Author: anil.saldhana(a)jboss.com
Date: 2009-08-21 17:52:21 -0400 (Fri, 21 Aug 2009)
New Revision: 725
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SecurityActions.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/DefaultLoginHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/SecurityActions.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleGenerator.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleValidator.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/SecurityActions.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java
identity-federation/trunk/jboss-identity-webapps/idp-standalone/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/resources/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/META-INF/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
identity-federation/trunk/jboss-identity-webapps/sales-standalone/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/resources/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/META-INF/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
identity-federation/trunk/jboss-identity-web/pom.xml
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-webapps/pom.xml
Log:
JBID-169: IDP and SP web apps that work on any web container
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -42,18 +42,18 @@
import org.jboss.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
import org.jboss.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
import org.jboss.identity.federation.api.util.KeyUtil;
-import org.jboss.identity.federation.web.config.KeyProviderType;
-import org.jboss.identity.federation.web.config.KeyValueType;
-import org.jboss.identity.federation.web.config.MetadataProviderType;
-import org.jboss.identity.federation.web.config.ProviderType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.bindings.providers.IMetadataProvider;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.jboss.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.jboss.identity.federation.saml.v2.metadata.RoleDescriptorType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.config.KeyValueType;
+import org.jboss.identity.federation.web.config.MetadataProviderType;
+import org.jboss.identity.federation.web.config.ProviderType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
import org.jboss.identity.xmlsec.w3.xmldsig.KeyInfoType;
/**
@@ -97,7 +97,7 @@
try
{
- ProviderType providerType = ValveUtil.getIDPConfiguration(is);
+ ProviderType providerType = ConfigurationUtil.getIDPConfiguration(is);
metadataProviderType = providerType.getMetaDataProvider();
String fqn = metadataProviderType.getClassName();
ClassLoader tcl = SecurityActions.getContextClassLoader();
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -45,12 +45,7 @@
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.TrustType;
-import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
@@ -66,6 +61,12 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.TrustType;
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.xml.sax.SAXException;
/**
@@ -89,6 +90,19 @@
{
super();
}
+
+ public void setRoleGenerator(String rgName)
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(rgName);
+ rg = (RoleGenerator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
@Override
public void invoke(Request request, Response response) throws IOException,
ServletException
@@ -495,7 +509,7 @@
throw new RuntimeException(configFile + " missing");
try
{
- idpConfiguration = ValveUtil.getIDPConfiguration(is);
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
this.identityURL = idpConfiguration.getIdentityURL();
log.trace("Identity Provider URL=" + this.identityURL);
this.assertionValidity = idpConfiguration.getAssertionValidity();
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -41,23 +41,23 @@
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
+import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.web.config.IDPType;
import org.jboss.identity.federation.web.config.KeyProviderType;
import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.w3c.dom.Document;
/**
@@ -107,6 +107,19 @@
this.signOutgoingMessages = signOutgoingMessages;
}
+ public void setRoleGenerator(String rgName)
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(rgName);
+ rg = (RoleGenerator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
@Override
public void invoke(Request request, Response response) throws IOException,
ServletException
{
@@ -463,7 +476,7 @@
throw new RuntimeException(configFile + " missing");
try
{
- idpConfiguration = ValveUtil.getIDPConfiguration(is);
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
this.identityURL = idpConfiguration.getIdentityURL();
log.trace("Identity Provider URL=" + this.identityURL);
this.assertionValidity = idpConfiguration.getAssertionValidity();
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -30,7 +30,7 @@
import org.apache.catalina.connector.Request;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.web.config.SPType;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
/**
* Base Class for Form Authenticators
@@ -85,7 +85,7 @@
throw new RuntimeException(configFile + " missing");
try
{
- spConfiguration = ValveUtil.getSPConfiguration(is);
+ spConfiguration = ConfigurationUtil.getSPConfiguration(is);
this.identityURL = spConfiguration.getIdentityURL();
this.serviceURL = spConfiguration.getServiceURL();
log.trace("Identity Provider URL=" + this.identityURL);
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -28,16 +28,6 @@
import java.io.InputStream;
import java.net.URL;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.SPType;
