JBoss Identity SVN: r959 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp and 6 other directories.
10:47 a.m.
Author: anil.saldhana(a)jboss.com
Date: 2009-11-16 11:47:11 -0500 (Mon, 16 Nov 2009)
New Revision: 959
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/CoreConfigUtil.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
Log:
handler signatures
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -51,6 +51,7 @@
import org.jboss.identity.federation.core.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.CoreConfigUtil;
import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
@@ -98,14 +99,8 @@
super.start();
KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
try
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
+ {
+ this.keyManager = CoreConfigUtil.getTrustKeyManager(keyProvider);
keyManager.setAuthProperties(keyProvider.getAuth());
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
}
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -35,6 +35,8 @@
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
@@ -79,6 +81,7 @@
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.jboss.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.jboss.identity.federation.core.util.CoreConfigUtil;
import org.jboss.identity.federation.core.util.StringUtil;
import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -128,8 +131,13 @@
private Context context = null;
- private transient String samlHandlerChainClass = null;
+ private transient String samlHandlerChainClass = null;
+ /**
+ * A Lock for Handler operations in the chain
+ */
+ private Lock chainLock = new ReentrantLock();
+
//Set a list of attributes we are interested in separated by comma
public void setAttributeList(String attribList)
{
@@ -349,6 +357,12 @@
requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY,
this.assertionValidity);
requestOptions.put(GeneralConstants.CONFIGURATION,
this.idpConfiguration);
+ if(this.keyManager != null)
+ {
+ PublicKey validatingKey =
CoreConfigUtil.getValidatingKey(keyManager, request.getRemoteAddr());
+ requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY,
validatingKey);
+ }
+
Map<String,Object> attribs =
this.attribManager.getAttributes(userPrincipal, attributeKeys);
requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
@@ -369,10 +383,18 @@
if(handlers != null)
{
- for(SAML2Handler handler: handlers)
+ try
{
- handler.handleRequestType(saml2HandlerRequest,
saml2HandlerResponse);
- willSendRequest = saml2HandlerResponse.getSendRequest();
+ chainLock.lock();
+ for(SAML2Handler handler: handlers)
+ {
+ handler.handleRequestType(saml2HandlerRequest,
saml2HandlerResponse);
+ willSendRequest = saml2HandlerResponse.getSendRequest();
+ }
+ }
+ finally
+ {
+ chainLock.unlock();
}
}
}
@@ -502,11 +524,19 @@
if(handlers != null)
{
- for(SAML2Handler handler: handlers)
+ try
{
- handler.reset();
- handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
- willSendRequest = saml2HandlerResponse.getSendRequest();
+ chainLock.lock();
+ for (SAML2Handler handler : handlers)
+ {
+ handler.reset();
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ willSendRequest = saml2HandlerResponse.getSendRequest();
+ }
+ }
+ finally
+ {
+ chainLock.unlock();
}
}
}
@@ -790,23 +820,7 @@
ClassLoader tcl = SecurityActions.getContextClassLoader();
AttributeManager delegate = (AttributeManager)
tcl.loadClass(attributeManager).newInstance();
this.attribManager.setDelegate(delegate);
- }
- //Get the handlers
- String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
- handlers =
ConfigurationUtil.getHandlers(context.getServletContext().getResourceAsStream(handlerConfigFileName));
- chain.addAll(HandlerUtil.getHandlers(handlers));
-
- Map<String, Object> chainConfigOptions = new HashMap<String,
Object>();
- chainConfigOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
- chainConfigOptions.put(GeneralConstants.CONFIGURATION, idpConfiguration);
-
- SAML2HandlerChainConfig handlerChainConfig = new
DefaultSAML2HandlerChainConfig(chainConfigOptions);
- Set<SAML2Handler> samlHandlers = chain.handlers();
-
- for(SAML2Handler handler: samlHandlers)
- {
- handler.initChainConfig(handlerChainConfig);
- }
+ }
}
catch (Exception e)
{
@@ -821,13 +835,7 @@
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
+ this.keyManager = CoreConfigUtil.getTrustKeyManager(keyProvider);
keyManager.setAuthProperties(keyProvider.getAuth());
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
}
