ResponseType decryptAssertion(ResponseType responseType)
{
throw new RuntimeException("This authenticator does not handle
encryption");
- }
-
- private Principal process(Request request, Response response)
- throws JAXBException, SAXException, IssuerNotTrustedException,
- AssertionExpiredException, ConfigurationException, GeneralSecurityException
- {
- Principal userPrincipal = null;
-
- String samlResponse = request.getParameter("SAMLResponse");
- if(isNotNull(samlResponse) )
- {
- boolean isValid = false;
- try
- {
- isValid = this.validate(request);
- }
- catch (IOException e)
- {
- throw new GeneralSecurityException(e);
- }
- if(!isValid)
- throw new GeneralSecurityException("Validity check failed");
-
- //deal with SAML response from IDP
- byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
- InputStream is = new ByteArrayInputStream(base64DecodedResponse);
-
- SAML2Response saml2Response = new SAML2Response();
-
- ResponseType responseType = saml2Response.getResponseType(is);
-
- SAMLDocumentHolder samlDocumentHolder = saml2Response.getSamlDocumentHolder();
-
- boolean validSignature = this.verifySignature(samlDocumentHolder);
-
- if(validSignature == false)
- throw new IssuerNotTrustedException("Signature in saml document is
invalid");
-
- this.isTrusted(responseType.getIssuer().getValue());
-
- List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
- if(assertions.size() == 0)
- throw new IllegalStateException("No assertions in reply from IDP");
-
- Object assertion = assertions.get(0);
- if(assertion instanceof EncryptedElementType)
- {
- responseType = this.decryptAssertion(responseType);
- }
-
- SPUtil spUtil = new SPUtil();
- return spUtil.handleSAMLResponse(request, responseType);
- }
- return userPrincipal;
}
-
+
+ /**
+ * Verify Signature
+ * @param samlDocumentHolder
+ * @return
+ * @throws IssuerNotTrustedException
+ */
protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws
IssuerNotTrustedException
{
//this authenticator does not deal with signatures.
return true;
- }
+ }
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-10-27
17:18:50 UTC (rev 873)
@@ -117,349 +117,280 @@
return true;
SAML2Request saml2Request = new SAML2Request();
-
+
Session session = request.getSessionInternal(true);
String relayState = request.getParameter(GeneralConstants.RELAY_STATE);
-
-
-
-
- /* if(!logOutRequest)
- {*/
- /* if (principal != null)
- {
- if(trace)
- log.trace("Already authenticated '" + principal.getName() +
"'");
- return true;
- }*/
-
- /* //Try to get the username
+
+ if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
+ {
+ //Neither saml request nor response from IDP
+ //So this is a user request
+
+ //Ask the handler chain to generate the saml request
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), null,
+ HANDLER_TYPE.SP);
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ saml2HandlerResponse.setDestination(identityURL);
+
+ //Reset the state
try
{
- principal = (GenericPrincipal) process(request,response);
-
- if(principal == null)
+ for(SAML2Handler handler: handlers)
{
- String destination = createSAMLRequestMessage( relayState, response);
- HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
-
- return false;
- }
-
- String username = principal.getName();
- String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
-
- //Map to JBoss specific principal
- if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS")
|| jbossEnv)
- {
- GenericPrincipal gp = (GenericPrincipal) principal;
- //Push a context
- ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
- principal = context.getRealm().authenticate(username, password);
- ServiceProviderSAMLContext.clear();
- }
-
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- request.setUserPrincipal(principal);
- register(request, response, principal, Constants.FORM_METHOD, username,
password);
-
- return true;
+ handler.reset();
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+
+ if(logOutRequest)
+
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
+ else
+
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
+ handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
+ }
}
- catch(AssertionExpiredException aie)
+ catch(ProcessingException pe)
{
- if(trace)
- log.trace("Assertion has expired. Issuing a new saml2 request to the
IDP");
+ throw new RuntimeException(pe);
+ }
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
try
{
- String destination = createSAMLRequestMessage( relayState, response);
- HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
+ String samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
+
+ String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
+ String destinationURL = destination +
+ getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
+
+ HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
+ return false;
}
catch (Exception e)
{
- if(trace) log.trace("Exception:",e);
- }
- return false;
- }
- catch(Exception e)
- {
- if(trace)
- log.trace("Exception :",e);
+ if(trace)
+ log.trace("Exception:",e);
+ throw new IOException("Server Error");
+ }
}
}
- else
- {*/
- if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
+
+ //See if we got a response from IDP
+ if(isNotNull(samlResponse) )
+ {
+ boolean isValid = false;
+ try
{
- //Neither saml request nor response from IDP
- //So this is a user request