-import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
-import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.xml.sax.SAXException;
-
/**
* Util for tomcat valves
* @author Anil.Saldhana(a)redhat.com
@@ -95,47 +85,7 @@
return is;
}
- @SuppressWarnings("unchecked")
- public static IDPType getIDPConfiguration(InputStream is) throws JAXBException,
SAXException
- {
- if(is == null)
- throw new IllegalArgumentException("inputstream is null");
- String schema = "schema/config/jboss-identity-fed.xsd";
-
- String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
- boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
-
- String pkgName = "org.jboss.identity.federation.web.config";
- Unmarshaller un = null;
- if(validate)
- un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
- else
- un = JAXBUtil.getUnmarshaller(pkgName);
-
- JAXBElement<IDPType> jaxbSp = (JAXBElement<IDPType>)
un.unmarshal(is);
- return jaxbSp.getValue();
- }
- @SuppressWarnings("unchecked")
- public static SPType getSPConfiguration(InputStream is) throws JAXBException,
SAXException
- {
- if(is == null)
- throw new IllegalArgumentException("inputstream is null");
- String schema = "schema/config/jboss-identity-fed.xsd";
-
- String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
- boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
-
- String pkgName = "org.jboss.identity.federation.web.config";
- Unmarshaller un = null;
- if(validate)
- un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
- else
- un = JAXBUtil.getUnmarshaller(pkgName);
-
- JAXBElement<SPType> jaxbSp = (JAXBElement<SPType>) un.unmarshal(is);
- return jaxbSp.getValue();
- }
/**
* Given a SP or IDP issuer from the assertion, return the host
Modified: identity-federation/trunk/jboss-identity-web/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-web/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/trunk/jboss-identity-web/pom.xml 2009-08-21 21:52:21 UTC (rev
725)
@@ -115,7 +115,7 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
- <version>2.4</version>
+ <version>2.5</version>
<optional>true</optional>
</dependency>
<dependency>
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,480 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.filters;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignatureException;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.config.SPType;
+import org.jboss.identity.federation.web.config.TrustType;
+import org.jboss.identity.federation.web.interfaces.IRoleValidator;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.roles.DefaultRoleValidator;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class SPFilter implements Filter
+{
+ private static Logger log = Logger.getLogger(SPFilter.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public static final String PRINCIPAL_ID = "jboss_identity.principal";
+ public static final String ROLES_ID = "jboss_identity.roles";
+
+ protected SPType spConfiguration = null;
+ protected String configFile = "/WEB-INF/jboss-idfed.xml";
+
+ protected String serviceURL = null;
+ protected String identityURL = null;
+
+ private TrustKeyManager keyManager;
+
+ private ServletContext context = null;
+
+ private IRoleValidator roleValidator = new DefaultRoleValidator();
+
+ public void destroy()
+ {
+ }
+
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
+ FilterChain filterChain)
+ throws IOException, ServletException
+ {
+ HttpServletRequest request = (HttpServletRequest) servletRequest;
+ HttpServletResponse response = (HttpServletResponse) servletResponse;
+
+ boolean postMethod = "POST".equalsIgnoreCase(request.getMethod());
+ Principal userPrincipal = null;
+
+ HttpSession session = request.getSession();
+ if(!postMethod)
+ {
+ //Check if we are already authenticated
+ userPrincipal = (Principal) session.getAttribute(PRINCIPAL_ID);
+ if(userPrincipal != null)
+ {
+ filterChain.doFilter(servletRequest, servletResponse);
+ return;
+ }
+
+ //We need to send request to IDP
+ if(userPrincipal == null)
+ {
+ String relayState = null;
+ try
+ {
+ AuthnRequestType authnRequest = createSAMLRequest(serviceURL,
identityURL);
+ sendRequestToIDP(authnRequest, relayState, response);
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ return;
+ }
+ }
+ else
+ {
+ //See if we got a response from IDP
+ String samlResponse = request.getParameter("SAMLResponse");
+ if(samlResponse != null && samlResponse.length() > 0 )
+ {
+ boolean isValid = false;
+ try
+ {
+ isValid = this.validate(request);
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ if(!isValid)
+ throw new ServletException("Validity check failed");
+
+ //deal with SAML response from IDP
+ byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
+ InputStream is = new ByteArrayInputStream(base64DecodedResponse);
+
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+
+ ResponseType responseType = saml2Response.getResponseType(is);
+
+ SAMLDocumentHolder samlDocumentHolder =
saml2Response.getSamlDocumentHolder();
+
+ boolean validSignature = this.verifySignature(samlDocumentHolder);
+
+ if(validSignature == false)
+ throw new IssuerNotTrustedException("Signature in saml document is
invalid");
+
+ this.isTrusted(responseType.getIssuer().getValue());
+
+ List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from
IDP");
+
+ Object assertion = assertions.get(0);
+ if(assertion instanceof EncryptedElementType)
+ {
+ responseType = this.decryptAssertion(responseType);
+ }
+
+ userPrincipal = handleSAMLResponse(request, responseType);
+ if(userPrincipal == null)
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+ filterChain.doFilter(request, servletResponse);
+ }
