Author: beve
Date: 2009-09-25 04:00:27 -0400 (Fri, 25 Sep 2009)
New Revision: 809
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClient.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientConfig.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxws.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-saaj.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/resolver.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/xercesImpl.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/xml-apis.jar
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/sts-client.properties
Removed:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientConfig.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/handlers/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/handlers/
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-sts-client.properties
Modified:
identity-federation/trunk/jboss-identity-fed-api/pom.xml
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/pom.xml
Log:
Work for re-opened
https://jira.jboss.org/jira/browse/JBID-194 "Add a JAX-WS SOAP
Protocol handler for JBossSTS"
This task was to move the code from jboss-identity-fed-api to jboss-identity-fed-core.
Some minor refactoring was required also.
Modified: identity-federation/trunk/jboss-identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-09-24 01:24:30 UTC (rev
808)
+++ identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-09-25 08:00:27 UTC (rev
809)
@@ -127,12 +127,6 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>1.8.0</version>
- <scope>test</scope>
- </dependency>
</dependencies>
<reporting>
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-09-24
01:24:30 UTC (rev 808)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -21,223 +21,91 @@
*/
package org.jboss.identity.federation.api.wstrust;
-import java.net.URI;
-import java.util.Map;
-
-import javax.xml.namespace.QName;
-import javax.xml.soap.SOAPBody;
-import javax.xml.soap.SOAPEnvelope;
-import javax.xml.soap.SOAPPart;
-import javax.xml.transform.Source;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Dispatch;
-import javax.xml.ws.Service;
-import javax.xml.ws.Service.Mode;
-import javax.xml.ws.soap.SOAPBinding;
-
import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.STSClientFactory;
import org.jboss.identity.federation.core.wstrust.WSTrustException;
-import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
-import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
-import org.jboss.identity.federation.ws.trust.RenewTargetType;
-import org.jboss.identity.federation.ws.trust.StatusType;
-import org.jboss.identity.federation.ws.trust.ValidateTargetType;
-import org.w3c.dom.Document;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
/**
* WS-Trust Client
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Aug 29, 2009
*/
public class WSTrustClient
{
- private ThreadLocal<Dispatch<Source>> dispatchLocal =
- new InheritableThreadLocal<Dispatch<Source>>();
-
- private String targetNS = "http://org.jboss.identity.trust/sts/";
-
- public static class SecurityInfo
- {
- private String username;
- private String passwd;
-
- public SecurityInfo(String name, char[] pass)
- {
- username = name;
- passwd = new String(pass);
- }
-
- public SecurityInfo(String name, String pass)
- {
- username = name;
- passwd = pass;
- }
- }
-
- public WSTrustClient(String serviceName, String port, String endpointURI,
- SecurityInfo secInfo) throws ParsingException
- {
- QName service = new QName(targetNS, serviceName);
- QName portName = new QName(targetNS, port);
-
- Service jaxwsService = Service.create(service);
- jaxwsService.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointURI);
- Dispatch<Source> dispatch = jaxwsService.createDispatch(portName,
- Source.class, Mode.PAYLOAD);
-
- // add the username and password to the request context.
- Map<String, Object> reqContext = dispatch.getRequestContext();
- if(secInfo != null)
- {
- reqContext.put(BindingProvider.USERNAME_PROPERTY, secInfo.username);
- reqContext.put(BindingProvider.PASSWORD_PROPERTY, secInfo.passwd);
- }
-
- dispatchLocal.set(dispatch);
- }
-
- public Element issueToken(String tokenType) throws WSTrustException
- {
- // create a custom token request message.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setTokenType(URI.create(tokenType));
- request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
- request.setContext("context");
-
- // send the token request to JBoss STS and get the response.
- WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
- DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
- Source response = dispatchLocal.get().invoke(requestSource);
-
- Node documentNode = ((DOMSource) response).getNode();
- Document responseDoc = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
-
-
- NodeList nodes;
- try
- {
- Document myDocument = DocumentUtil.createDocument();
- Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(),
true);
- myDocument.appendChild(importedNode);
-
- nodes = null;
- if(responseDoc instanceof SOAPPart)
- {
- SOAPPart soapPart = (SOAPPart) responseDoc;
- SOAPEnvelope env = soapPart.getEnvelope();
- SOAPBody body = env.getBody();
- Node data = body.getFirstChild();
- nodes =
((Element)data).getElementsByTagName("RequestedSecurityToken");
- }
- else
- nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
- }
- catch (Exception e)
- {
- throw new WSTrustException("Exception in issuing token:", e);
- }
-
- if(nodes == null)
- throw new WSTrustException("NodeList is null");
-
- Node rstr = nodes.item(0);
-
- return (Element) rstr.getFirstChild();
- }
-
- public Element renewToken(String tokenType, Element token) throws WSTrustException
- {
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("context");
-
- request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
- request.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST));
- RenewTargetType renewTarget = new RenewTargetType();
- renewTarget.setAny(token);
- request.setRenewTarget(renewTarget);
-
- // send the token request to JBoss STS and get the response.
- WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
- DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
- Source response = dispatchLocal.get().invoke(requestSource);
-
- Node documentNode = ((DOMSource) response).getNode();
- Document responseDoc = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
-
-
- NodeList nodes;
- try
- {
- Document myDocument = DocumentUtil.createDocument();
- Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(),
true);
- myDocument.appendChild(importedNode);
-
- nodes = null;
- if(responseDoc instanceof SOAPPart)
- {
- SOAPPart soapPart = (SOAPPart) responseDoc;
- SOAPEnvelope env = soapPart.getEnvelope();
- SOAPBody body = env.getBody();
- Node data = body.getFirstChild();
- nodes =
((Element)data).getElementsByTagName("RequestedSecurityToken");
- }
- else
- nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
- }
- catch (Exception e)
- {
- throw new WSTrustException("Exception in renewing token:", e);
- }
-
- if(nodes == null)
- throw new WSTrustException("NodeList is null");
-
- Node rstr = nodes.item(0);
-
- return (Element) rstr.getFirstChild();
-
- }
-
- public boolean validateToken(Element token) throws WSTrustException
- {
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("context");
-
- request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
- request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
- ValidateTargetType validateTarget = new ValidateTargetType();
- validateTarget.setAny(token);
- request.setValidateTarget(validateTarget);
+ /**
+ * The STSClient that this class delegates to.
+ */
+ private STSClient stsClient;
+
+ public static class SecurityInfo
+ {
+ private String username;
+ private String passwd;
- WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
-
- DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
-
- Source response = dispatchLocal.get().invoke(requestSource);
- RequestSecurityTokenResponseCollection
- responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory
- .parseRequestSecurityTokenResponse(response);
- RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+ public SecurityInfo(String name, char[] pass)
+ {
+ username = name;
+ passwd = new String(pass);
+ }
- StatusType status = tokenResponse.getStatus();
- if (status != null)
- {
- String code = status.getCode();
- return WSTrustConstants.STATUS_CODE_VALID.equals(code);
- }
- return false;
- }
-
- public Dispatch<Source> getDispatch()
- {
- return dispatchLocal.get();
- }
+ public SecurityInfo(String name, String pass)
+ {
+ username = name;
+ passwd = pass;
+ }
+ }
+
+ public WSTrustClient(String serviceName, String port, String endpointURI,
SecurityInfo secInfo) throws ParsingException
+ {
+ Builder builder = new STSClientConfig.Builder();
+
builder.serviceName(serviceName).portName(port).endpointAddress(endpointURI).username(secInfo.username).password(secInfo.passwd);
+ stsClient = STSClientFactory.getInstance().create(builder.build());
+ }
+
+ /**
+ * This method will send a RequestSecurityToken with a RequestType of issue
+ * and the passed-in tokenType identifies the type of token to be issued by
+ * the STS.
+ *
+ * @param tokenType - The type of token to be issued.
+ * @return Element - The Security Token element. Will be of the tokenType specified.
+ * @throws WSTrustException
+ */
+ public Element issueToken(String tokenType) throws WSTrustException
+ {
+ return stsClient.issueToken(tokenType);
+ }
+
+ /**
+ * This method will send a RequestSecurityToken with a RequestType of renew
+ * and the passed-in tokenType identifies the type of token to be renewed by
+ * the STS.
+ *
+ * @param tokenType - The type of token to be renewed.
+ * @param token - The security token to be renewed.
+ * @return Element - The Security Token element. Will be of the tokenType specified.
+ */
+ public Element renewToken(String tokenType, Element token) throws WSTrustException
+ {
+ return stsClient.renewToken(tokenType, token);
+
+ }
+
+ /**
+ * This method will send a RequestSecurityToken with a RequestType of validated by
+ * the STS.
+ *
+ * @param token - The security token to be validated.
+ * @return true - If the security token was sucessfully valiated.
+ */
+ public boolean validateToken(Element token) throws WSTrustException
+ {
+ return stsClient.validateToken(token);
+ }
+
}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientConfig.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientConfig.java 2009-09-24
01:24:30 UTC (rev 808)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientConfig.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -1,242 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-/**
- * WSTrustClientConfig has the ability to either programatically construct
- * the configuration needed for {@link WSTrustClient} or parse a file
- * containing the configuration parameters.
- * <p/>
- *
- * <h3>Configure programatically</h3>
- * <pre>{@code
- *
- * Builder builder = new WSTrustClientConfig.Builder();
- * builder.serviceName("JBossSTS");
- * builder.portName("JBossSTSPort");
- * ...
- * WSTrustClientConfig config = builder.build();
- *
- * }</pre>
- *
- * <h3>Configure from file</h3>
- * <pre>{@code
- *
- * WSTrustClientConfig config = new WSTrustClientConfig.Builder().build(configFile);
- *
- * }</pre>
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
- */
-public class WSTrustClientConfig
-{
- public static final String DEFAULT_CONFIG_FILE =
"jboss-sts-client.properties";
-
- public static final String SERVICE_NAME = "serviceName";
- public static final String PORT_NAME = "portName";
- public static final String ENDPOINT_ADDRESS = "endpointAddress";
- public static final String USERNAME = "username";
- public static final String PASSWORD = "password";
- public static final String TOKEN_TYPE = "tokenType";
-
- private String serviceName;
- private String portName;
- private String endpointAddress;
- private String username;
- private String password;
-
- private WSTrustClientConfig(final Builder builder)
- {
- serviceName = builder.serviceName;
- portName = builder.portName;
- endpointAddress = builder.endpointAddress;
- username = builder.username;
- password = builder.password;
- }
-
- public String getServiceName()
- {
- return serviceName;
- }
-
- public String getPortName()
- {
- return portName;
- }
-
- public String getEndPointAddress()
- {
- return endpointAddress;
- }
-
- public String getUsername()
- {
- return username;
- }
-
- public String getPassword()
- {
- return password;
- }
-
- public String toString()
- {
- return getClass().getSimpleName() + "[serviceName=" + serviceName +
", portName=" + portName + ", endpointAddress=" + endpointAddress +
"]";
- }
-
- public static class Builder
- {
- private String serviceName;
- private String portName;
- private String endpointAddress;