@@ -839,6 +847,33 @@
if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
}
+ try
+ {
+ //Get the handlers
+ String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
+ handlers =
ConfigurationUtil.getHandlers(context.getServletContext().getResourceAsStream(handlerConfigFileName));
+ chain.addAll(HandlerUtil.getHandlers(handlers));
+
+ Map<String, Object> chainConfigOptions = new HashMap<String,
Object>();
+ chainConfigOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
+ chainConfigOptions.put(GeneralConstants.CONFIGURATION, idpConfiguration);
+ if(this.keyManager != null)
+ chainConfigOptions.put(GeneralConstants.KEYPAIR,
keyManager.getSigningKeyPair());
+
+ SAML2HandlerChainConfig handlerChainConfig = new
DefaultSAML2HandlerChainConfig(chainConfigOptions);
+ Set<SAML2Handler> samlHandlers = chain.handlers();
+
+ for(SAML2Handler handler: samlHandlers)
+ {
+ handler.initChainConfig(handlerChainConfig);
+ }
+ }
+ catch(Exception e)
+ {
+ log.error("Exception dealing with handler configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
+
//Add some keys to the attibutes
String[] ak = new String[]
{"mail","cn","commonname","givenname",
"surname","employeeType",
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -27,6 +27,8 @@
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.ServletContext;
@@ -35,6 +37,7 @@
import org.apache.catalina.connector.Request;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.core.config.SPType;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.handler.config.Handlers;
import org.jboss.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
@@ -67,6 +70,14 @@
protected transient SAML2HandlerChain chain = null;
protected transient String samlHandlerChainClass = null;
+
+ protected Map<String, Object> chainConfigOptions = new HashMap<String,
Object>();
+
+
+ /**
+ * A Lock for Handler operations in the chain
+ */
+ protected Lock chainLock = new ReentrantLock();
public BaseFormAuthenticator()
{
@@ -155,21 +166,32 @@
handlers =
ConfigurationUtil.getHandlers(servletContext.getResourceAsStream(handlerConfigFileName));
chain.addAll(HandlerUtil.getHandlers(handlers));
- Map<String, Object> chainConfigOptions = new HashMap<String,
Object>();
- chainConfigOptions.put(GeneralConstants.CONFIGURATION, spConfiguration);
- chainConfigOptions.put(GeneralConstants.ROLE_VALIDATOR_IGNORE,
"false"); //No validator as tomcat realm does validn
-
- SAML2HandlerChainConfig handlerChainConfig = new
DefaultSAML2HandlerChainConfig(chainConfigOptions);
- Set<SAML2Handler> samlHandlers = chain.handlers();
-
- for(SAML2Handler handler: samlHandlers)
- {
- handler.initChainConfig(handlerChainConfig);
- }
+ this.populateChainConfig();
+ this.initializeHandlerChain();
}
catch(Exception e)
{
throw new RuntimeException(e);
}
+ }
+
+ protected void initializeHandlerChain()
+ throws ConfigurationException, ProcessingException
+ {
+ populateChainConfig();
+ SAML2HandlerChainConfig handlerChainConfig = new
DefaultSAML2HandlerChainConfig(chainConfigOptions);
+ Set<SAML2Handler> samlHandlers = chain.handlers();
+
+ for(SAML2Handler handler: samlHandlers)
+ {
+ handler.initChainConfig(handlerChainConfig);
+ }
}
+
+ protected void populateChainConfig()
+ throws ConfigurationException, ProcessingException
+ {
+ chainConfigOptions.put(GeneralConstants.CONFIGURATION, spConfiguration);
+ chainConfigOptions.put(GeneralConstants.ROLE_VALIDATOR_IGNORE, "false");
//No validator as tomcat realm does validn
+ }
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -118,7 +118,7 @@
{
ServiceProviderBaseProcessor baseProcessor = new
ServiceProviderBaseProcessor(true, serviceURL);
- saml2HandlerResponse = baseProcessor.process(httpContext, handlers);
+ saml2HandlerResponse = baseProcessor.process(httpContext, handlers,
chainLock);
saml2HandlerResponse.setDestination(identityURL);
}
catch(ProcessingException pe)
@@ -185,7 +185,7 @@
ServiceProviderSAMLResponseProcessor responseProcessor =
new ServiceProviderSAMLResponseProcessor(true, serviceURL);
SAML2HandlerResponse saml2HandlerResponse =
- responseProcessor.process(samlResponse, httpContext, handlers);
+ responseProcessor.process(samlResponse, httpContext, handlers,
chainLock);
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
@@ -262,7 +262,7 @@
{
ServiceProviderSAMLRequestProcessor requestProcessor =
new ServiceProviderSAMLRequestProcessor(true, this.serviceURL);
- boolean result = requestProcessor.process(samlRequest, httpContext,