+ catch (ParsingException e)
+ {
+ if(trace)
+ log.trace("Parsing Exception:", e);
+ throw new ServletException("Parsing Exception");
+ }
+ catch (ConfigurationException e)
+ {
+ if(trace)
+ log.trace("ConfigurationException:", e);
+ throw new ServletException("Config Exception");
+ }
+ catch (IssuerNotTrustedException e)
+ {
+ if(trace)
+ log.trace("IssuerNotTrustedException:", e);
+ throw new ServletException("Issuer Not Trusted Exception");
+ }
+ catch (AssertionExpiredException e)
+ {
+ if(trace)
+ log.trace("AssertionExpiredException:", e);
+ throw new ServletException("Assertion expired Exception");
+ }
+ }
+
+ }
+
+ }
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ this.context = filterConfig.getServletContext();
+ InputStream is = context.getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ spConfiguration = ConfigurationUtil.getSPConfiguration(is);
+ this.identityURL = spConfiguration.getIdentityURL();
+ this.serviceURL = spConfiguration.getServiceURL();
+ log.trace("Identity Provider URL=" + this.identityURL);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new RuntimeException("KeyProvider is null");
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new RuntimeException(e.getLocalizedMessage());
+ }
+ log.trace("Key Provider=" + keyProvider.getClassName());
+
+ //Get the Role Validator if configured
+ String roleValidatorName =
filterConfig.getInitParameter("ROLE_VALIDATOR");
+ if(roleValidatorName != null && !"".equals(roleValidatorName))
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(roleValidatorName);
+ this.roleValidator = (IRoleValidator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ Map<String,String> options = new HashMap<String, String>();
+ String roles = filterConfig.getInitParameter("ROLES");
+ if(trace)
+ log.trace("Found Roles in SPFilter config="+roles);
+ if(roles != null)
+ {
+ options.put("ROLES", roles);
+ }
+ this.roleValidator.intialize(options);
+ }
+
+ /**
+ * Create a SAML2 auth request
+ * @param serviceURL URL of the service
+ * @param identityURL URL of the identity provider
+ * @return
+ * @throws ConfigurationException
+ */
+ private AuthnRequestType createSAMLRequest(String serviceURL, String identityURL)
throws ConfigurationException
+ {
+ if(serviceURL == null)
+ throw new IllegalArgumentException("serviceURL is null");
+ if(identityURL == null)
+ throw new IllegalArgumentException("identityURL is null");
+
+ SAML2Request saml2Request = new SAML2Request();
+ String id = IDGenerator.create("ID_");
+ return saml2Request.createAuthnRequestType(id, serviceURL, identityURL,
serviceURL);
+ }
+
+ protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState,
+ HttpServletResponse response)
+ throws IOException, SAXException, JAXBException,GeneralSecurityException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Request.marshall(authnRequest, baos);
+
+ String samlMessage = PostBindingUtil.base64Encode(baos.toString());
+ String destination = authnRequest.getDestination();
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, true);
+ }
+
+ protected boolean validate(HttpServletRequest request) throws IOException,
GeneralSecurityException
+ {
+ return request.getParameter("SAMLResponse") != null;
+ }
+
+ protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws
IssuerNotTrustedException
+ {
+ Document samlResponse = samlDocumentHolder.getSamlDocument();
+ ResponseType response = (ResponseType) samlDocumentHolder.getSamlObject();
+
+ String issuerID = response.getIssuer().getValue();
+
+ if(issuerID == null)
+ throw new IssuerNotTrustedException("Issue missing");
+
+ URL issuerURL;
+ try
+ {
+ issuerURL = new URL(issuerID);
+ }
+ catch (MalformedURLException e1)
+ {
+ throw new IssuerNotTrustedException(e1);
+ }
+
+ try
+ {
+ PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost());
+ log.trace("Going to verify signature in the saml response from IDP");
+ boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey);
+ log.trace("Signature verification="+sigResult);
+ return sigResult;
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (MarshalException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ catch (XMLSignatureException e)
+ {
+ log.error("Unable to verify signature",e);
+ }
+ return false;
+ }
+
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ URL url = new URL(issuer);
+ String issuerDomain = url.getHost();
+ TrustType idpTrust = spConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ protected ResponseType decryptAssertion(ResponseType responseType)
+ {
+ throw new RuntimeException("This authenticator does not handle
encryption");
+ }
+
+ /**
+ * Handle the SAMLResponse from the IDP
+ * @param request entire request from IDP
+ * @param responseType ResponseType that has been generated
+ * @param serverEnvironment tomcat,jboss etc
+ * @return
+ * @throws AssertionExpiredException
+ */
+ @SuppressWarnings("unchecked")
+ public Principal handleSAMLResponse(HttpServletRequest request, ResponseType
responseType)
+ throws ConfigurationException, AssertionExpiredException
+ {
+ if(request == null)
+ throw new IllegalArgumentException("request is null");
+ if(responseType == null)
+ throw new IllegalArgumentException("response type is null");
+
+ StatusType statusType = responseType.getStatus();
+ if(statusType == null)
+ throw new IllegalArgumentException("Status Type from the IDP is
null");
+
+ String statusValue = statusType.getStatusCode().getValue();
+ if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
+ throw new SecurityException("IDP forbid the user");
+
+ List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
