Author: sguilhen(a)redhat.com Date: 2009-05-25 09:25:00 -0400 (Mon, 25 May 2009) New Revision: 531 Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenCollectionType.java identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseCollectionType.java identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseType.java identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenType.java Log: JBID-84: Added a SAML 2.0 token provider that issues unsigned SAML token assertions. Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-25 13:25:00 UTC (rev 531) @@ -0,0 +1,212 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import java.util.ArrayList; +import java.util.GregorianCalendar; +import java.util.List; +import java.util.UUID; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.dom.DOMResult; + +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; +import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import com.sun.xml.bind.marshaller.NamespacePrefixMapper; + +/** + * <p> + * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests. + * </p> + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAML20TokenProvider implements SecurityTokenProvider +{ + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void cancelToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implement cancel logic. + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void issueToken(WSTrustRequestContext context) throws WSTrustException + { + // generate an id for the new assertion. + String assertionID = "ID-" + UUID.randomUUID().toString(); + + // lifetime and audience restrictions. + GregorianCalendar[] lifetime = WSTrustUtil.parseLifetime(context.getRequestSecurityToken().getLifetime()); + List<AudienceRestrictionType> audienceRestrictions = null; + AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); + if (appliesTo != null) + { + AudienceRestrictionType restriction = new AudienceRestrictionType(); + restriction.getAudience().add(WSTrustUtil.parseAppliesTo(appliesTo)); + audienceRestrictions = new ArrayList<AudienceRestrictionType>(); + audienceRestrictions.add(restriction); + } + ConditionsType conditions = this.createConditions(lifetime[0], lifetime[1], audienceRestrictions); + + // TODO: implement support for the other confirmation methods. + String confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; + SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); + subjectConfirmation.setMethod(confirmationMethod); + + // create a subject using the caller principal. + NameIDType nameID = new NameIDType(); + nameID.setValue(context.getCallerPrincipal().getName()); + nameID.setNameQualifier("http://www.jboss.org"); + SubjectType subject = new SubjectType(); + ObjectFactory factory = new ObjectFactory(); + subject.getContent().add(factory.createNameID(nameID)); + subject.getContent().add(factory.createSubjectConfirmation(subjectConfirmation)); + + // TODO: add SAML statements that corresponds to the claims provided by the requester. + + // generate the SAML assertion. + AssertionType assertion = new AssertionType(); + NameIDType issuerID = new NameIDType(); + issuerID.setValue(context.getTokenIssuer()); + assertion.setID(assertionID); + assertion.setIssuer(issuerID); + assertion.setIssueInstant(this.getXMLCalendar(lifetime[0])); + assertion.setConditions(conditions); + assertion.setSubject(subject); + + // convert the constructed assertion to element. + Document document = null; + try + { + document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + DOMResult result = new DOMResult(document); + JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); + Marshaller marshaller = jaxbContext.createMarshaller(); + marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() + { + @Override + public String getPreferredPrefix(String namespaceURI, String suggestion, boolean requirePrefix) + { + if("urn:oasis:names:tc:SAML:2.0:assertion".equals(namespaceURI)) + return "saml2"; + else if("http://www.w3.org/2001/04/xmlenc#".equals(namespaceURI)) + return "xenc"; + else if("http://www.w3.org/2000/09/xmldsig#".equals(namespaceURI)) + return "ds"; + else + return null; + } + }); + marshaller.marshal(factory.createAssertion(assertion), result); + + Element element = (Element) document.getChildNodes().item(0); + // TODO: sign the generated SAML assertion. + + SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), + assertionID, element); + context.setSecurityToken(token); + } + catch (Exception e) + { + throw new RuntimeException(e); + } + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void renewToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implement renew logic. + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void validateToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implemnent validate logic. + } + + /** + * + * @param created + * @param expires + * @param restrictions + * @return + */ + private ConditionsType createConditions(GregorianCalendar created, GregorianCalendar expires, + List<AudienceRestrictionType> restrictions) + { + ConditionsType conditions = new ConditionsType(); + conditions.setNotBefore(this.getXMLCalendar(created)); + conditions.setNotOnOrAfter(this.getXMLCalendar(expires)); + conditions.getConditionOrAudienceRestrictionOrOneTimeUse().addAll(restrictions); + return