handlers);
+ boolean result = requestProcessor.process(samlRequest, httpContext, handlers,
chainLock);
if(result)
return result;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -27,6 +27,7 @@
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
+import java.util.Map;
import javax.xml.bind.JAXBException;
import javax.xml.crypto.MarshalException;
@@ -37,6 +38,8 @@
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.core.config.KeyProviderType;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyProcessingException;
@@ -46,6 +49,7 @@
import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
@@ -163,4 +167,13 @@
}
return false;
}
+
+ protected void addAdditionalChainConfigOptions(Map<String, Object>
chainConfigOptions)
+ throws ConfigurationException, ProcessingException
+ {
+ if(this.keyManager != null)
+ {
+ chainConfigOptions.put(GeneralConstants.KEYPAIR,
keyManager.getSigningKeyPair());
+ }
+ }
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -123,7 +123,7 @@
{
ServiceProviderBaseProcessor baseProcessor = new
ServiceProviderBaseProcessor(false, serviceURL);
- saml2HandlerResponse = baseProcessor.process(httpContext, handlers);
+ saml2HandlerResponse = baseProcessor.process(httpContext, handlers,
chainLock);
saml2HandlerResponse.setDestination(identityURL);
}
catch(ProcessingException pe)
@@ -153,6 +153,8 @@
try
{
String samlMsg = DocumentUtil.getDocumentAsString(samlResponseDocument);
+ if(trace)
+ log.trace("SAML Document=" + samlMsg);
String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMsg.getBytes("UTF-8"));
String destinationURL = destination +
@@ -191,7 +193,7 @@
ServiceProviderSAMLResponseProcessor responseProcessor =
new ServiceProviderSAMLResponseProcessor(false, serviceURL);
SAML2HandlerResponse saml2HandlerResponse =
- responseProcessor.process(samlResponse, httpContext, handlers);
+ responseProcessor.process(samlResponse, httpContext, handlers,
chainLock);
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
@@ -260,7 +262,7 @@
{
if(trace)
log.trace("Server Exception:", e);
- throw new IOException("Server Exception");
+ throw new IOException("Server Exception:"+
e.getLocalizedMessage());
}
}
@@ -272,7 +274,7 @@
{
ServiceProviderSAMLRequestProcessor requestProcessor =
new ServiceProviderSAMLRequestProcessor(false, this.serviceURL);
- boolean result = requestProcessor.process(samlRequest, httpContext,
handlers);
+ boolean result = requestProcessor.process(samlRequest, httpContext, handlers,
chainLock);
if(result)
return result;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -38,6 +38,7 @@
import org.jboss.identity.federation.core.config.KeyProviderType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyProcessingException;
@@ -95,6 +96,18 @@
throw new LifecycleException(e.getLocalizedMessage());
}
if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
+
+ //Initialize the handler chain again, mainly for the signing pair
+ try
+ {
+ populateChainConfig();
+ super.initializeHandlerChain();
+ }
+ catch (Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new LifecycleException(e.getLocalizedMessage());
+ }
}
protected boolean validate(Request request) throws IOException,
GeneralSecurityException
@@ -184,5 +197,18 @@
{
throw new GeneralSecurityException(e);
}
- }
+ }
+
+ @Override
+ protected void populateChainConfig()
+ throws ConfigurationException, ProcessingException
+ {
+ super.populateChainConfig();
+ if(this.keyManager != null)
+ {
+ if(trace)
+ log.trace("Adding Keypair to the chain config");
+ chainConfigOptions.put(GeneralConstants.KEYPAIR,
keyManager.getSigningKeyPair());
+ }
+ }
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -23,7 +23,7 @@
import java.util.Collection;
import java.util.Collections;
-import java.util.HashSet;
+import java.util.LinkedHashSet;
import java.util.Set;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
@@ -36,7 +36,7 @@
*/
public class DefaultSAML2HandlerChain implements SAML2HandlerChain
{
- private Set<SAML2Handler> handlers = new HashSet<SAML2Handler>();
+ private Set<SAML2Handler> handlers = new LinkedHashSet<SAML2Handler>();
/**
* @see SAML2HandlerChain#add(SAML2Handler)
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/CoreConfigUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/CoreConfigUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/CoreConfigUtil.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -0,0 +1,113 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.util;
+
