Author: beve Date: 2009-11-17 06:33:50 -0500 (Tue, 17 Nov 2009) New Revision: 963 Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java Removed: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java Log: Work for https://jira.jboss.org/jira/browse/JBID-215 "STSSecurityHandler: Enable the username/password to be retreived from the SOAPMessageContext." Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java 2009-11-16 20:55:38 UTC (rev 962) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20Handler.java 2009-11-17 11:33:50 UTC (rev 963) @@ -24,7 +24,9 @@ import static org.jboss.identity.federation.core.wstrust.WSTrustConstants.SAML2_ASSERTION_NS; import javax.xml.namespace.QName; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; + /** * A concrete implementation of {@link STSSecurityHandler} that can handle SAML * version 2.0 Assertion inside of {@link WSTrustConstants#WSSE_NS} elements. Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-11-16 20:55:38 UTC (rev 962) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-11-17 11:33:50 UTC (rev 963) @@ -96,19 +96,40 @@ * </env-entry> * }</pre> * + * Username and password for the STS can be configured as shown above in the sts-client.properties file. But it may also + * be specified by a handler earlier in the handlerchain. Such a handler is expected to extract the username and password + * for the desired location and put these values into the SOAPMessageContext using: + * <br/> + * {@link #USERNAME_MSG_CONTEXT_PROPERTY} + * <br/> + * {@link #PASSWORD_MSG_CONTEXT_PROPERTY} + * <br/> + * These will then be used when contacting the STS, overriding any such values that were parsed from the configuration file. + * + * * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a> */ public abstract class STSSecurityHandler implements SOAPHandler<SOAPMessageContext> { /** + * Constant that can be used by handlers to set the username in the SOAPMessageContext. + */ + public static final String USERNAME_MSG_CONTEXT_PROPERTY = "org.jboss.identity.federation.core.wstrust.handlers.username"; + + /** + * Constant that can be used by handlers to set the password in the SOAPMessageContext. + */ + public static final String PASSWORD_MSG_CONTEXT_PROPERTY = "org.jboss.identity.federation.core.wstrust.handlers.password"; + + /** * The path to the jboss-sts-client.properties file. */ private String configFile = STSClientConfig.DEFAULT_CONFIG_FILE; /** - * The {@link STSClient client} that will call the STS. + * The STSClient configuration builder. */ - private STSClient wsTrustClient; + private STSClientConfig.Builder configBuilder; /** * Subclasses can return the QName of the Security header element in usage. @@ -131,20 +152,9 @@ * @throws WebServiceException */ @PostConstruct - public void createWSTrustClient() + public void parseSTSConfig() { - if (wsTrustClient == null) - { - try - { - final STSClientConfig config = new STSClientConfig.Builder(configFile).build(); - wsTrustClient = STSClientFactory.getInstance().create(config); - } - catch (final ParsingException e) - { - throw new IllegalStateException(e.getMessage(), e); - } - } + configBuilder = new STSClientConfig.Builder(configFile); } /** @@ -158,22 +168,22 @@ public boolean handleMessage(final SOAPMessageContext messageContext) { if (isOutBound(messageContext)) - { return true; - } try { final Element securityToken = extractSecurityToken(messageContext, getSecurityElementQName(), getTokenElementQName()); - if (wsTrustClient.validateToken(securityToken)) + setUsernameFromMessageContext(messageContext, configBuilder); + setPasswordFromMessageContext(messageContext, configBuilder); + final STSClient stsClient = createSTSClient(configBuilder); + final boolean valid = stsClient.validateToken(securityToken); + if (valid) { return true; } - else - { - throw new WebServiceException("Could not validate security token "+ securityToken); - } + + throw new WebServiceException("Could not validate security token "+ securityToken); } catch (final SOAPException e) { @@ -183,18 +193,66 @@ { throw new WebServiceException(e.getMessage(), e); } + catch (ParsingException e) + { + throw new WebServiceException(e.getMessage(), e); + } } + @SuppressWarnings("unchecked") + private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException + { + if (securityQName == null) + throw new IllegalStateException("securityQName from subclass cannot be null!"); + if (tokenQName == null) + throw new IllegalStateException("tokenQName from subclass cannot be null!"); + + final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader(); + final Iterator securityHeaders = soapHeader.getChildElements(securityQName); + while (securityHeaders.hasNext()) + { + final SOAPHeaderElement elem = (SOAPHeaderElement) securityHeaders.next(); + // Check if the header is equal to the one this Handler is configured for. + if (elem.getElementQName().equals(securityQName)) + { + final