conditions; + } + + /** + * + * @param calendar + * @return + */ + private XMLGregorianCalendar getXMLCalendar(GregorianCalendar calendar) + { + DatatypeFactory factory = null; + try + { + factory = DatatypeFactory.newInstance(); + return factory.newXMLGregorianCalendar(calendar); + } + catch (DatatypeConfigurationException dce) + { + throw new RuntimeException("Unable to get DatatypeFactory instance", dce); + } + } +} Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-05-25 13:25:00 UTC (rev 531) @@ -87,6 +87,7 @@ { // create the request context and delegate token generation to the provider. WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); + requestContext.setTokenIssuer(this.configuration.getSTSName()); if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) { // if no lifetime has been specified, use the configured timeout value. Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-05-25 13:25:00 UTC (rev 531) @@ -0,0 +1,91 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import java.util.UUID; + +import org.w3c.dom.Element; + +/** + * <p> + * </p> + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class StandardSecurityToken implements SecurityToken +{ + private final String tokenType; + + private final String tokenId; + + private final Element token; + + /** + * + * @param tokenType + * @param token + */ + public StandardSecurityToken(String tokenType, Element token) + { + this(tokenType, UUID.randomUUID().toString(), token); + } + + /** + * + * @param tokenType + * @param tokenID + * @param token + */ + public StandardSecurityToken(String tokenType, String tokenID, Element token) + { + this.tokenType = tokenType; + this.tokenId = tokenID; + this.token = token; + } + + /* + * (non-Javadoc) + * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType() + */ + public String getTokenType() + { + return this.tokenType; + } + + /* + * (non-Javadoc) + * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue() + */ + public Object getTokenValue() + { + return this.token; + } + + /** + * + * @return + */ + public String getTokenId() + { + return this.tokenId; + } +} Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-05-25 13:25:00 UTC (rev 531) @@ -42,6 +42,8 @@ private SecurityToken securityToken; + private String tokenIssuer; + /** * <p> * Creates an instance of {@code WSTrustRequestContext} using the specified request. @@ -103,4 +105,28 @@ { this.securityToken = token; } + + /** + * <p> + * Obtains the name of the token issuer (security token service name). + * </p> + * + * @return a {@code String} representing the token issuer name. + */ + public String getTokenIssuer() + { + return tokenIssuer; + } + + /** + * <p> + * Sets the name of the token issuer. + * </p> + * + * @param tokenIssuer a {@code String} representing the token issuer name. + */ + public void setTokenIssuer(String tokenIssuer) + { + this.tokenIssuer = tokenIssuer; + } } Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-05-25 13:25:00 UTC (rev 531) @@ -23,6 +23,7 @@ import java.net.URI; import java.net.URISyntaxException; +import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.GregorianCalendar; @@ -30,7 +31,9 @@ import javax.xml.bind.JAXBElement; +import org.jboss.identity.federation.ws.addressing.AttributedURIType; import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.addressing.ObjectFactory; import org.jboss.identity.federation.ws.policy.AppliesTo; import org.jboss.identity.federation.ws.trust.LifetimeType; import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime; @@ -45,7 +48,27 @@ public class WSTrustUtil { + private static final SimpleDateFormat calendarFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'", + Locale.getDefault()); + /** + * + * @param endpointURI + * @return + */ + public static AppliesTo createAppliesTo(String endpointURI) + { + AttributedURIType attributedURI = new AttributedURIType(); + attributedURI.setValue(endpointURI); + EndpointReferenceType reference = new EndpointReferenceType(); + reference.setAddress(attributedURI); + AppliesTo appliesTo = new AppliesTo(); + appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference)); + + return appliesTo; + } + + /** * <p> * Parses the contents of the {@code AppliesTo} element and returns the address the uniquely identify the service * provider. @@ -85,9 +108,7 @@ */ public static LifetimeType createDefaultLifetime(long tokenTimeout) { - long createdTime = getCurrentGMTTime(); - final SimpleDateFormat calendarFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'", Locale - .getDefault()); + long createdTime = System.currentTimeMillis(); Calendar calendar = new GregorianCalendar(); calendarFormatter.setTimeZone(calendar.getTimeZone()); @@ -109,22 +130,32 @@ /** * <p> - * Obtains the current GMT time in milliseconds. + * Parses the specified {@code LifetimeType} instance, returning the 'created' and 'expires' times as + * {@code GregorianCalendar} objects. * </p> * - * @return a long representing the current GMT time in milliseconds. + * @param lifetime the {@code LifetimeType} instance to be parsed. + * @return a {@code GregorianCalendar[]} containing the parsed 'created' and 'expires' times. */ - public static long getCurrentGMTTime() + public static