- private String username;
- private String password;
-
- public Builder serviceName(final String serviceName)
- {
- this.serviceName = serviceName;
- return this;
- }
-
- public Builder portName(final String portName)
- {
- this.portName = portName;
- return this;
- }
-
- public Builder endpointAddress(final String address)
- {
- this.endpointAddress = address;
- return this;
- }
-
- public Builder username(final String username)
- {
- this.username = username;
- return this;
- }
-
- public Builder password(final String password)
- {
- this.password = password;
- return this;
- }
-
- public WSTrustClientConfig build()
- {
- validate(this);
- return new WSTrustClientConfig(this);
- }
-
- private void validate(Builder builder)
- {
- checkPropertyShowValue(serviceName, SERVICE_NAME);
- checkPropertyShowValue(portName, PORT_NAME);
- checkPropertyShowValue(endpointAddress, endpointAddress);
- checkProperty(username, USERNAME);
- checkProperty(password, PASSWORD);
- }
-
- private void checkPropertyShowValue(final String propertyName, final String
propertyValue)
- {
- if (propertyValue == null || propertyValue.equals(""))
- throw new IllegalArgumentException(propertyName + " property must
not be null or empty was:" + propertyValue);
- }
-
- private void checkProperty(final String propertyName, final String
propertyValue)
- {
- if (propertyValue == null || propertyValue.equals(""))
- throw new IllegalArgumentException(propertyName + " property must
not be null");
- }
-
- public WSTrustClientConfig build(final String configFile)
- {
- InputStream in = null;
-
- try
- {
- in = getResource(configFile);
- if (in == null)
- {
- throw new IllegalStateException("Could not find properties file
" + configFile);
-
- }
- final Properties properties = new Properties();
- properties.load(in);
- this.serviceName = properties.getProperty(SERVICE_NAME);
- this.portName = properties.getProperty(PORT_NAME);
- this.endpointAddress = properties.getProperty(ENDPOINT_ADDRESS);
- this.username = properties.getProperty(USERNAME);
- this.password = properties.getProperty(PASSWORD);
- }
- catch (IOException e)
- {
- throw new IllegalStateException("Could not load properties from
" + configFile);
- }
- finally
- {
- try
- {
- if (in != null)
- in.close();
- }
- catch (final IOException ignored)
- {
- ignored.printStackTrace();
- }
- }
-
- validate(this);
- return new WSTrustClientConfig(this);
- }
- }
-
- private static InputStream getResource(String resource) throws IOException
- {
- // Try it as a File resource...
- final File file = new File(resource);
-
- if (file.exists() && !file.isDirectory())
- {
- return new FileInputStream(file);
- }
- // Try it as a classpath resource ...
- final ClassLoader threadClassLoader =
Thread.currentThread().getContextClassLoader() ;
- if (threadClassLoader != null)
- {
- final InputStream is = threadClassLoader.getResourceAsStream(resource) ;
- if (is != null)
- {
- return is ;
- }
- }
-
- return null;
- }
-
-}
-
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientFactory.java 2009-09-24
01:24:30 UTC (rev 808)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClientFactory.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -1,50 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import org.jboss.identity.federation.api.wstrust.WSTrustClient;
-import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-
-/**
- * Simple factory for creating {@link WSTrustClient}s.
- *
- * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
- */
-public final class WSTrustClientFactory
-{
- private static final WSTrustClientFactory INSTANCE = new WSTrustClientFactory();
-
- private WSTrustClientFactory()
- {
- }
-
- public static WSTrustClientFactory getInstance()
- {
- return INSTANCE;
- }
-
- public WSTrustClient create(final WSTrustClientConfig c) throws ParsingException
- {
- return new WSTrustClient(c.getServiceName(), c.getPortName(),
c.getEndPointAddress(), new SecurityInfo(c.getUsername(), c.getPassword()));
- }
-}
-
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-09-24
01:24:30 UTC (rev 808)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -48,12 +48,12 @@
import junit.framework.TestCase;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
-import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.KeyStoreUtil;
import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-sts-client.properties
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-sts-client.properties 2009-09-24
01:24:30 UTC (rev 808)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-sts-client.properties 2009-09-25
08:00:27 UTC (rev 809)
@@ -1,5 +0,0 @@
-serviceName=JBossSTS
-portName=JBossSTSPort
-endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
-username=admin
-password=admin
Modified: identity-federation/trunk/jboss-identity-fed-core/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-09-24 01:24:30 UTC (rev
808)
+++ identity-federation/trunk/jboss-identity-fed-core/pom.xml 2009-09-25 08:00:27 UTC (rev
809)
@@ -84,6 +84,30 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.8.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.ws.native</groupId>
+ <artifactId>jbossws-native-client</artifactId>
+ <version>3.1.2.SP3</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <version>2.2.14.GA</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<reporting>
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClient.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClient.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClient.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,218 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.net.URI;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.Service;
+import javax.xml.ws.Service.Mode;
+import javax.xml.ws.soap.SOAPBinding;
+
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.RenewTargetType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * WS-Trust Client
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 29, 2009
+ */
+public class STSClient
+{
+ private ThreadLocal<Dispatch<Source>> dispatchLocal = new
InheritableThreadLocal<Dispatch<Source>>();
+
+ private String targetNS = "http://org.jboss.identity.trust/sts/";
+
+ public STSClient(STSClientConfig config)
+ {
+ QName service = new QName(targetNS, config.getServiceName());
+ QName portName = new QName(targetNS, config.getPortName());
+
+ Service jaxwsService = Service.create(service);
+ jaxwsService.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
config.getEndPointAddress());
+ Dispatch<Source> dispatch = jaxwsService.createDispatch(portName,
Source.class, Mode.PAYLOAD);
+
+ Map<String, Object> reqContext = dispatch.getRequestContext();
+ String username = config.getUsername();
+ if (username != null)
+ {
+ // add the username and password to the request context.