Iterator childElements = elem.getChildElements(tokenQName); + while (childElements.hasNext()) + { + return (Element) childElements.next(); + } + } + } + return null; + } + /** - * Allows the {@link STSClient} to be injected if required. + * If a property was set for the key {@link #USERNAME_MSG_CONTEXT_PROPERTY} it will be + * retrieved by this method and set on the passed-in builder instace. * - * @param client The WSTrustClient to be used by this handler. + * @param context The SOAPMessageContext which might contain a username property. + * @param builder The STSClientConfigBuilder which be updated if the SOAPMessageContext contains the username property. */ - public void setWSTrustClient(final STSClient client) + private void setUsernameFromMessageContext(final SOAPMessageContext context, final STSClientConfig.Builder builder) { - wsTrustClient = client; + final String username = (String) context.get(USERNAME_MSG_CONTEXT_PROPERTY); + if (username != null) + configBuilder.username(username); } + /** + * If a property was set for the key {@link #PASSWORD_MSG_CONTEXT_PROPERTY} it will be + * retrieved by this method and set on the passed-in builder instace. + * + * @param context The SOAPMessageContext which might contain a password property. + * @param builder The STSClientConfigBuilder which be updated if the SOAPMessageContext contains the password property. + */ + private void setPasswordFromMessageContext(final SOAPMessageContext context, final STSClientConfig.Builder builder) + { + final String password = (String) context.get(PASSWORD_MSG_CONTEXT_PROPERTY); + if (password != null) + configBuilder.password(password); + } + public Set<QName> getHeaders() { return Collections.singleton(getSecurityElementQName()); @@ -210,7 +268,6 @@ // NoOp. } - /** * This setter enables the injection of the jboss-sts-client.properties file * path. @@ -226,34 +283,18 @@ } } - private boolean isOutBound(final SOAPMessageContext messageContext) + STSClientConfig.Builder getConfigBuilder() { - return ((Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue(); + return configBuilder; } + + STSClient createSTSClient(final STSClientConfig.Builder builder) throws ParsingException + { + return STSClientFactory.getInstance().create(builder.build()); + } - @SuppressWarnings("unchecked") - private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) throws SOAPException + private boolean isOutBound(final SOAPMessageContext messageContext) { - if (securityQName == null) - throw new IllegalStateException("securityQName from subclass cannot be null!"); - if (tokenQName == null) - throw new IllegalStateException("tokenQName from subclass cannot be null!"); - - final SOAPHeader soapHeader = messageContext.getMessage().getSOAPHeader(); - final Iterator securityHeaders = soapHeader.getChildElements(securityQName); - while (securityHeaders.hasNext()) - { - final SOAPHeaderElement elem = (SOAPHeaderElement) securityHeaders.next(); - // Check if the header is equal to the one this Handler is configured for. - if (elem.getElementQName().equals(securityQName)) - { - final Iterator childElements = elem.getChildElements(tokenQName); - while (childElements.hasNext()) - { - return (Element) childElements.next(); - } - } - } - return null; + return ((Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue(); } } \ No newline at end of file Copied: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java (from rev 962, identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-11-17 11:33:50 UTC (rev 963) @@ -0,0 +1,193 @@ +/* + * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware + * LLC, and individual contributors by the @authors tag. See the copyright.txt + * in the distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it under the + * terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 2.1 of the License, or (at your option) + * any later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this software; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF + * site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.handlers; + +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import javax.xml.namespace.QName; +import javax.xml.soap.MessageFactory; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPHeader; +import javax.xml.soap.SOAPHeaderElement; +import javax.xml.soap.SOAPMessage; +import javax.xml.ws.WebServiceException; +import javax.xml.ws.handler.MessageContext; +import javax.xml.ws.handler.soap.SOAPMessageContext; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.wstrust.STSClient; +import org.jboss.identity.federation.core.wstrust.STSClientConfig.Builder; +import org.jboss.identity.federation.core.wstrust.handlers.STSSaml20Handler; +import org.jboss.identity.federation.core.wstrust.handlers.STSSecurityHandler; +import org.w3c.dom.Element; + +/** + * Unit test for {@link