+ AssertionType assertion = (AssertionType)assertions.get(0);
+ //Check for validity of assertion
+ boolean expiredAssertion = AssertionUtil.hasExpired(assertion);
+ if(expiredAssertion)
+ throw new AssertionExpiredException();
+
+ SubjectType subject = assertion.getSubject();
+ JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
+ NameIDType nameID = jnameID.getValue();
+ final String userName = nameID.getValue();
+ List<String> roles = new ArrayList<String>();
+
+ //Let us get the roles
+ AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
+ List<Object> attList =
attributeStatement.getAttributeOrEncryptedAttribute();
+ for(Object obj:attList)
+ {
+ AttributeType attr = (AttributeType) obj;
+ String roleName = (String) attr.getAttributeValue().get(0);
+ roles.add(roleName);
+ }
+
+ Principal principal = new Principal()
+ {
+ public String getName()
+ {
+ return userName;
+ }
+ };
+
+ //Validate the roles
+ boolean validRole = roleValidator.userInRole(principal, roles);
+ if(!validRole)
+ {
+ if(trace)
+ log.trace("Invalid role:" + roles);
+ principal = null;
+ }
+ return principal;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SecurityActions.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.filters;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/DefaultLoginHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/DefaultLoginHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/DefaultLoginHandler.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import javax.security.auth.login.LoginException;
+
+import org.jboss.identity.federation.web.interfaces.ILoginHandler;
+
+/**
+ * Default LoginHandler that uses a properties file
+ * in the classpath called as users.properties whose
+ * format is
+ * username=password
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 18, 2009
+ */
+public class DefaultLoginHandler implements ILoginHandler
+{
+ private static Properties props = new Properties();
+
+ static
+ {
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("users.properties");
+ if(is == null)
+ throw new RuntimeException("users.properties not found");
+ props.load(is);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public boolean authenticate(String username, Object credential) throws LoginException
+ {
+ String pass= null;
+ if(credential instanceof byte[])
+ {
+ pass = new String((byte[])credential);
+ }
+ else if(credential instanceof String)
+ {
+ pass = (String) credential;
+ }
+ else
+ throw new RuntimeException("Unknown credential type:" +
credential.getClass());
+
+ String storedPass = (String) props.get(username);
+ return storedPass != null ? storedPass.equals(pass) : false;
+ }
+
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/SecurityActions.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/ILoginHandler.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.interfaces;
+
+import javax.security.auth.login.LoginException;
+
+/**
+ * Handle authentication
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 18, 2009
+ */
+public interface ILoginHandler
+{
+ /**
+ * Authenticate the user
+ * @param username username
+ * @param credential credential
+ * @return true - authenticated
+ * @throws LoginException
+ */
+ public boolean authenticate(String username, Object credential)
+ throws LoginException;
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/interfaces/IRoleValidator.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.interfaces;
+
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Validate the passed Roles
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public interface IRoleValidator
+{
+ /**
+ * Initialize the validator
+ * @param options
+ */
+ void intialize(Map<String,String> options);
+
+ /**
+ * Validate whether the principal with the given
+ * list of roles is valid
+ * @param userPrincipal
+ * @param roles
+ * @return
+ */
+ boolean userInRole(Principal userPrincipal, List<String> roles);
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleGenerator.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleGenerator.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleGenerator.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,76 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.roles;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+import java.util.StringTokenizer;
+
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+
+/**
+ * Simple Role Generator that looks
+ * inside a roles.properties on the classpath
+ * with format: principalName=role1,role2
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class DefaultRoleGenerator implements RoleGenerator
+{
+ private static Properties props = new Properties();
+
+ static
+ {
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("roles.properties");
+ if(is == null)
+ throw new RuntimeException("roles.properties not found");
+ props.load(is);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public List<String> generateRoles(Principal principal)
+ {
+ List<String> roles = new ArrayList<String>();
+
+ String csv = (String) props.get(principal.getName());
+ //lets break the roles string
+ StringTokenizer st = new StringTokenizer(csv,",");
+ while(st != null && st.hasMoreTokens())
+ {
+ roles.add(st.nextToken());
+ }
+ return roles;
+ }
+
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleValidator.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleValidator.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/DefaultRoleValidator.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.roles;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.web.interfaces.IRoleValidator;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class DefaultRoleValidator implements IRoleValidator
