Author: anil.saldhana(a)jboss.com
Date: 2009-09-11 14:49:41 -0400 (Fri, 11 Sep 2009)
New Revision: 785
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
Log:
JBID-152: phase2 commits
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-09-11
18:38:51 UTC (rev 784)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-09-11
18:49:41 UTC (rev 785)
@@ -26,7 +26,10 @@
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
+import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
@@ -44,6 +47,8 @@
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.impl.DelegatedAttributeManager;
+import org.jboss.identity.federation.core.interfaces.AttributeManager;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -54,7 +59,7 @@
import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.web.util.ConfigurationUtil;
import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
@@ -88,6 +93,23 @@
private Boolean signOutgoingMessages = true;
+ private transient DelegatedAttributeManager attribManager = new
DelegatedAttributeManager();
+ private List<String> attributeKeys = new ArrayList<String>();
+
+ //Set a list of attributes we are interested in separated by comma
+ public void setAttributeList(String attribList)
+ {
+ if(attribList != null && !"".equals(attribList))
+ {
+ this.attributeKeys.clear();
+ StringTokenizer st = new StringTokenizer(attribList,",");
+ while(st != null && st.hasMoreTokens())
+ {
+ this.attributeKeys.add(st.nextToken());
+ }
+ }
+ }
+
public Boolean getIgnoreIncomingSignatures()
{
return ignoreIncomingSignatures;
@@ -166,6 +188,8 @@
IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration,
keyManager);
+ webRequestUtil.setAttributeManager(this.attribManager);
+ webRequestUtil.setAttributeKeys(attributeKeys);
Document samlErrorResponse = null;
//Look for unauthorized status
@@ -484,6 +508,14 @@
this.identityURL = idpConfiguration.getIdentityURL();
if(trace) log.trace("Identity Provider URL=" + this.identityURL);
this.assertionValidity = idpConfiguration.getAssertionValidity();
+ //Get the attribute manager
+ String attributeManager = idpConfiguration.getAttributeManager();
+ if(attributeManager != null && !"".equals(attributeManager))
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ AttributeManager delegate = (AttributeManager)
tcl.loadClass(attributeManager).newInstance();
+ this.attribManager.setDelegate(delegate);
+ }
}
catch (Exception e)
{
@@ -515,6 +547,14 @@
}
if(trace) log.trace("Key Provider=" + keyProvider.getClassName());
}
+
+ //Add some keys to the attibutes
+ String[] ak = new String[]
{"mail","cn","commonname","givenname",
+ "surname","employeeType",
+ "employeeNumber",
+ "facsimileTelephoneNumber"};
+
+ this.attributeKeys.addAll(Arrays.asList(ak));
}
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-11
18:38:51 UTC (rev 784)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-11
18:49:41 UTC (rev 785)
@@ -55,6 +55,7 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.ServerDetector;
import org.xml.sax.SAXException;
/**
@@ -69,10 +70,13 @@
{
private static Logger log = Logger.getLogger(SPPostFormAuthenticator.class);
private boolean trace = log.isTraceEnabled();
+ private boolean jbossEnv = false;
public SPPostFormAuthenticator()
{
super();
+ ServerDetector detector = new ServerDetector();
+ jbossEnv = detector.isJboss();
}
@Override
@@ -107,7 +111,7 @@
String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
//Map to JBoss specific principal
- if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
+ if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS") ||
jbossEnv)
{
GenericPrincipal gp = (GenericPrincipal) principal;
//Push a context
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-09-11
18:38:51 UTC (rev 784)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-09-11
18:49:41 UTC (rev 785)
@@ -48,6 +48,7 @@
import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.jboss.identity.federation.web.util.ServerDetector;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
@@ -70,10 +71,14 @@
{
private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class);
private boolean trace = log.isTraceEnabled();
+
+ private boolean jbossEnv = false;
public SPRedirectFormAuthenticator()
{
- super();
+ super();
+ ServerDetector detector = new ServerDetector();
+ jbossEnv = detector.isJboss();
}
@Override
@@ -107,7 +112,7 @@
String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
//Map to JBoss specific principal
- if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
+ if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS") ||
jbossEnv)
{
GenericPrincipal gp = (GenericPrincipal) principal;
//Push a context
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-11
18:38:51 UTC (rev 784)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-11
18:49:41 UTC (rev 785)
@@ -176,10 +176,17 @@
//Add in the attributes information
if(this.attributeManager != null)
{
- Map<String, Object> attribs =
- attributeManager.getAttributes(userPrincipal, this.attribKeys);
- List<StatementAbstractType> stats =
StatementUtil.createStatements(attribs);
- assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(stats);
+ try
+ {
+ Map<String, Object> attribs =
+ attributeManager.getAttributes(userPrincipal, this.attribKeys);
+ List<StatementAbstractType> stats =
StatementUtil.createStatements(attribs);
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(stats);
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in generating attributes:",e);
+ }
}
//Lets see how the response looks like
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ServerDetector.java 2009-09-11
18:49:41 UTC (rev 785)
@@ -0,0 +1,84 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+/**
+ * Utility Class to detect which server
+ * we are currently operating in
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 11, 2009
+ */
+public class ServerDetector
+{
+ private boolean jboss = false;
+ private boolean tomcat = false;
+
+ public ServerDetector()
+ {
+ this.detectServer();
+ }
+
+ public boolean isJboss()
+ {
+ return jboss;
+ }
+
+ public boolean isTomcat()
+ {
+ return tomcat;
+ }
+
+ private void detectServer()
+ {
+ //Detect JBoss
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+
+ try
+ {
+ Class<?> clazz = tcl.loadClass("org.jboss.system.Service");
+ if(clazz != null)
+ {
+ jboss = true;
+ return;
+ }
+ }
+ catch(Exception e)
+ {
+ //ignore
+ }
+
+ //Tomcat
+ try
+ {
+ Class<?> clazz = tcl.loadClass("org.apache.cataline.Server");
+ if(clazz != null)
+ {
+ tomcat = true;
+ return;
+ }
+ }
+ catch(Exception e)
+ {
+ //ignore
+ }
+ }
+}
\ No newline at end of file