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, config.getUsername());
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, config.getPassword());
+ }
+ dispatchLocal.set(dispatch);
+ }
+
+ public Element issueToken(String tokenType) throws WSTrustException
+ {
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(tokenType));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setContext("context");
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatchLocal.get().invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode
: documentNode.getOwnerDocument();
+
+ NodeList nodes;
+ try
+ {
+ Document myDocument = DocumentUtil.createDocument();
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(),
true);
+ myDocument.appendChild(importedNode);
+
+ nodes = null;
+ if (responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes = ((Element)
data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes =
responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Exception in issuing token:", e);
+ }
+
+ if (nodes == null)
+ throw new WSTrustException("NodeList is null");
+
+ Node rstr = nodes.item(0);
+
+ return (Element) rstr.getFirstChild();
+ }
+
+ public Element renewToken(String tokenType, Element token) throws WSTrustException
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("context");
+
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST));
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.setAny(token);
+ request.setRenewTarget(renewTarget);
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatchLocal.get().invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode
: documentNode.getOwnerDocument();
+
+ NodeList nodes;
+ try
+ {
+ Document myDocument = DocumentUtil.createDocument();
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(),
true);
+ myDocument.appendChild(importedNode);
+
+ nodes = null;
+ if (responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes = ((Element)
data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes =
responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Exception in renewing token:", e);
+ }
+
+ if (nodes == null)
+ throw new WSTrustException("NodeList is null");
+
+ Node rstr = nodes.item(0);
+
+ return (Element) rstr.getFirstChild();
+
+ }
+
+ public boolean validateToken(Element token) throws WSTrustException
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("context");
+
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(token);
+ request.setValidateTarget(validateTarget);
+
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+
+ Source response = dispatchLocal.get().invoke(requestSource);
+ RequestSecurityTokenResponseCollection responseCollection =
(RequestSecurityTokenResponseCollection)
jaxbFactory.parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ StatusType status = tokenResponse.getStatus();
+ if (status != null)
+ {
+ String code = status.getCode();
+ return WSTrustConstants.STATUS_CODE_VALID.equals(code);
+ }
+ return false;
+ }
+
+ public Dispatch<Source> getDispatch()
+ {
+ return dispatchLocal.get();
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientConfig.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientConfig.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientConfig.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,239 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+/**
+ * STSClientConfig has the ability to either programatically construct the configuration
+ * needed for {@link STSClient} or parse a file containing the configuration parameters.
+ * <p/>
+ *
+ * <h3>Configure programatically</h3>
+ * Example:
+ * <pre>{@code
+ * Builder builder = new STSClientConfig.Builder();
+ * builder.serviceName("JBossSTS");
+ * builder.portName("JBossSTSPort");
+ * ...
+ * STSClientConfig config = builder.build();
+ * }</pre>
+ *
+ * <h3>Configure from file</h3>
+ * Example:
+ * <pre>{@code
+ * STSClientConfig config = new STSClientConfig.Builder().build(configFile);
+ * }</pre>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
+ */
+public class STSClientConfig
+{
+ public static final String DEFAULT_CONFIG_FILE = "sts-client.properties";
+
+ public static final String SERVICE_NAME = "serviceName";
+ public static final String PORT_NAME = "portName";
+ public static final String ENDPOINT_ADDRESS = "endpointAddress";
+ public static final String USERNAME = "username";
+ public static final String PASSWORD = "password";
+ public static final String TOKEN_TYPE = "tokenType";
+
+ private String serviceName;
+ private String portName;
+ private String endpointAddress;
+ private String username;
+ private String password;
+
+ private STSClientConfig(final Builder builder)
+ {
+ serviceName = builder.serviceName;
+ portName = builder.portName;
+ endpointAddress = builder.endpointAddress;
+ username = builder.username;
+ password = builder.password;
+ }
+
+ public String getServiceName()
+ {
+ return serviceName;
+ }
+
+ public String getPortName()
+ {
+ return portName;
+ }
+
+ public String getEndPointAddress()
+ {
+ return endpointAddress;
+ }
+
+ public String getUsername()
+ {
+ return username;
+ }
+
+ public String getPassword()
+ {
+ return password;
+ }
+
+ public String toString()
+ {
+ return getClass().getSimpleName() + "[serviceName=" + serviceName +
", portName=" + portName + ", endpointAddress=" + endpointAddress +
"]";
+ }
+
+ public static class Builder
+ {
+ private String serviceName;
+ private String portName;
+ private String endpointAddress;
+ private String username;
+ private String password;
+
+ public Builder serviceName(final String serviceName)
+ {
+ this.serviceName = serviceName;
+ return this;
+ }
+
+ public Builder portName(final String portName)
+ {
+ this.portName = portName;
+ return this;
+ }
+
+ public Builder endpointAddress(final String address)
+ {
+ this.endpointAddress = address;
+ return this;
+ }
+
+ public Builder username(final String username)
+ {
+ this.username = username;
+ return this;
+ }
+
+ public Builder password(final String password)
+ {
+ this.password = password;
+ return this;
+ }
+
+ public STSClientConfig build()
+ {
+ validate(this);
+ return new STSClientConfig(this);
+ }
+
+ private void validate(Builder builder)
+ {
+ checkPropertyShowValue(serviceName, SERVICE_NAME);
+ checkPropertyShowValue(portName, PORT_NAME);
+ checkPropertyShowValue(endpointAddress, endpointAddress);
+ checkProperty(username, USERNAME);
+ checkProperty(password, PASSWORD);
+ }
+
+ private void checkPropertyShowValue(final String propertyName, final String
propertyValue)
+ {
+ if (propertyValue == null || propertyValue.equals(""))
+ throw new IllegalArgumentException(propertyName + " property must
not be null or empty was:" + propertyValue);
+ }
+
+ private void checkProperty(final String propertyName, final String
propertyValue)
+ {
+ if (propertyValue == null || propertyValue.equals(""))
+ throw new IllegalArgumentException(propertyName + " property must
not be null");
+ }
+
+ public STSClientConfig build(final String configFile)
+ {
+ InputStream in = null;
+
+ try
+ {
+ in = getResource(configFile);
+ if (in == null)
+ {
+ throw new IllegalStateException("Could not find properties file
" + configFile);
+
+ }
+ final Properties properties = new Properties();
+ properties.load(in);
+ this.serviceName = properties.getProperty(SERVICE_NAME);
+ this.portName = properties.getProperty(PORT_NAME);
+ this.endpointAddress = properties.getProperty(ENDPOINT_ADDRESS);
+ this.username = properties.getProperty(USERNAME);
+ this.password = properties.getProperty(PASSWORD);
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("Could not load properties from
" + configFile);
+ }
+ finally
+ {
+ try
+ {
+ if (in != null)
+ in.close();
+ }
+ catch (final IOException ignored)
+ {
+ ignored.printStackTrace();
+ }
+ }
+
+ validate(this);
+ return new STSClientConfig(this);
+ }
+ }
+
+ private static InputStream getResource(String resource) throws IOException
+ {
+ // Try it as a File resource...