+{
+ private static Logger log = Logger.getLogger(DefaultRoleValidator.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private Set<String> roleNames = new HashSet<String>();
+
+ public void intialize(Map<String, String> options)
+ {
+ String csv = options.get("ROLES");
+ if(csv == null)
+ {
+ if(trace)
+ log.trace("There is no ROLES config");
+ }
+
+ //Get the comma separated role names
+ StringTokenizer st = new StringTokenizer(csv,",");
+ while(st != null && st.hasMoreTokens())
+ {
+ roleNames.add(st.nextToken());
+ }
+ }
+
+ public boolean userInRole(Principal userPrincipal, List<String> roles)
+ {
+ for(String roleName: roles)
+ {
+ if(roleNames.contains(roleName))
+ return true;
+ }
+ return false;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/roles/SecurityActions.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.roles;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.servlets;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.security.auth.login.LoginException;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.jboss.identity.federation.web.handlers.DefaultLoginHandler;
+import org.jboss.identity.federation.web.interfaces.ILoginHandler;
+
+/**
+ * Handles login at the IDP
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class IDPLoginServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+ private ServletContext context;
+ private String USERNAME_FIELD = "JBID_USERNAME";
+ private String PASS_FIELD = "JBID_PASSWORD";
+ private ILoginHandler loginHandler = null;
+
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ HttpSession session = request.getSession();
+
+ //Check if we are already authenticated
+ Principal principal = (Principal) session.getAttribute(IDPServlet.PRINCIPAL_ID);
+ if(principal != null)
+ {
+ this.saveRequest(request, session);
+ redirectToIDP(request,response);
+ return;
+ }
+
+ final String username = request.getParameter(USERNAME_FIELD);
+ String passwd = request.getParameter(PASS_FIELD);
+
+ if(username == null || passwd == null)
+ {
+ String samlMessage = request.getParameter("SAMLRequest");
+
+ if(samlMessage == null || "".equals(samlMessage))
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+
+ log("No username or password found. Redirecting to login page");
+ this.saveRequest(request, session);
+
+ this.redirectToLoginPage(request, response);
+ }
+ else
+ {
+ //we have the username and password
+ try
+ {
+ boolean isValid = loginHandler.authenticate(username, passwd);
+ if(!isValid)
+ {
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+
+ session.setAttribute(IDPServlet.PRINCIPAL_ID, new Principal()
+ {
+ public String getName()
+ {
+ return username;
+ }
+ });
+
+
+ this.redirectToIDP(request, response);
+ return;
+ }
+ catch (LoginException e)
+ {
+ log("Exception logging in :", e);
+ //TODO: Send back invalid user SAML
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+ }
+ }
+
+ @Override
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ this.context = config.getServletContext();
+ //Users can customize the username and password fields of their html forms here
+ String userNameField = config.getInitParameter("USERNAME_FIELD");
+ if(userNameField != null && userNameField.length() > 0)
+ USERNAME_FIELD = userNameField;
+
+ String pwdField = config.getInitParameter("PASSWORD_FIELD");
+ if(pwdField != null && pwdField.length() > 0)
+ PASS_FIELD = pwdField;
+
+ String loginClass = config.getInitParameter("loginClass");
+ if(loginClass == null || loginClass.length() == 0)
+ loginClass = DefaultLoginHandler.class.getName();
+ //Lets set up the login class
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(loginClass);
+ loginHandler = (ILoginHandler) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
+
+ private void saveRequest(HttpServletRequest request, HttpSession session)
+ {
+ //Save the SAMLRequest and relayState
+ session.setAttribute("SAMLRequest",
request.getParameter("SAMLRequest"));
+ String relayState = request.getParameter("RelayState");
+ if(relayState != null && !"".equals(relayState))
+ session.setAttribute("RelayState", relayState );
+ session.setAttribute("Referer", request.getHeader("Referer"));
+ }
+
+ private void redirectToIDP(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ RequestDispatcher dispatch = context.getRequestDispatcher("/IDPServlet");
+ if(dispatch == null)
+ log("Cannot dispatch to the IDP Servlet");
+ dispatch.forward(request, response);
+ return;
+ }
+
+ private void redirectToLoginPage(HttpServletRequest request, HttpServletResponse
response)
+ throws ServletException, IOException
+ {
+ RequestDispatcher dispatch =
context.getRequestDispatcher("/jsp/login.jsp");
+ if(dispatch == null)
+ log("Cannot find the login page");
+ dispatch.forward(request, response);
+ return;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,408 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.servlets;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.KeyProviderType;
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.roles.DefaultRoleGenerator;
+import org.jboss.identity.federation.web.util.ConfigurationUtil;
+import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.w3c.dom.Document;
+
+/**
+ * SAML Web Browser SSO - POST binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 13, 2009
+ */
+public class IDPServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+ private static Logger log = Logger.getLogger(IDPServlet.class);
+
+ public static final String PRINCIPAL_ID = "jboss_identity.principal";
+ public static final String ROLES_ID = "jboss_identity.roles";