+ isValid = this.validate(request);
+ }
+ catch (Exception e)
+ {
+ log.error("Exception:",e);
+ throw new IOException();
+ }
+ if(!isValid)
+ throw new IOException("Validity check failed");
- //Ask the handler chain to generate the saml request
- Set<SAML2Handler> handlers = chain.handlers();
+ //deal with SAML response from IDP
+ InputStream base64DecodedResponse =
RedirectBindingUtil.base64DeflateDecode(samlResponse);
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+
+ SAML2Object samlObject =
saml2Response.getSAML2ObjectFromStream(base64DecodedResponse);
+ SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();
+
+ Set<SAML2Handler> handlers = chain.handlers();
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
//Create the request/response
SAML2HandlerRequest saml2HandlerRequest =
new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), null,
+ holder.getIssuer(), documentHolder,
HANDLER_TYPE.SP);
+
SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
- saml2HandlerResponse.setDestination(identityURL);
-
- //Reset the state
- try
+ //Deal with handler chains
+ for(SAML2Handler handler : handlers)
{
- for(SAML2Handler handler: handlers)
+ if(saml2HandlerResponse.isInError())
{
- handler.reset();
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
-
- if(logOutRequest)
-
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
- else
-
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
- handler.generateSAMLRequest(saml2HandlerRequest,
saml2HandlerResponse);
- }
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if(samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
}
- catch(ProcessingException pe)
- {
- throw new RuntimeException(pe);
- }
+
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
String destination = saml2HandlerResponse.getDestination();
-
+
+
if(destination != null &&
samlResponseDocument != null)
{
- try
- {
- String samlMsg =
DocumentUtil.getDocumentAsString(samlResponseDocument);
+ String samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
- String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
- String destinationURL = destination +
- getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
+ String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
+ String destinationURL = destination +
+ getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
- HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
- return false;
- }
- catch (Exception e)
- {
- if(trace)
- log.trace("Exception:",e);
- throw new IOException("Server Error");
- }
- }
- }
-
- //See if we got a response from IDP
- if(isNotNull(samlResponse) )
- {
- boolean isValid = false;
- try
- {
- isValid = this.validate(request);
+ HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
}
- catch (Exception e)
+ else
{
- log.error("Exception:",e);
- throw new IOException();
- }
- if(!isValid)
- throw new IOException("Validity check failed");
+ //See if the session has been invalidated
- //deal with SAML response from IDP
- InputStream base64DecodedResponse =
RedirectBindingUtil.base64DeflateDecode(samlResponse);
-
- try
- {
- SAML2Response saml2Response = new SAML2Response();
-
- SAML2Object samlObject =
saml2Response.getSAML2ObjectFromStream(base64DecodedResponse);
- SAMLDocumentHolder documentHolder =
saml2Response.getSamlDocumentHolder();
-
- Set<SAML2Handler> handlers = chain.handlers();
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
-
- SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
-
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
+ boolean sessionValidity = session.isValid();
+ if(!sessionValidity)
{
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest,
saml2HandlerResponse);
- }
+ //we are invalidated.
+ RequestDispatcher dispatch =
context.getServletContext().getRequestDispatcher(this.logOutPage);
+ if(dispatch == null)
+ log.error("Cannot dispatch to the logout page: no request
dispatcher:" + this.logOutPage);
else
- {
- handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
- }
- }
+ dispatch.forward(request, response);
+ return false;
+ }
- Document samlResponseDocument =
saml2HandlerResponse.getResultingDocument();
- relayState = saml2HandlerResponse.getRelayState();
- String destination = saml2HandlerResponse.getDestination();
+ //We got a response with the principal
+ List<String> roles = saml2HandlerResponse.getRoles();
+ if(principal == null)
+ principal = (Principal)
session.getSession().getAttribute(GeneralConstants.PRINCIPAL_ID);
+ String username = principal.getName();
+ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
- if(destination != null &&
- samlResponseDocument != null)
+ //Map to JBoss specific principal
+ if((new ServerDetector()).isJboss() || jbossEnv)
{
- String samlMsg =
DocumentUtil.getDocumentAsString(samlResponseDocument);
-
- String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
- String destinationURL = destination +
- getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
-
- HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ //Push a context
+ ServiceProviderSAMLContext.push(username,
Arrays.asList(gp.getRoles()));
+ principal = context.getRealm().authenticate(username, password);
+ ServiceProviderSAMLContext.clear();
}
else
{
- //See if the session has been invalidated
-
- boolean sessionValidity = session.isValid();
- if(!sessionValidity)
- {
- //we are invalidated.