+ final File file = new File(resource);
+
+ if (file.exists() && !file.isDirectory())
+ {
+ return new FileInputStream(file);
+ }
+ // Try it as a classpath resource ...
+ final ClassLoader threadClassLoader =
Thread.currentThread().getContextClassLoader() ;
+ if (threadClassLoader != null)
+ {
+ final InputStream is = threadClassLoader.getResourceAsStream(resource) ;
+ if (is != null)
+ {
+ return is ;
+ }
+ }
+
+ return null;
+ }
+
+}
+
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientFactory.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSClientFactory.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+
+/**
+ * Simple factory for creating {@link STSClient}s.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
+ */
+public final class STSClientFactory
+{
+ private static final STSClientFactory INSTANCE = new STSClientFactory();
+
+ private STSClientFactory()
+ {
+ }
+
+ public static STSClientFactory getInstance()
+ {
+ return INSTANCE;
+ }
+
+ public STSClient create(final STSClientConfig config) throws ParsingException
+ {
+ return new STSClient(config);
+ }
+}
+
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,67 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.handlers;
+
+import static org.jboss.identity.federation.core.wstrust.WSTrustConstants.WSSE_NS;
+import static
org.jboss.identity.federation.core.wstrust.WSTrustConstants.SAML2_ASSERTION_NS;
+import javax.xml.namespace.QName;
+
+
+/**
+ * A concrete implementation of {@link STSSecurityHandler} that can handle SAML
+ * version 2.0 Assertion inside of {@link WSTrustConstants#WSSE_NS} elements.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
+ */
+public class STSSaml20Handler extends STSSecurityHandler
+{
+ /**
+ * Qualified name for WSSE Security Header ({@link
WSTrustConstants#WSSE_NS}:"Security")
+ */
+ public static final QName SECURITY_QNAME = new QName(WSSE_NS, "Security");
+
+ /**
+ * Qualified name for SAML Version 2.0 ({@link
WSTrustConstants#SAML2_ASSERTION_NS}:"Assertion")
+ */
+ public static final QName SAML_TOKEN_QNAME = new QName(SAML2_ASSERTION_NS,
"Assertion");
+
+ /*
+ * (non-Javadoc)
+ * @see
org.jboss.identity.federation.api.wstrust.handlers.JBossSTSSecurityHandler#getSecurityElementQName()
+ */
+ @Override
+ public QName getSecurityElementQName()
+ {
+ return SECURITY_QNAME;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.jboss.identity.federation.api.wstrust.handlers.JBossSTSSecurityHandler#getTokenElementQName()
+ */
+ @Override
+ public QName getTokenElementQName()
+ {
+ return SAML_TOKEN_QNAME;
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,259 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.handlers;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.ws.WebServiceException;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPHandler;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.STSClientFactory;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.w3c.dom.Element;
+
+/**
+ * STSSecurityHandler is a server-side JAX-WS SOAP Protocol handler that will extract a
+ * Security Token from the SOAP Security Header and validate the token with the
configured
+ * Security Token Service (STS).
+ * <p/>
+ *
+ * This class is abstract to simpify is usage as the intention is for a handler to be
specified
+ * in a server side handler chain. Here different Security Header specifications and
security token
+ * specifications can be specified using class names instead of using properties which
would force
+ * users to finding and setting the correct namespaces. Hopefully this will be easier and
less
+ * error prone.
+ *
+ * <h3>Concrete implementations</h3>
+ * Subclasses a required to implement two methods:
+ * <ul>
+ * <li> {@link #getSecurityElementQName()}
+ * This should return the qualified name of the security header. This lets us support
+ * different versions. </li>
+ *
+ * <li>{@link #getTokenElementQName()}
+ * This should return the qualified name of the security token element that should
exist
+ * in the security header. This lets us support different tokens that can be
validated
+ * with the configured STS.</li>
+ * </ul>
+ *
+ * <h3>Configuration</h3>
+ * handlerchain.xml example:
+ * <pre>{@code
+ * <?xml version="1.0" encoding="UTF-8"?>
+ * <jws:handler-config
xmlns:jws="http://java.sun.com/xml/ns/javaee">
+ * <jws:handler-chains>
+ * <jws:handler-chain>
+ * <jws:handler>
+ *
<jws:handler-class>org.jboss.identity.federation.core.wstrust.handlers.STSSaml20Handler</jws:handler-class>
+ * </jws:handler>
+ * </jws:handler-chain>
+ * </jws:handler-chains>
+ * </jws:handler-config>
+ * }</pre>
+ * <p/>
+ *
+ * This class uses {@link STSClient} to interact with an STS. By default the
configuration
+ * properties are set in a file named {@link STSClientConfig#DEFAULT_CONFIG_FILE}.