+
+ protected IDPType idpConfiguration = null;
+
+ private RoleGenerator rg = new DefaultRoleGenerator();
+
+ private long assertionValidity = 5000; // 5 seconds in miliseconds
+
+ private String identityURL = null;
+
+ private TrustKeyManager keyManager;
+
+ private Boolean ignoreIncomingSignatures = true;
+
+ private Boolean signOutgoingMessages = true;
+
+ private ServletContext context = null;
+
+ public Boolean getIgnoreIncomingSignatures()
+ {
+ return ignoreIncomingSignatures;
+ }
+
+ @Override
+ public void init(ServletConfig config) throws ServletException
+ {
+ super.init(config);
+ String configFile = "/WEB-INF/jboss-idfed.xml";
+ context = config.getServletContext();
+ InputStream is = context.getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
+ this.identityURL = idpConfiguration.getIdentityURL();
+ log.trace("Identity Provider URL=" + this.identityURL);
+ this.assertionValidity = idpConfiguration.getAssertionValidity();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ if(this.signOutgoingMessages)
+ {
+ KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new RuntimeException("Key Provider is null for context=" +
context.getContextPath());
+
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new RuntimeException(e.getLocalizedMessage());
+ }
+ log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
+ //handle the role generator
+ String rgString = config.getInitParameter("ROLE_GENERATOR");
+ if(rgString != null && !"".equals(rgString))
+ this.setRoleGenerator(rgString);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
+ {
+ //Some issue with filters and servlets
+ HttpSession session = request.getSession(false);
+
+ String samlMessage = (String) session.getAttribute("SAMLRequest");
+ String relayState = (String) session.getAttribute("RelayState");
+
+ String referer = request.getHeader("Referer");
+
+ //See if the user has already been authenticated
+ Principal userPrincipal = (Principal) session.getAttribute(PRINCIPAL_ID);
+
+ if(userPrincipal == null)
+ {
+ //The sys admin has not set up the login servlet filters for the IDP
+ log.trace("Login Filters have not been configured");
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+
+
+ IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request,
+ idpConfiguration, keyManager);
+
+ if(userPrincipal != null)
+ {
+ log.trace("Retrieved saml message and relay state from session");
+ log.trace("saml message=" + samlMessage + "::relay state="+
relayState);
+
+ session.removeAttribute("SAMLRequest");
+
+ if(relayState != null && relayState.length() > 0)
+ session.removeAttribute("RelayState");
+
+ //Send valid saml response after processing the request
+ if(samlMessage != null)
+ {
+ //Get the SAML Request Message
+ RequestAbstractType requestAbstractType = null;
+ Document samlResponse = null;
+ String destination = null;
+ try
+ {
+ requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
+ boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
+ boolean isValid = validate(request.getRemoteAddr(),
+ request.getQueryString(),
+ new SessionHolder(samlMessage, null, null), isPost);
+
+ if(!isValid)
+ throw new GeneralSecurityException("Validation check
failed");
+
+ webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
+
+
+ List<String> roles = (List<String>)
session.getAttribute(ROLES_ID);
+ if(roles == null)
+ {
+ roles = rg.generateRoles(userPrincipal);
+ session.setAttribute(ROLES_ID, roles);
+ }
+
+
+ log.trace("Roles have been determined:Creating response");
+
+ AuthnRequestType art = (AuthnRequestType) requestAbstractType;
+ destination = art.getAssertionConsumerServiceURL();
+
+ samlResponse =
+ webRequestUtil.getResponse(destination,
+ userPrincipal, roles,
+ this.identityURL, this.assertionValidity,
this.signOutgoingMessages);
+ }
+ catch (IssuerNotTrustedException e)
+ {
+ log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (ParsingException e)
+ {
+ log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (ConfigurationException e)
+ {
+ log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch (IssueInstantMissingException e)
+ {
+ log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ catch(GeneralSecurityException e)
+ {
+ log.trace(e);
+
+ samlResponse =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL, this.signOutgoingMessages);
+ }
+ finally
+ {
+ try
+ {
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, destination,relayState, response,
true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, destination, relayState, response,
false,null);
+ }
+ catch (ParsingException e)
+ {
+ log.trace(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ log.trace(e);
+ }
+ }
+ return;
+ }
+ else
+ {
+ log.error("No SAML Request Message");
+ log.trace("Referer="+referer);
+
+ try
+ {
+ sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ }
+ catch (ConfigurationException e)
+ {
+ log.trace(e);
+ }
+ }
+ }
+ }
+
+ protected void sendErrorResponseToSP(String referrer, HttpServletResponse response,
String relayState,
+ IDPWebRequestUtil webRequestUtil) throws ServletException, IOException,
ConfigurationException
+ {
+ log.trace("About to send error response to SP:" + referrer);
+
+ Document samlResponse =
+ webRequestUtil.getErrorResponse(referrer,
JBossSAMLURIConstants.STATUS_RESPONDER.get(),
+ this.identityURL, this.signOutgoingMessages);
+ try
+ {
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, referrer, relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, referrer, relayState, response,
false,null);
+ }
+ catch (ParsingException e1)
+ {
+ throw new ServletException(e1);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new ServletException(e);