- RequestDispatcher dispatch =
context.getServletContext().getRequestDispatcher(this.logOutPage);
- if(dispatch == null)
- log.error("Cannot dispatch to the logout page: no request
dispatcher:" + this.logOutPage);
- else
- dispatch.forward(request, response);
- return false;
- }
-
-
- //We got a response with the principal
- List<String> roles = saml2HandlerResponse.getRoles();
- if(principal == null)
- principal = (Principal)
session.getSession().getAttribute(GeneralConstants.PRINCIPAL_ID);
-
- String username = principal.getName();
- String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
-
- //Map to JBoss specific principal
- if((new ServerDetector()).isJboss() || jbossEnv)
- {
- GenericPrincipal gp = (GenericPrincipal) principal;
- //Push a context
- ServiceProviderSAMLContext.push(username,
Arrays.asList(gp.getRoles()));
- principal = context.getRealm().authenticate(username, password);
- ServiceProviderSAMLContext.clear();
- }
- else
- {
- //tomcat env
- SPUtil spUtil = new SPUtil();
- principal = spUtil.createGenericPrincipal(request,
principal.getName(), roles);
- }
-
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- request.setUserPrincipal(principal);
- register(request, response, principal, Constants.FORM_METHOD, username,
password);
-
- return true;
+ //tomcat env
+ SPUtil spUtil = new SPUtil();
+ principal = spUtil.createGenericPrincipal(request, principal.getName(),
roles);
}
-
- }
- catch (Exception e)
- {
- if(trace)
- log.trace("Server Exception:", e);
- throw new IOException("Server Exception");
- }
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, Constants.FORM_METHOD, username,
password);
+
+ return true;
}
- if(isNotNull(samlRequest))
- {
- //we got a logout request
-
- //deal with SAML response from IDP
- InputStream is = RedirectBindingUtil.base64DeflateDecode(samlRequest);
-
- try
- {
- SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
- SAMLDocumentHolder documentHolder =
saml2Request.getSamlDocumentHolder();
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Server Exception:", e);
+ throw new IOException("Server Exception");
+ }
+ }
- Set<SAML2Handler> handlers = chain.handlers();
- IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
- ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest =
- new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), documentHolder,
- HANDLER_TYPE.SP);
- SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+ if(isNotNull(samlRequest))
+ {
+ //we got a logout request
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
- {
- if(saml2HandlerResponse.isInError())
- {
- response.sendError(saml2HandlerResponse.getErrorCode());
- break;
- }
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest,
saml2HandlerResponse);
- }
- else
- {
- handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
- }
- }
+ //deal with SAML response from IDP
+ InputStream is = RedirectBindingUtil.base64DeflateDecode(samlRequest);
- Document samlResponseDocument =
saml2HandlerResponse.getResultingDocument();
- relayState = saml2HandlerResponse.getRelayState();
+ try
+ {
+ SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
+ SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder();
- String destination = saml2HandlerResponse.getDestination();
+ Set<SAML2Handler> handlers = chain.handlers();
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), documentHolder,
+ HANDLER_TYPE.SP);
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
- if(destination != null &&
- samlResponseDocument != null)
- {
- String samlMsg =
DocumentUtil.getDocumentAsString(samlResponseDocument);
+ //Deal with handler chains
+ for(SAML2Handler handler : handlers)
+ {
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if(samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
- String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
- String destinationURL = destination +
- getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
- HTTPRedirectUtil.sendRedirectForRequestor(destinationURL,
response);
- return true;
- }
- }
- catch (Exception e)
- {
- if(trace)
- log.trace("Server Exception:", e);
- throw new IOException("Server Exception");
- }
- }//end else logoutrequest
- /* }*/
+ String destination = saml2HandlerResponse.getDestination();
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
+ String samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
+
+ String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
+ String destinationURL = destination +
+ getDestination(base64Request, relayState,
saml2HandlerResponse.getSendRequest());
+
+ HTTPRedirectUtil.sendRedirectForRequestor(destinationURL, response);
+ return true;
+ }
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Server Exception:", e);
+ throw new IOException("Server Exception");
+ }
+ }//end else logoutrequest
+
//fallback
return super.authenticate(request, response, loginConfig);
}
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-10-27
17:18:50 UTC (rev 873)
@@ -21,7 +21,9 @@
*/
package org.jboss.identity.federation.web.util;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletResponse;
@@ -44,17 +46,43 @@
private static Logger log = Logger.getLogger(PostBindingUtil.class);
private static boolean trace = log.isTraceEnabled();
+ /**
+ * Apply base64 encoding on the message
+ * @param stringToEncode
+ * @return
+ */
public static String base64Encode(String stringToEncode) throws IOException
{
return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"),
Base64.DONT_BREAK_LINES);
}
-
+
+ /**
+ * Apply base64 decoding on the message and return the byte array
+ * @param encodedString
+ * @return
+ */
public static byte[] base64Decode(String encodedString)
{
+ if(encodedString == null)
+ throw new IllegalArgumentException("encodedString is null");
+
return Base64.decode(encodedString);
}
/**
+ * Apply base64 decoding on the message and return the stream
+ * @param encodedString
+ * @return
+ */
+ public static InputStream base64DecodeAsStream(String encodedString)
+ {
+ if(encodedString == null)
+ throw new IllegalArgumentException("encodedString is null");
+
+ return new ByteArrayInputStream(base64Decode(encodedString));
+ }
+
+ /**
* Send the response to the redirected destination while
* adding the character encoding of "UTF-8" as well as
* adding headers for cache-control and Pragma
Added:
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/jbid-handlers.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/web.xml 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/WEB-INF/web.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -1,35 +1,48 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app version="2.4"
- xmlns="http://java.sun.com/xml/ns/j2ee"
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
- http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
- <description>Employee Application</description>