GregorianCalendar[] parseLifetime(LifetimeType lifetime) { - Calendar cal = new GregorianCalendar(); - int offset = cal.get(Calendar.ZONE_OFFSET); - if (cal.getTimeZone().inDaylightTime(cal.getTime())) - offset += cal.getTimeZone().getDSTSavings(); + String createdTime = lifetime.getCreated().getValue(); + String expiresTime = lifetime.getExpires().getValue(); - // return the UTC/GMT time. - return cal.getTimeInMillis() - offset; + try + { + GregorianCalendar createdCalendar = new GregorianCalendar(); + createdCalendar.setTime(calendarFormatter.parse(createdTime)); + GregorianCalendar expiresCalendar = new GregorianCalendar(); + expiresCalendar.setTime(calendarFormatter.parse(expiresTime)); + return new GregorianCalendar[] {createdCalendar, expiresCalendar}; + } + catch (ParseException pe) + { + throw new IllegalArgumentException("Error parsing lifetime object", pe); + } } - + /** * <p> * Utility method for creating URIs without having to deal with the {@code URISyntaxException}. @@ -139,7 +170,7 @@ { return new URI(text); } - catch(URISyntaxException use) + catch (URISyntaxException use) { throw new RuntimeException(use); } Added: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-05-25 13:25:00 UTC (rev 531) @@ -0,0 +1,145 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.api.wstrust; + +import java.net.URI; +import java.security.Principal; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Unmarshaller; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.api.wstrust.SAML20TokenProvider; +import org.jboss.identity.federation.api.wstrust.StandardSecurityToken; +import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; +import org.jboss.identity.federation.api.wstrust.WSTrustUtil; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectType; +import org.w3c.dom.Element; + +/** + * <p> + * </p> + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAML20TokenProviderUnitTestCase extends TestCase +{ + + /** + * + * @throws Exception + */ + public void testIssueSAMLToken() throws Exception + { + // create a WSTrustRequestContext with a simple WS-Trust request. + RequestSecurityToken request = new RequestSecurityToken(); + request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000)); + request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...; + request.setTokenType(new URI("urn:oasis:names:tc:SAML:2.0:assertion")); + + WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); + context.setTokenIssuer("JBossSTS"); + + // call the SAML token provider and check the generated token. + new SAML20TokenProvider().issueToken(context); + assertNotNull("Unexpected null security token", context.getSecurityToken()); + + JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + JAXBElement<?> parsedElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) context.getSecurityToken() + .getTokenValue()); + assertNotNull("Unexpected null element", parsedElement); + assertEquals("Unexpected element type", AssertionType.class, parsedElement.getDeclaredType()); + + AssertionType assertion = (AssertionType) parsedElement.getValue(); + StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken(); + assertEquals("Unexpected token id", securityToken.getTokenId(), assertion.getID()); + assertEquals("Unexpected token issuer", "JBossSTS", assertion.getIssuer().getValue()); + + // check the contents of the assertion conditions. + ConditionsType conditions = assertion.getConditions(); + assertNotNull("Unexpected null conditions", conditions); + assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore()); + assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter()); + assertEquals("Unexpected number of conditions", 1, conditions.getConditionOrAudienceRestrictionOrOneTimeUse() + .size()); + assertTrue("Unexpected condition type", + conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0) instanceof AudienceRestrictionType); + AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions + .getConditionOrAudienceRestrictionOrOneTimeUse().get(0); + assertNotNull("Unexpected null audience list", restrictionType.getAudience()); + assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size()); + assertEquals("Unexpected audience value", "http://services.testcorp.org/provider1", + restrictionType.getAudience().get(0)); + + // check the contents of the assertion subject. + SubjectType subject = assertion.getSubject(); + assertNotNull("Unexpected null subject", subject); + assertEquals("Unexpected subject content size", 2, subject.getContent().size()); + JAXBElement<?