+import java.security.PublicKey;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.config.KeyProviderType;
+import org.jboss.identity.federation.core.config.ProviderType;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
+
+/**
+ * Utility for configuration
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Nov 13, 2009
+ */
+public class CoreConfigUtil
+{
+ private static Logger log = Logger.getLogger(CoreConfigUtil.class);
+
+ /**
+ * Given either the IDP Configuration or the SP Configuration, derive
+ * the TrustKeyManager
+ * @param idpOrSPConfiguration
+ * @return
+ */
+ public static TrustKeyManager getTrustKeyManager(ProviderType idpOrSPConfiguration)
+ {
+ KeyProviderType keyProvider = idpOrSPConfiguration.getKeyProvider();
+ return getTrustKeyManager(keyProvider);
+ }
+
+ /**
+ * Once the {@code KeyProviderType} is derived, get
+ * the {@code TrustKeyManager}
+ * @param keyProvider
+ * @return
+ */
+ public static TrustKeyManager getTrustKeyManager(KeyProviderType keyProvider)
+ {
+ TrustKeyManager trustKeyManager = null;
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ trustKeyManager = (TrustKeyManager) clazz.newInstance();
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in getting TrustKeyManager:",e);
+ }
+ return trustKeyManager;
+ }
+
+ /**
+ * Get the validating key
+ * @param idpSpConfiguration
+ * @param domain
+ * @return
+ * @throws ConfigurationException
+ * @throws ProcessingException
+ */
+ public static PublicKey getValidatingKey(ProviderType idpSpConfiguration, String
domain)
+ throws ConfigurationException, ProcessingException
+ {
+ TrustKeyManager trustKeyManager = getTrustKeyManager(idpSpConfiguration);
+
+ return getValidatingKey(trustKeyManager, domain);
+ }
+
+ /**
+ * Get the validating key given the trust key manager
+ * @param trustKeyManager
+ * @param domain
+ * @return
+ * @throws ConfigurationException
+ * @throws ProcessingException
+ */
+ public static PublicKey getValidatingKey(TrustKeyManager trustKeyManager,
+ String domain)
+ throws ConfigurationException, ProcessingException
+ {
+ if(trustKeyManager == null)
+ throw new IllegalArgumentException("Trust Key Manager is null");
+
+ return trustKeyManager.getValidatingKey(domain);
+ }
+}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -71,6 +71,7 @@
private static Logger logger = Logger.getLogger(SAML20TokenProvider.class);
+ @SuppressWarnings("unused")
private Map<String, String> properties;
/*
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -24,9 +24,11 @@
import java.security.PublicKey;
import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.w3c.dom.Document;
@@ -38,6 +40,7 @@
public class SAML2SignatureValidationHandler extends BaseSAML2Handler
{
private static Logger log = Logger.getLogger(SAML2SignatureValidationHandler.class);
+ private boolean trace = log.isTraceEnabled();
/**
* @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest,
SAML2HandlerResponse)}
@@ -45,6 +48,16 @@
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
{
Document signedDocument = request.getRequestDocument();
+ if(trace)
+ {
+ try
+ {
+ log.trace("Will validate :" +
DocumentUtil.getDocumentAsString(signedDocument));
+ }
+ catch (ConfigurationException e)
+ {
+ }
+ }
PublicKey publicKey = (PublicKey)
request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
this.validateSender(signedDocument, publicKey);
}
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/SAMLHandlerChainProcessor.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -24,6 +24,7 @@
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
@@ -49,25 +50,34 @@
public void callHandlerChain(SAML2Object samlObject,
SAML2HandlerRequest saml2HandlerRequest,
SAML2HandlerResponse saml2HandlerResponse,
- HTTPContext httpContext)
+ HTTPContext httpContext,
+ Lock chainLock)
throws ProcessingException, IOException
{
- //Deal with handler chains
- for(SAML2Handler handler : handlers)
+ try
{
- if(saml2HandlerResponse.isInError())
+ chainLock.lock();
+ //Deal with handler chains
+ for (SAML2Handler handler : handlers)
{
- httpContext.getResponse().sendError(saml2HandlerResponse.getErrorCode());
- break;
+ if (saml2HandlerResponse.isInError())
+ {
+ httpContext.getResponse().sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if (samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
}
- if(samlObject instanceof RequestAbstractType)
- {
- handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
- }
- else
- {
- handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
- }
+ }
+ finally
+ {
+ chainLock.unlock();
}
}
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderBaseProcessor.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import javax.servlet.http.HttpServletRequest;
@@ -45,12 +46,14 @@
import org.jboss.identity.federation.web.core.HTTPContext;
/**
+ * A processor util at the SP
* @author Anil.Saldhana(a)redhat.com
* @since Oct 27, 2009
*/
public class ServiceProviderBaseProcessor
{
protected static Logger log = Logger.getLogger(ServiceProviderBaseProcessor.class);
+ private boolean trace = log.isTraceEnabled();
protected boolean postBinding;
protected String serviceURL;
@@ -67,7 +70,8 @@
}
public SAML2HandlerResponse process(HTTPContext httpContext,
- Set<SAML2Handler> handlers)
+ Set<SAML2Handler> handlers,
+ Lock chainLock)
throws ProcessingException, IOException, ParsingException, ConfigurationException
{
//Neither saml request nor response from IDP
@@ -82,6 +86,11 @@
//Reset the state
try
{
+ if(trace)
+ log.trace("Handlers are : " + handlers);
+
+ chainLock.lock();
+
for(SAML2Handler handler: handlers)
{
handler.reset();
@@ -102,7 +111,11 @@
{
log.error("Processing Exception:", pe);
throw new RuntimeException(pe);
- }
+ }
+ finally
+ {
+ chainLock.unlock();
+ }
return saml2HandlerResponse;
}
@@ -123,6 +136,5 @@
HttpServletRequest request = httpContext.getRequest();
String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT);
return isNotNull(gloStr) && "true".equalsIgnoreCase(gloStr);
- }
-
+ }
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLRequestProcessor.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -26,6 +26,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import javax.servlet.http.HttpServletResponse;
@@ -54,8 +55,7 @@
* @since Oct 27, 2009
*/
public class ServiceProviderSAMLRequestProcessor extends ServiceProviderBaseProcessor
-{
-
+{
/**
* Construct
* @param postBinding Whether it is the Post Binding
@@ -66,8 +66,20 @@
super(postBinding,serviceURL);
}
+ /**
+ * Process the message
+ * @param samlRequest
+ * @param httpContext
+ * @param handlers
+ * @param chainLock A Lock on the chain of handlers that needs to be used for locking
+ * @return
+ * @throws ProcessingException
+ * @throws IOException
+ * @throws ParsingException
+ * @throws ConfigurationException
+ */
public boolean process(String samlRequest, HTTPContext httpContext,
- Set<SAML2Handler> handlers)
+ Set<SAML2Handler> handlers, Lock chainLock)
throws ProcessingException, IOException, ParsingException, ConfigurationException
{
SAML2Request saml2Request = new SAML2Request();
@@ -96,7 +108,7 @@
SAMLHandlerChainProcessor chainProcessor = new
SAMLHandlerChainProcessor(handlers);
chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest,
- saml2HandlerResponse, httpContext);
+ saml2HandlerResponse, httpContext, chainLock);
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/process/ServiceProviderSAMLResponseProcessor.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -24,6 +24,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
@@ -57,8 +58,21 @@
super(postBinding, serviceURL);
}
+ /**
+ * Process the message
+ * @param samlResponse
+ * @param httpContext
+ * @param handlers
+ * @param chainLock a lock that needs to be used to process the chain of handlers
+ * @return
+ * @throws ProcessingException
+ * @throws IOException
+ * @throws ParsingException
+ * @throws ConfigurationException
+ */
public SAML2HandlerResponse process(String samlResponse, HTTPContext httpContext,
- Set<SAML2Handler> handlers)
+ Set<SAML2Handler> handlers,
+ Lock chainLock)
throws ProcessingException, IOException, ParsingException, ConfigurationException
{
SAML2Response saml2Response = new SAML2Response();
@@ -90,7 +104,7 @@
SAMLHandlerChainProcessor chainProcessor = new
SAMLHandlerChainProcessor(handlers);
chainProcessor.callHandlerChain(samlObject, saml2HandlerRequest,
- saml2HandlerResponse, httpContext);
+ saml2HandlerResponse, httpContext, chainLock);
return saml2HandlerResponse;
}
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-11-16
14:04:51 UTC (rev 958)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-11-16
16:47:11 UTC (rev 959)
@@ -377,6 +377,7 @@
{
try
{
+ sb.append("?");
sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, keyManager.getSigningKey()));
}
6030
days inactive
6030
days old
jboss-identity-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-identity-commits@lists.jboss.org