+ <display-name>Test Employee Application</display-name>
+ <description>
+ Just a Test SP
+ </description>
- <security-constraint>
- <display-name>Restricted</display-name>
- <web-resource-collection>
- <web-resource-name>Restricted Access</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>Employee</role-name>
- </auth-constraint>
- <user-data-constraint>
- <transport-guarantee>NONE</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>EMPLOYEE Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
- <security-role>
- <role-name>Employee</role-name>
- </security-role>
+ <!-- Define a security constraint that gives unlimted access to freezone -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>freezone</web-resource-name>
+ <url-pattern>/freezone/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
- <login-config>
- <auth-method>FORM</auth-method>
- <form-login-config>
- <form-login-page>/login.jsp</form-login-page>
- <form-error-page>/error.jsp</form-error-page>
- </form-login-config>
- </login-config>
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat EMPLOYEE Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the EMPLOYEE Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
</web-app>
Modified:
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/index.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/index.jsp 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-webapps/employee/src/main/webapp/index.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -7,7 +7,7 @@
Here is your cartoon of the day:
<br/>
<img src="careermap.jpg"/>
+<br/>
+<a href="?GLO=true">Click to LogOut</a>
-<br/>
-<a href="logout.jsp">Click to LogOut</a>
</div>
Property changes on: identity-federation/trunk/jboss-identity-webapps/employee-post-sig
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Added: identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project
(rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.project 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,13 @@
+<projectDescription>
+ <name>sales-post-sig</name>
+ <comment>JBoss Identity Samples contains the samples for Federated Identity
Needs.</comment>
+ <projects/>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.settings
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.settings/org.eclipse.jdt.core.prefs
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.settings/org.eclipse.jdt.core.prefs
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/.settings/org.eclipse.jdt.core.prefs 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,5 @@
+#Fri Aug 14 00:41:14 CDT 2009
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: identity-federation/trunk/jboss-identity-webapps/employee-post-sig/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/employee-post-sig/pom.xml
(rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/employee-post-sig/pom.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,38 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.beta2-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>employee-post-sig</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Employee App with http post
signature</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>employee-post-sig</warName>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/resources
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/MANIFEST.MF
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/MANIFEST.MF
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/MANIFEST.MF 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path:
+
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/context.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/context.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/context.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve
className="org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator"
+ />
+</Context>
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/META-INF/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/context.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/context.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/context.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve
className="org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator"
+ />
+</Context>
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,13 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
ServerEnvironment="tomcat">
+ <IdentityURL>http://localhost:8080/idp-sig/</IdentityURL>
+ <ServiceURL>http://localhost:8080/sales-post-sig/</ServiceURL>
+ <KeyProvider
ClassName="org.jboss.identity.federation.core.impl.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+ </KeyProvider>
+
+</JBossSP>
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/lib
___________________________________________________________________
Name: svn:ignore
+ .settings
.metadata
.classpath
target .property
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/web.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/WEB-INF/web.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>Fedbridge Test SALES Application</display-name>
+ <description>
+ Just a Test SP for Fedbridge Project
+ </description>
+
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>SALES Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define a security constraint that gives unlimted access to freezone -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>freezone</web-resource-name>
+ <url-pattern>/freezone/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat SALES Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Manager Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
+</web-app>
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/error.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/error.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/index.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/index.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/index.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,14 @@
+<div align="center">
+<h1>SalesTool</h1>
+<br/>
+Welcome to the Sales Tool, <%=request.getUserPrincipal().getName()%>
+
+<br/>
+Here is your sales chart:
+<br/>
+<img src="piechart.gif"/>
+
+<br/>
+<a href="?GLO=true">Click to LogOut</a>
+
+</div>
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/login.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/login.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/login.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text'
name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password'
size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/logout.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/logout.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/logout.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<%
+ session.invalidate();
+%>
+You are logged out.