> content = subject.getContent().get(0); + assertEquals("Unexpected content type", NameIDType.class, content.getDeclaredType()); + NameIDType nameID = (NameIDType) content.getValue(); + assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); + content = subject.getContent().get(1); + assertEquals("Unexpected content type", SubjectConfirmationType.class, content.getDeclaredType()); + SubjectConfirmationType confirmation = (SubjectConfirmationType) content.getValue(); + assertEquals("Unexpected confirmation method", "urn:oasis:names:tc:SAML:2.0:cm:bearer", confirmation.getMethod()); + } + + /** + * <p> + * </p> + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ + private class TestPrincipal implements Principal + { + private final String name; + + /** + * + * @param name + */ + public TestPrincipal(String name) + { + this.name = name; + } + + /* + * (non-Javadoc) + * + * @see java.security.Principal#getName() + */ + public String getName() + { + return this.name; + } + } +} Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-05-25 13:25:00 UTC (rev 531) @@ -113,17 +113,6 @@ RequestSecurityTokenCollection parsedCollection = (RequestSecurityTokenCollection) baseRequest; assertNotNull("Unexpected null request list", parsedCollection.getRequestSecurityTokens()); assertEquals("Unexpected number of requests", 1, parsedCollection.getRequestSecurityTokens().size()); - - // repeat the tests, this time creating a source that contains the request message directly (no JAXBElement). - source = new JAXBSource(this.context, request.getDelegate()); - baseRequest = factory.parseRequestSecurityToken(source); - assertNotNull("Unexpected null request message", baseRequest); - assertTrue("Unexpected request message type", baseRequest instanceof RequestSecurityToken); - - source = new JAXBSource(this.context, collection.getDelegate()); - baseRequest = factory.parseRequestSecurityToken(source); - assertNotNull("Unexpected null request message", baseRequest); - assertTrue("Unexpected request message type", baseRequest instanceof RequestSecurityTokenCollection); } /** @@ -170,17 +159,6 @@ RequestSecurityTokenResponseCollection parsedCollection = (RequestSecurityTokenResponseCollection) baseResponse; assertNotNull("Unexpected null response list", parsedCollection.getRequestSecurityTokenResponses()); assertEquals("Unexpected number of responses", 1, parsedCollection.getRequestSecurityTokenResponses().size()); - - // repeat the tests, this time creating a source that contains the response message directly (no JAXBElement). - source = new JAXBSource(this.context, response.getDelegate()); - baseResponse = factory.parseRequestSecurityTokenResponse(source); - assertNotNull("Unexpected null response message", baseResponse); - assertTrue("Unexpected response message type", baseResponse instanceof RequestSecurityTokenResponse); - - source = new JAXBSource(this.context, collection.getDelegate()); - baseResponse = factory.parseRequestSecurityTokenResponse(source); - assertNotNull("Unexpected null response message", baseResponse); - assertTrue("Unexpected response message type", baseResponse instanceof RequestSecurityTokenResponseCollection); } /** Modified: identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenCollectionType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenCollectionType.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenCollectionType.java 2009-05-25 13:25:00 UTC (rev 531) @@ -10,10 +10,10 @@ import java.util.ArrayList; import java.util.List; + import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; @@ -45,7 +45,6 @@ @XmlType(name = "RequestSecurityTokenCollectionType", propOrder = { "requestSecurityToken" }) -@XmlRootElement public class RequestSecurityTokenCollectionType { @XmlElement(name = "RequestSecurityToken", required = true) Modified: identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseCollectionType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseCollectionType.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseCollectionType.java 2009-05-25 13:25:00 UTC (rev 531) @@ -12,11 +12,11 @@ import java.util.HashMap; import java.util.List; import java.util.Map; + import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAnyAttribute; import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; import javax.xml.namespace.QName; @@ -49,7 +49,6 @@ @XmlType(name = "RequestSecurityTokenResponseCollectionType", propOrder = { "requestSecurityTokenResponse" }) -@XmlRootElement public class RequestSecurityTokenResponseCollectionType { @XmlElement(name = "RequestSecurityTokenResponse", required = true) Modified: identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseType.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenResponseType.java 2009-05-25 13:25:00 UTC (rev 531) @@ -12,15 +12,16 @@ import java.util.HashMap; import java.util.List; import java.util.Map; + import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAnyAttribute; import javax.xml.bind.annotation.XmlAnyElement; import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlType; import javax.xml.namespace.QName; + import org.w3c.dom.Element; @@ -86,7 +87,6 @@ @XmlType(name = "RequestSecurityTokenResponseType", propOrder = { "any" }) -@XmlRootElement public class RequestSecurityTokenResponseType { @XmlAnyElement(lax = true) Modified: identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenType.java 2009-05-25 08:21:26 UTC (rev 530) +++ identity-federation/trunk/jboss-identity-fed-model/src/main/java/org/jboss/identity/federation/ws/trust/RequestSecurityTokenType.java 2009-05-25 13:25:00 UTC (rev 531) @@ -18,7 +18,6 @@ import javax.xml.bind.annotation.XmlAnyAttribute; import javax.xml.bind.annotation.XmlAnyElement; import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; import javax.xml.bind.annotation.XmlType; import javax.xml.namespace.QName; @@ -83,7 +82,6 @@ @XmlType(name = "RequestSecurityTokenType", propOrder = { "any" }) -@XmlRootElement public class RequestSecurityTokenType { @XmlAnyElement(lax = true)