STSSaml20Handler}. + * + * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a> + * + */ +public class STSSaml20HandlerTestCase extends TestCase +{ + private SOAPMessageContext soapMessageContext; + private SOAPMessage soapMessage; + private STSClient wsTrustClient; + private STSSaml20Handler samlHandler; + + public void testHandleMessageOutbound() + { + setOutbound(soapMessageContext, true); + assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext)); + } + + public void testHandleMessageInboundValidToken() throws Exception + { + final SOAPHeader soapHeader = soapMessage.getSOAPHeader(); + + // Make the Mocked WSTrustClient validateToken method return true. + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); + + final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader); + addAssertionElement(samlHandler, securityHeader); + + setOutbound(soapMessageContext, false); + setMessageOnContext(soapMessageContext, soapMessage); + + boolean result = samlHandler.handleMessage(soapMessageContext); + assertTrue(result); + } + + public void testHandleMessageInValidToken() throws Exception + { + final SOAPHeader soapHeader = soapMessage.getSOAPHeader(); + + // Make the Mocked WSTrustClient validateToken method return false. + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false); + + final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader); + addAssertionElement(samlHandler, securityHeader); + + setOutbound(soapMessageContext, false); + setMessageOnContext(soapMessageContext, soapMessage); + try + { + samlHandler.handleMessage(soapMessageContext); + fail("handleMessage should have thrown a exception!"); + } + catch(final Exception e) + { + assertTrue (e instanceof WebServiceException); + } + } + + public void testUsernamePasswordFromSOAPMessageContext() throws Exception + { + final SOAPHeader soapHeader = soapMessage.getSOAPHeader(); + + // Make the Mocked WSTrustClient validateToken method return true. + when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); + final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader); + addAssertionElement(samlHandler, securityHeader); + + setOutbound(soapMessageContext, false); + setMessageOnContext(soapMessageContext, soapMessage); + + when(soapMessageContext.get(STSSecurityHandler.USERNAME_MSG_CONTEXT_PROPERTY)).thenReturn("Fletch"); + when(soapMessageContext.get(STSSecurityHandler.PASSWORD_MSG_CONTEXT_PROPERTY)).thenReturn("letmein"); + + samlHandler.handleMessage(soapMessageContext); + + assertEquals("Fletch", samlHandler.getConfigBuilder().getUsername()); + assertEquals("letmein", samlHandler.getConfigBuilder().getPassword()); + } + + @Override + public void setUp() + { + // Create a Mock for WSTrustClient. + wsTrustClient = mock(STSClient.class); + + samlHandler = new FakeSamlHandler(wsTrustClient); + samlHandler.setConfigFile("wstrust/auth/jboss-sts-client.properties"); + // Simulate the WS Engine calling @PostConstruct. + samlHandler.parseSTSConfig(); + + soapMessageContext = mock(SOAPMessageContext.class); + + try + { + soapMessage = MessageFactory.newInstance().createMessage(); + } + catch (SOAPException e) + { + e.printStackTrace(); + fail(e.getMessage()); + } + } + + private class FakeSamlHandler extends STSSaml20Handler + { + private final STSClient stsClient; + + public FakeSamlHandler(final STSClient stsClient) + { + this.stsClient = stsClient; + } + + @Override + protected STSClient createSTSClient(Builder builder) throws ParsingException + { + return stsClient; + } + } + + private SOAPHeaderElement addSecurityHeader(final STSSecurityHandler handler, final SOAPHeader soapHeader) throws SOAPException + { + final QName securityQName = handler.getSecurityElementQName(); + final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse")); + soapHeader.addChildElement(securityHeader); + return securityHeader; + } + + private SOAPElement addAssertionElement(final STSSecurityHandler handler, final SOAPHeaderElement securityHeader) throws SOAPException + { + final QName tokenElementQName = handler.getTokenElementQName(); + final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml")); + return securityHeader.addChildElement(tokenElement); + } + + private void setMessageOnContext(final SOAPMessageContext messageContext, final SOAPMessage soapMessage) + { + when(messageContext.getMessage()).thenReturn(soapMessage); + } + + private void setOutbound(MessageContext messageContext, boolean outbound) + { + when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(outbound); + } + +} + Deleted: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-11-16 20:55:38 UTC (rev 962) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/handlers/STSSaml20HandlerTestCase.java 2009-11-17 11:33:50 UTC (rev 963) @@ -1,154 +0,0 @@ -/* - * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware - * LLC, and individual contributors by the @authors tag. See the copyright.txt - * in the distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it under the - * terms of the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 2.1 of the License, or (at your option) - * any later version. - * - * This software is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more - * details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this software; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF - * site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.core.wstrust.handlers; - -import static org.mockito.Matchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -import javax.xml.namespace.QName; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPElement; -import javax.xml.soap.SOAPException; -import javax.xml.soap.SOAPHeader; -import javax.xml.soap.SOAPHeaderElement; -import javax.xml.soap.SOAPMessage; -import javax.xml.ws.WebServiceException; -import javax.xml.ws.handler.MessageContext; -import javax.xml.ws.handler.soap.SOAPMessageContext; - -import junit.framework.TestCase; - -import org.jboss.identity.federation.core.wstrust.STSClient; -import org.jboss.identity.federation.core.wstrust.handlers.STSSaml20Handler; -import org.jboss.identity.federation.core.wstrust.handlers.STSSecurityHandler; -import org.w3c.dom.Element; - -/** - * Unit test for {@link STSSaml20Handler}. - * - * @author <a href="mailto:dbevenius@jboss.com">Daniel Bevenius</a> - * - */ -public class STSSaml20HandlerTestCase extends TestCase -{ - private SOAPMessageContext soapMessageContext; - private SOAPMessage soapMessage; - private STSClient wsTrustClient; - private STSSaml20Handler samlHandler; - - public void testHandleMessageOutbound() throws SOAPException - { - setOutbound(soapMessageContext, true); - assertTrue(new STSSaml20Handler().handleMessage(soapMessageContext)); - } - - public void testHandleMessageInboundValidToken() throws Exception - { - final SOAPHeader soapHeader = soapMessage.getSOAPHeader(); - - // Make the Mocked WSTrustClient validateToken method return true. - when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(true); - - final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader); - addAssertionElement(samlHandler, securityHeader); - - setOutbound(soapMessageContext, false); - setMessageOnContext(soapMessageContext, soapMessage); - - boolean result = samlHandler.handleMessage(soapMessageContext); - assertTrue(result); - } - - public void testHandleMessageInValidToken() throws Exception - { - final SOAPHeader soapHeader = soapMessage.getSOAPHeader(); - - // Make the Mocked WSTrustClient validateToken method return false. - when(wsTrustClient.validateToken((any(Element.class)))).thenReturn(false); - - final SOAPHeaderElement securityHeader = addSecurityHeader(samlHandler, soapHeader); - addAssertionElement(samlHandler, securityHeader); - - setOutbound(soapMessageContext, false); - setMessageOnContext(soapMessageContext, soapMessage); - try - { - samlHandler.handleMessage(soapMessageContext); - fail("handleMessage should have thrown a exception!"); - } - catch(final Exception e) - { - assertTrue (e instanceof WebServiceException); - } - } - - public void setUp() - { - // Create a Mock for WSTrustClient. - wsTrustClient = mock(STSClient.class); - - samlHandler = new STSSaml20Handler(); - // Set the WSTrustClient to our mocked client. - samlHandler.setWSTrustClient(wsTrustClient); - // Simulate the WS Engine calling @PostConstruct. - samlHandler.createWSTrustClient(); - - soapMessageContext = mock(SOAPMessageContext.class); - - try - { - soapMessage = MessageFactory.newInstance().createMessage(); - } - catch (SOAPException e) - { - e.printStackTrace(); - fail(e.getMessage()); - } - } - - private SOAPHeaderElement addSecurityHeader(final STSSecurityHandler handler, final SOAPHeader soapHeader) throws SOAPException - { - final QName securityQName = handler.getSecurityElementQName(); - final SOAPHeaderElement securityHeader = soapHeader.addHeaderElement(new QName(securityQName.getNamespaceURI(), securityQName.getLocalPart(), "wsse")); - soapHeader.addChildElement(securityHeader); - return securityHeader; - } - - private SOAPElement addAssertionElement(final STSSecurityHandler handler, final SOAPHeaderElement securityHeader) throws SOAPException - { - final QName tokenElementQName = handler.getTokenElementQName(); - final SOAPElement tokenElement = securityHeader.addChildElement(new QName(tokenElementQName.getNamespaceURI(), tokenElementQName.getLocalPart(), "saml")); - return securityHeader.addChildElement(tokenElement); - } - - private void setMessageOnContext(final SOAPMessageContext messageContext, final SOAPMessage soapMessage) - { - when(messageContext.getMessage()).thenReturn(soapMessage); - } - - private void setOutbound(MessageContext messageContext, boolean outbound) - { - when(messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)).thenReturn(outbound); - } - -} -