Added:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/piechart.gif
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/employee-post-sig/src/main/webapp/piechart.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: identity-federation/trunk/jboss-identity-webapps/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-10-26 21:25:37 UTC (rev
872)
+++ identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-10-27 17:18:50 UTC (rev
873)
@@ -26,6 +26,7 @@
<module>sales</module>
<module>sales-sig</module>
<module>sales-post-sig</module>
+ <module>employee-post-sig</module>
<module>sales-standalone</module>
<module>employee</module>
<module>circleoftrust</module>
Added:
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/jbid-handlers.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/web.xml 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/WEB-INF/web.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -1,41 +1,48 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app version="2.4"
- xmlns="http://java.sun.com/xml/ns/j2ee"
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
- http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
- <description>Sales Application</description>
+ <display-name>Fedbridge Test SALES Application</display-name>
+ <description>
+ Just a Test SP for Fedbridge Project
+ </description>
- <security-constraint>
- <display-name>Restricted</display-name>
- <web-resource-collection>
- <web-resource-name>Restricted Access</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>Sales</role-name>
- </auth-constraint>
- <user-data-constraint>
- <transport-guarantee>NONE</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>SALES Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
- <security-role>
- <role-name>Sales</role-name>
- </security-role>
- <security-role>
- <role-name>Employee</role-name>
- </security-role>
- <security-role>
- <role-name>manager</role-name>
- </security-role>
+ <!-- Define a security constraint that gives unlimted access to freezone -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>freezone</web-resource-name>
+ <url-pattern>/freezone/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
- <login-config>
- <auth-method>FORM</auth-method>
- <form-login-config>
- <form-login-page>/login.jsp</form-login-page>
- <form-error-page>/error.jsp</form-error-page>
- </form-login-config>
- </login-config>
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat SALES Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Manager Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
</web-app>
Modified:
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/index.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/index.jsp 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-webapps/sales/src/main/webapp/index.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -9,5 +9,6 @@
<img src="piechart.gif"/>
<br/>
-<a href="logout.jsp">Click to LogOut</a>
+<a href="?GLO=true">Click to LogOut</a>
+
</div>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/jbid-handlers.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -0,0 +1,4 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/web.xml 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/WEB-INF/web.xml 2009-10-27
17:18:50 UTC (rev 873)
@@ -1,40 +1,48 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app version="2.4"
- xmlns="http://java.sun.com/xml/ns/j2ee"
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
- http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
- <description>Sales Application</description>
+ <display-name>Fedbridge Test SALES Application</display-name>
+ <description>
+ Just a Test SP for Fedbridge Project
+ </description>
- <security-constraint>
- <display-name>Restricted</display-name>
- <web-resource-collection>
- <web-resource-name>Restricted Access</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>Sales</role-name>
- <role-name>manager</role-name>
- </auth-constraint>
- <user-data-constraint>
- <transport-guarantee>NONE</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>SALES Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
- <security-role>
- <role-name>Sales</role-name>
- </security-role>
+ <!-- Define a security constraint that gives unlimted access to freezone -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>freezone</web-resource-name>
+ <url-pattern>/freezone/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
- <security-role>
- <role-name>manager</role-name>
- </security-role>
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat SALES Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
- <login-config>
- <auth-method>FORM</auth-method>
- <form-login-config>
- <form-login-page>/login.jsp</form-login-page>
- <form-error-page>/error.jsp</form-error-page>
- </form-login-config>
- </login-config>
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Manager Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
</web-app>
Modified:
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/index.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/index.jsp 2009-10-26
21:25:37 UTC (rev 872)
+++
identity-federation/trunk/jboss-identity-webapps/sales-post-sig/src/main/webapp/index.jsp 2009-10-27
17:18:50 UTC (rev 873)
@@ -9,5 +9,6 @@
<img src="piechart.gif"/>
<br/>
-<a href="logout.jsp">Click to LogOut</a>
+<a href="?GLO=true">Click to LogOut</a>
+
</div>
6059
days inactive
6059
days old
jboss-identity-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-identity-commits@lists.jboss.org