+ * This can be overridden by specifying environment entries in a deployment descriptor.
+ *
+ * For example in web.xml:
+ * <pre>{@code
+ * <env-entry>
+ * <env-entry-name>STSClientConfig</env-entry-name>
+ * <env-entry-type>java.lang.String</env-entry-type>
+ * <env-entry-value>/sts-client.properties</env-entry-value>
+ * </env-entry>
+ * }</pre>
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
+ */
+public abstract class STSSecurityHandler implements
SOAPHandler<SOAPMessageContext>
+{
+ /**
+ * The path to the jboss-sts-client.properties file.
+ */
+ private String configFile = STSClientConfig.DEFAULT_CONFIG_FILE;
+
+ /**
+ * The {@link STSClient client} that will call the STS.
+ */
+ private STSClient wsTrustClient;
+
+ /**
+ * Subclasses can return the QName of the Security header element in usage.
+ *
+ * @return QName
+ */
+ public abstract QName getSecurityElementQName();
+
+ /**
+ * Subclasses can return the QName of the Security Element that should be used
+ * as the token for validation.
+ *
+ * @return QName
+ */
+ public abstract QName getTokenElementQName();
+
+ /**
+ * Post constuct will be called when the handler is deployed.
+ *
+ * @throws WebServiceException
+ */
+ @PostConstruct
+ public void createWSTrustClient()
+ {
+ if (wsTrustClient == null)
+ {
+ try
+ {
+ final STSClientConfig config = new
STSClientConfig.Builder().build(configFile);
+ wsTrustClient = STSClientFactory.getInstance().create(config);
+ }
+ catch (final ParsingException e)
+ {
+ throw new IllegalStateException(e.getMessage(), e);
+ }
+ }
+ }
+
+ /**
+ * Will process in-bound messages and extract a security token from the SOAP Header.
This token
+ * will then be validated using by calling the STS..
+ *
+ * @param messageContext The {@link SOAPMessageContext messageContext}.
+ * @return true If the security token was correctly validated or if this call was an
outbound message.
+ * @throws WebServiceException If the security token could not be validated.
+ */
+ public boolean handleMessage(final SOAPMessageContext messageContext)
+ {
+ if (isOutBound(messageContext))
+ {
+ return true;
+ }
+
+ try
+ {
+ final Element securityToken = extractSecurityToken(messageContext,
getSecurityElementQName(), getTokenElementQName());
+
+ if (wsTrustClient.validateToken(securityToken))
+ {
+ return true;
+ }
+ else
+ {
+ throw new WebServiceException("Could not validate security token
"+ securityToken);
+ }
+ }
+ catch (final SOAPException e)
+ {
+ throw new WebServiceException(e.getMessage(), e);
+ }
+ catch (final WSTrustException e)
+ {
+ throw new WebServiceException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * Allows the {@link STSClient} to be injected if required.
+ *
+ * @param client The WSTrustClient to be used by this handler.
+ */
+ public void setWSTrustClient(final STSClient client)
+ {
+ wsTrustClient = client;
+ }
+
+ public Set<QName> getHeaders()
+ {
+ return Collections.singleton(getSecurityElementQName());
+ }
+
+ public boolean handleFault(final SOAPMessageContext messageContext)
+ {
+ return true;
+ }
+
+ public void close(final MessageContext messageContext)
+ {
+ // NoOp.
+ }
+
+
+ /**
+ * This setter enables the injection of the jboss-sts-client.properties file
+ * path.
+ *
+ * @param configFile
+ */
+ @Resource (name = "STSClientConfig")
+ public void setConfigFile(final String configFile)
+ {
+ if (configFile != null)
+ {
+ this.configFile = configFile;
+ }
+ }
+
+ private boolean isOutBound(final SOAPMessageContext messageContext)
+ {
+ return ((Boolean)
messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue();
+ }
+
+ @SuppressWarnings("unchecked")
+ private Element extractSecurityToken(final SOAPMessageContext messageContext, final
QName securityQName, final QName tokenQName) throws SOAPException
+ {
+ if (securityQName == null)
+ throw new IllegalStateException("securityQName from subclass cannot be
null!");
+ if (tokenQName == null)
+ throw new IllegalStateException("tokenQName from subclass cannot be
null!");
+
+ final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader();
+ final Iterator securityHeaders = soapHeader.getChildElements(securityQName);
+ while (securityHeaders.hasNext())
+ {
+ final SOAPHeaderElement elem = (SOAPHeaderElement) securityHeaders.next();
+ // Check if the header is equal to the one this Handler is configured for.