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws
ServletException, IOException
+ {
+ resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ }
+
+
+ protected class SessionHolder
+ {
+ String samlRequest;
+ String signature;
+ String sigAlg;
+
+ public SessionHolder(String req, String sig, String alg)
+ {
+ this.samlRequest = req;
+ this.signature = sig;
+ this.sigAlg = alg;
+ }
+ }
+
+ protected boolean validate(String remoteAddress,
+ String queryString,
+ SessionHolder holder, boolean isPost) throws IOException,
GeneralSecurityException
+ {
+ if (holder.samlRequest == null || holder.samlRequest.length() == 0)
+ {
+ return false;
+ }
+
+ if (!this.ignoreIncomingSignatures && !isPost)
+ {
+ String sig = holder.signature;
+ if (sig == null || sig.length() == 0)
+ {
+ log.error("Signature received from SP is null:" + remoteAddress);
+ return false;
+ }
+
+ //Check if there is a signature
+ byte[] sigValue =
RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
+ if(sigValue == null)
+ return false;
+
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(remoteAddress);
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+
+ return RedirectBindingSignatureUtil.validateSignature(queryString,
validatingKey, sigValue);
+ }
+ else
+ {
+ //Post binding no signature verification. The SAML message signature is
verified
+ return true;
+ }
+ }
+
+ private void setRoleGenerator(String rgName)
+ {
+ try
+ {
+ Class<?> clazz =
SecurityActions.getContextClassLoader().loadClass(rgName);
+ rg = (RoleGenerator) clazz.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/SecurityActions.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.servlets;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.InputStream;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.SPType;
+import org.xml.sax.SAXException;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 21, 2009
+ */
+public class ConfigurationUtil
+{
+ @SuppressWarnings("unchecked")
+ public static IDPType getIDPConfiguration(InputStream is) throws JAXBException,
SAXException
+ {
+ if(is == null)
+ throw new IllegalArgumentException("inputstream is null");
+ String schema = "schema/config/jboss-identity-fed.xsd";
+
+ String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
+ boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
+
+ String pkgName = "org.jboss.identity.federation.web.config";
+ Unmarshaller un = null;
+ if(validate)
+ un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
+ else
+ un = JAXBUtil.getUnmarshaller(pkgName);
+
+ JAXBElement<IDPType> jaxbSp = (JAXBElement<IDPType>)
un.unmarshal(is);
+ return jaxbSp.getValue();
+ }
+
+ @SuppressWarnings("unchecked")
+ public static SPType getSPConfiguration(InputStream is) throws JAXBException,
SAXException
+ {
+ if(is == null)
+ throw new IllegalArgumentException("inputstream is null");
+ String schema = "schema/config/jboss-identity-fed.xsd";
+
+ String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
+ boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
+
+ String pkgName = "org.jboss.identity.federation.web.config";
+ Unmarshaller un = null;
+ if(validate)
+ un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
+ else
+ un = JAXBUtil.getUnmarshaller(pkgName);
+
+ JAXBElement<SPType> jaxbSp = (JAXBElement<SPType>) un.unmarshal(is);
+ return jaxbSp.getValue();
+ }
+}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-08-17
21:15:02 UTC (rev 724)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -216,6 +216,8 @@
*/
public void isTrusted(String issuer) throws IssuerNotTrustedException
{
+ if(idpConfiguration == null)
+ throw new IllegalStateException("IDP Configuration is null");
try
{
String issuerDomain = getDomain(issuer);
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/SecurityActions.java 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ /**
+ * Get the system property
+ * @param key
+ * @param defaultValue
+ * @return
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+}
Added: identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml
(rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/idp-standalone/pom.xml 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha5-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>idp-standalone</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Identity Provider that supports signature and
that is a simple web application that can hosted on any web container</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>idp-standalone</warName>
+ <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/resources/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/roles.properties 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1 @@
+manager=manager,sales,employee
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/classes/users.properties 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1 @@
+manager=tomcat
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,15 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0" >
+<IdentityURL>http://localhost:8080/idp-standalone/</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org</Domains>
+</Trust>
+<KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+</KeyProvider>
+
+</JBossIDP>
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>Standalone IDP</display-name>
+ <description>
+ IDP Standalone Application
+ </description>
+
+ <!-- Define the login filter -->
+<!--
+ <filter>
+ <filter-name>LoginFilter</filter-name>
+
<filter-class>org.jboss.identity.federation.web.filters.LoginFilter</filter-class>
+ <description>
+ The Login Filter will do the login for the IDP.