+ if (elem.getElementQName().equals(securityQName))
+ {
+ final Iterator childElements = elem.getChildElements(tokenQName);
+ while (childElements.hasNext())
+ {
+ return (Element) childElements.next();
+ }
+ }
+ }
+ return null;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,68 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.junit.Test;
+
+import junit.framework.TestCase;
+
+/**
+ * Unit test for {@link WSTrustClientConfig}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
+ *
+ */
+public class STSClientConfigUnitTestCase extends TestCase
+{
+ final String serviceName = "JBossSTS";
+ final String portName = "JBossSTSPort";
+ final String endpointAddress = "http://localhost:8080/jboss-sts/JBossSTS";
+ final String username = "admin";
+ final String password = "admin";
+
+ @Test
+ public void testBuild()
+ {
+ final Builder builder = new STSClientConfig.Builder();
+ final STSClientConfig config =
builder.serviceName(serviceName).portName(portName).endpointAddress(endpointAddress).username(username).password(password).build();
+ assertAllProperties(config);
+ }
+
+ public void testBuildFromConfigPropertiesFile()
+ {
+ final Builder builder = new STSClientConfig.Builder();
+ STSClientConfig config =
builder.build("wstrust/sts-client.properties");
+ assertAllProperties(config);
+ }
+
+ private void assertAllProperties(final STSClientConfig config)
+ {
+ assertEquals(serviceName, config.getServiceName());
+ assertEquals(portName, config.getPortName());
+ assertEquals(endpointAddress, config.getEndPointAddress());
+ assertEquals(username, config.getUsername());
+ assertEquals(password, config.getPassword());
+
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/STSClientUnitTestCase.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,238 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.util.Map;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.Service;
+import javax.xml.ws.Service.Mode;
+import javax.xml.ws.soap.SOAPBinding;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.KeyStoreUtil;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Unit tests for WS-Trust STS Clients
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 26, 2009
+ */
+public class STSClientUnitTestCase extends TestCase
+{
+ //Specify whether this test is run as part of build
+ private boolean usetest = false;
+
+
+ public void testSTS() throws Exception
+ {
+ if(usetest == false)
+ return;
+
+ // create a dispatch object to invoke JBoss STSs.
+ Dispatch<Source> dispatch = createDispatch();
+
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setContext("context");
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatch.invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
+
+
+ Document myDocument = DocumentUtil.createDocument();
+
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
+
+ myDocument.appendChild(importedNode);
+
+ NodeList nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes =
((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
+
+ assertNotNull("Nodelist not null", nodes);
+ Node rstr = nodes.item(0);
+ /*RequestSecurityTokenResponseCollection responseCollection =
(RequestSecurityTokenResponseCollection)
jaxbFactory.parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ // the SAML assertion is returned as an Element.
+ Element assertion = (Element)
tokenResponse.getRequestedSecurityToken().getAny();*/
+ Element assertion = (Element) rstr.getFirstChild();
+ System.out.println("NAMESPACE=" + assertion.getNamespaceURI());
+
+// PublicKey key = getValidatingKey();
+// Document validate = DocumentUtil.createDocument();
+// validate.appendChild(validate.importNode(assertion, true));
+// System.out.println("Is token valid? " +
XMLSignatureUtil.validate(validate, key));
+
+ // print the assertion for demonstration purposes.
+ System.out.println("\nSuccessfully issued a standard SAMLV2.0
Assertion!");
+ printAssertion(assertion);
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ KeyStore ks =
KeyStoreUtil.getKeyStore(tcl.getResource("keystore/sts_keystore.jks")
+ , "testpass".toCharArray());
+
+ PublicKey pk = KeyStoreUtil.getPublicKey(ks, "sts",
"keypass".toCharArray());
+
+ assertNotNull("Public key is not null", pk);
+ Document tokenDocument = DocumentUtil.createDocument();
+ importedNode = tokenDocument.importNode(assertion, true);
+ tokenDocument.appendChild(importedNode);
+
+ //System.out.println("Going to validate:" +
DocumentUtil.getDocumentAsString(tokenDocument));
+ //assertTrue("SignedInfo valid",
XMLSignatureUtil.preCheckSignedInfo(tokenDocument));
+ //Locally we will validate the assertion
+ assertTrue("Recieved assertion sig valid",
XMLSignatureUtil.validate(tokenDocument, pk));
+
+ // let's validate the received SAML assertion.
+ request.getAny().clear();
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(assertion);
+ request.setValidateTarget(validateTarget);
+
+ requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+
+ response = dispatch.invoke(requestSource);
+ RequestSecurityTokenResponseCollection
+ responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory
+ .parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ StatusType status = tokenResponse.getStatus();
+ if (status != null)
+ {
+ String code = status.getCode();
+ assertFalse("Signature is valid",
WSTrustConstants.STATUS_CODE_INVALID.equals(code));
+
+ System.out.println("\n\nSAMLV2.0 Assertion successfuly validated!");
+ System.out.println("Validation status code: " +
tokenResponse.getStatus().getCode());
+ System.out.println("Validation status reason: " +
tokenResponse.getStatus().getReason());
+ }
+ else
+ System.out.println("\n\nFailed to validate SAMLV2.0 Assertion");
+ }
+
+ public void testIssue_Validate_Renew() throws Exception
+ {
+ if(usetest == false)
+ return;
+
+ String serviceName = "JBossSTS";
+ String portName = "JBossSTSPort";
+ String endpointAddress = "http://localhost:8080/jboss-sts/JBossSTS";
+ Builder builder = new STSClientConfig.Builder();
+ STSClientConfig config =
builder.serviceName(serviceName).portName(portName).endpointAddress(endpointAddress).username("admin").password("admin").build();
+ STSClient client = new STSClient(config);
+ Element token = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ assertTrue("Token is valid" , client.validateToken(token));
+
+ Element renewedToken = client.renewToken(SAMLUtil.SAML2_TOKEN_TYPE, token);
+ System.out.println("Renewed Token=" +
DocumentUtil.getNodeAsString(renewedToken));
+ }
+
+
+ private Dispatch<Source> createDispatch() throws MalformedURLException,
JAXBException
+ {
+ // JBoss STS target information.
+ String targetNS = "http://org.jboss.identity.trust/sts/";
+ QName serviceName = new QName(targetNS, "JBossSTS");
+ QName portName = new QName(targetNS, "JBossSTSPort");
+ URL endpointAddress = new
URL("http://localhost:8080/jboss-sts/JBossSTS");
+// URL securityConfigURL = new
File("jboss-wsse-client.xml").toURI().toURL();
+
+ Service service = Service.create(serviceName);
+ service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
endpointAddress.toExternalForm());
+
+ // create the dispatch, setting the client security configuration file.
+ Dispatch<Source> dispatch = service.createDispatch(portName, Source.class,
Mode.PAYLOAD);
+// ((ConfigProvider)
dispatch).setSecurityConfig(securityConfigURL.toExternalForm());
+// ((ConfigProvider) dispatch).setConfigName("Standard WSSecurity
Client");
+
+ // add the username and password to the request context.
+ Map<String, Object> reqContext = dispatch.getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, "admin");
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, "admin");
+
+ return dispatch;
+ }
+
+ private void printAssertion(Element assertion) throws Exception
+ {
+ TransformerFactory tranFactory = TransformerFactory.newInstance();
+ Transformer aTransformer = tranFactory.newTransformer();
+ Source src = new DOMSource(assertion);
+ Result dest = new StreamResult(System.out);
+ aTransformer.transform(src, dest);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,154 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust.handlers;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.WebServiceException;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.wstrust.STSClient;
+import org.jboss.identity.federation.core.wstrust.handlers.STSSaml20Handler;
+import org.jboss.identity.federation.core.wstrust.handlers.STSSecurityHandler;
+import org.w3c.dom.Element;
+
+/**
+ * Unit test for {@link STSSaml20Handler}.
+ *
+ * @author <a href="mailto:dbevenius@jboss.com">Daniel
Bevenius</a>
+ *
+ */
+public class STSSaml20HandlerTestCase extends TestCase
+{
+ private SOAPMessageContext soapMessageContext;
+ private SOAPMessage soapMessage;
+ private STSClient wsTrustClient;
+ private STSSaml20Handler samlHandler;
+
+ public void testHandleMessageOutbound() throws SOAPException
+ {
+ setOutbound(soapMessageContext, true);
+ assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext));
+ }
+
+ public void testHandleMessageInboundValidToken() throws Exception
+ {
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ // Make the Mocked WSTrustClient validateToken method return true.
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true);
+
+ final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler,
soapHeader);
+ addAssertionElement(samlHandler, securityHeader);
+
+ setOutbound(soapMessageContext, false);
+ setMessageOnContext(soapMessageContext, soapMessage);
+
+ boolean result = samlHandler.handleMessage(soapMessageContext);
+ assertTrue(result);
+ }
+
+ public void testHandleMessageInValidToken() throws Exception
+ {
+ final SOAPHeader soapHeader = soapMessage.getSOAPHeader();
+
+ // Make the Mocked WSTrustClient validateToken method return false.
+ when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false);
+
+ final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler,
soapHeader);
+ addAssertionElement(samlHandler, securityHeader);
+
+ setOutbound(soapMessageContext, false);
+ setMessageOnContext(soapMessageContext, soapMessage);
+ try
+ {
+ samlHandler.handleMessage(soapMessageContext);
+ fail("handleMessage should have thrown a exception!");
+ }
+ catch(final Exception e)
+ {
+ assertTrue (e instanceof WebServiceException);
+ }
+ }
+
+ public void setUp()
+ {
+ // Create a Mock for WSTrustClient.
+ wsTrustClient = mock(STSClient.class);
+
+ samlHandler = new STSSaml20Handler();
+ // Set the WSTrustClient to our mocked client.
+ samlHandler.setWSTrustClient(wsTrustClient);
+ // Simulate the WS Engine calling @PostConstruct.
+ samlHandler.createWSTrustClient();
+
+ soapMessageContext = mock(SOAPMessageContext.class);
+
+ try
+ {
+ soapMessage = MessageFactory.newInstance().createMessage();
+ }
+ catch (SOAPException e)
+ {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private SOAPHeaderElement addSecurityHeader(final STSSecurityHandler handler, final
SOAPHeader soapHeader) throws SOAPException
+ {
+ final QName securityQName = handler.getSecurityElementQName();
+ final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new
QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse"));
+ soapHeader.addChildElement(securityHeader);
+ return securityHeader;
+ }
+
+ private SOAPElement addAssertionElement(final STSSecurityHandler handler, final
SOAPHeaderElement securityHeader) throws SOAPException
+ {
+ final QName tokenElementQName = handler.getTokenElementQName();
+ final SOAPElement tokenElement = securityHeader.addChildElement(new
QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(),
"saml"));
+ return securityHeader.addChildElement(tokenElement);
+ }
+
+ private void setMessageOnContext(final SOAPMessageContext messageContext, final
SOAPMessage soapMessage)
+ {
+ when(messageContext.getMessage()).thenReturn(soapMessage);
+ }
+
+ private void setOutbound(MessageContext messageContext, boolean outbound)
+ {
+
when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(outbound);
+ }
+
+}
+
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxws.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-jaxws.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-saaj.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/jbossws-native-saaj.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/resolver.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/resolver.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/xercesImpl.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/xercesImpl.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/xml-apis.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/endorsed/xml-apis.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/sts-client.properties
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/sts-client.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/sts-client.properties 2009-09-25
08:00:27 UTC (rev 809)
@@ -0,0 +1,5 @@
+serviceName=JBossSTS
+portName=JBossSTSPort
+endpointAddress=http://localhost:8080/jboss-sts/JBossSTS
+username=admin
+password=admin