+ </description>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>LoginFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+ -->
+
+ <!-- Create the servlet -->
+ <servlet>
+ <servlet-name>IDPLoginServlet</servlet-name>
+
<servlet-class>org.jboss.identity.federation.web.servlets.IDPLoginServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>IDPServlet</servlet-name>
+
<servlet-class>org.jboss.identity.federation.web.servlets.IDPServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <url-pattern>/</url-pattern>
+ <servlet-name>IDPLoginServlet</servlet-name>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <url-pattern>/IDPServlet</url-pattern>
+ <servlet-name>IDPServlet</servlet-name>
+ </servlet-mapping>
+
+</web-app>
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/error.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login-error.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,6 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Login Error</font><hr>
+
+</body>
+ </html>
Added:
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/idp-standalone/src/main/webapp/jsp/login.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text'
name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password'
size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Modified: identity-federation/trunk/jboss-identity-webapps/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-08-17 21:15:02 UTC (rev
724)
+++ identity-federation/trunk/jboss-identity-webapps/pom.xml 2009-08-21 21:52:21 UTC (rev
725)
@@ -27,11 +27,13 @@
<module>sales</module>
<module>sales-sig</module>
<module>sales-post-sig</module>
+ <module>sales-standalone</module>
<module>employee</module>
<module>circleoftrust</module>
<module>idp</module>
<module>idp-sig</module>
<module>idp-sig-no-val</module>
+ <module>idp-standalone</module>
<module>metadata</module>
<module>openid-provider</module>
<module>openid-consumer</module>
@@ -40,4 +42,4 @@
<module>seam-sp</module>
<module>fed-example</module>
</modules>
-</project>
\ No newline at end of file
+</project>
Added: identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml
(rev 0)
+++ identity-federation/trunk/jboss-identity-webapps/sales-standalone/pom.xml 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,39 @@
+<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-federation-webapps</artifactId>
+ <version>1.0.0.alpha5-SNAPSHOT</version>
+ <relativePath>../</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sales-standalone</artifactId>
+ <packaging>war</packaging>
+ <name>JBoss Identity Federation Sales Application that supports signature and
that is a simple web application that can be hosted on any web container</name>
+ <
url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Identity Samples contains the samples for Federated Identity
Needs.</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <
url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <warName>sales-standalone</warName>
+ <webappDirectory>${basedir}/src/main/webapp/</webappDirectory>
+ <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/resources/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/classes/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/jboss-idfed.xml 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,13 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
ServerEnvironment="tomcat">
+ <IdentityURL>http://localhost:8080/idp-standalone/</IdentityURL>
+ <ServiceURL>http://localhost:8080/sales-standalone/</ServiceURL>
+ <KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="jbid_test_keystore.jks" />
+ <Auth Key="KeyStorePass" Value="store123" />
+ <Auth Key="SigningKeyPass" Value="test123" />
+ <Auth Key="SigningKeyAlias" Value="servercert" />
+ <ValidatingAlias Key="localhost" Value="servercert"/>
+ <ValidatingAlias Key="127.0.0.1" Value="servercert"/>
+ </KeyProvider>
+
+</JBossSP>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/WEB-INF/web.xml 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <description>Sales Standalone Application</description>
+
+ <filter>
+ <filter-name>SPFilter</filter-name>
+
<filter-class>org.jboss.identity.federation.web.filters.SPFilter</filter-class>
+ <init-param>
+ <param-name>ROLES</param-name>
+ <param-value>sales,manager</param-value>
+ </init-param>
+ <description>
+ The SP Filter intersects all requests at the SP and sees if there is a need to
contact the IDP.
+ </description>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SPFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+</web-app>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/error.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,12 @@
+<html> <head> <title>Error!</title></head>
+<body>
+
+<font size='4' color='red'>
+ The username and password you supplied are not valid.
+</p>
+Click <a href='<%= response.encodeURL("login.jsp")
%>'>here</a>
+to retry login
+
+</body>
+</form>
+</html>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/index.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,13 @@
+<div align="center">
+<h1>SalesTool</h1>
+<br/>
+Welcome to the Sales Tool
+
+<br/>
+Here is your sales chart:
+<br/>
+<img src="piechart.gif"/>
+
+<br/>
+<a href="logout.jsp">Click to LogOut</a>
+</div>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/login.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,16 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text'
name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password'
size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form></body>
+ </html>
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
===================================================================
---
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp
(rev 0)
+++
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/logout.jsp 2009-08-21
21:52:21 UTC (rev 725)
@@ -0,0 +1,4 @@
+<%
+ session.invalidate();
+%>
+You are logged out.
Added:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-webapps/sales-standalone/src/main/webapp/piechart.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream