Author: anil.saldhana(a)jboss.com
Date: 2009-10-09 14:44:57 -0400 (Fri, 09 Oct 2009)
New Revision: 828
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handlers.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/ObjectFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/package-info.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/interfaces/ProtocolContext.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerChain.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/HandlerUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SecurityActions.java
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed-handler.xsd
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-1.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-2.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-3.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-5.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-metadata-config-1.xml
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/HTTPContext.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/BaseSAML2Handler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/RolesGenerationHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SecurityActions.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockContextClassLoader.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterChain.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletRequest.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletResponse.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpSession.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletConfig.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletContext.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/roles.properties
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/roles.properties
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/roles.properties
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/roles.properties
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/users.properties
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jbid-handlers.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jboss-idfed.xml
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/roles.properties
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPOpenIDContext.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
Log:
JBID-40: SAML2 Logout JBID-198: SAML2 Handler Architecture
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -44,6 +44,7 @@
import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import
org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
@@ -111,6 +112,48 @@
}
/**
+ * Get the Underlying SAML2Object from the input stream
+ * @param is
+ * @return
+ * @throws IOException
+ * @throws ParsingException
+ */
+ @SuppressWarnings("unchecked")
+ public SAML2Object getSAML2ObjectFromStream(InputStream is) throws IOException,
ParsingException
+ {
+ if(is == null)
+ throw new IllegalStateException("InputStream is null");
+
+ Document samlDocument = null;
+ //First parse the Document
+ try
+ {
+ samlDocument = DocumentUtil.getDocument(is);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+
+ try
+ {
+ Binder<Node> binder = getBinder();
+ JAXBElement<SAML2Object> jaxbAuthnRequestType =
(JAXBElement<SAML2Object>) binder.unmarshal(samlDocument);
+ SAML2Object requestType = jaxbAuthnRequestType.getValue();
+ samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
+ return requestType;
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ }
+
+ /**
* Get a Request Type from Input Stream
* @param is
* @return
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -54,6 +54,7 @@
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.ActionType;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
@@ -67,6 +68,7 @@
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusResponseType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
@@ -296,6 +298,50 @@
}
+ /**
+ * Read a {@code SAML2Object} from an input stream
+ * @param is
+ * @return
+ * @throws ParsingException
+ * @throws ConfigurationException
+ */
+ @SuppressWarnings("unchecked")
+ public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException,
ConfigurationException
+ {
+ if(is == null)
+ throw new IllegalArgumentException("inputstream is null");
+
+ Document samlResponseDocument = null;
+ //Read the DOM
+ try
+ {
+ samlResponseDocument = DocumentUtil.getDocument(is);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ try
+ {
+ Binder<Node> binder = getBinder();
+ JAXBElement<SAML2Object> saml2Object = (JAXBElement<SAML2Object>)
binder.unmarshal(samlResponseDocument);
+ SAML2Object responseType = saml2Object.getValue();
+ samlDocumentHolder = new SAMLDocumentHolder(responseType,
samlResponseDocument);
+ return responseType;
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ }
/**
* Convert an EncryptedElement into a Document
@@ -333,9 +379,9 @@
* @throws JAXBException
* @throws ParserConfigurationException
*/
- public Document convert(ResponseType responseType) throws JAXBException,
ParserConfigurationException
+ public Document convert(StatusResponseType responseType) throws JAXBException,
ParserConfigurationException
{
- JAXBContext jaxb = JAXBUtil.getJAXBContext(ResponseType.class);
+ JAXBContext jaxb = JAXBUtil.getJAXBContext(StatusResponseType.class);
Binder<Node> binder = jaxb.createBinder();
Document responseDocument = DocumentUtil.createDocument();
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -124,7 +124,28 @@
Document doc = saml2Request.convert(response);
doc.normalize();
- String referenceURI = "#" + response.getID();
+ return sign(doc, response.getID(), keypair);
+ }
+
+ /**
+ * Sign an Document at the root
+ * @param response
+ * @param keypair Key Pair
+ * @param digestMethod (Example: DigestMethod.SHA1)
+ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ * @return
+ * @throws ParserConfigurationException
+ * @throws JAXBException
+ * @throws XMLSignatureException
+ * @throws MarshalException
+ * @throws GeneralSecurityException
+ */
+ public Document sign(Document doc,
+ String referenceID,
+ KeyPair keypair) throws JAXBException,
+ ParserConfigurationException, GeneralSecurityException, MarshalException,
XMLSignatureException
+ {
+ String referenceURI = "#" + referenceID;
return XMLSignatureUtil.sign(doc,
keypair,
@@ -156,7 +177,31 @@
SAML2Response saml2Response = new SAML2Response();
Document doc = saml2Response.convert(response);
-
+ return sign(doc,idValueOfAssertion, keypair, referenceURI);
+ }
+
+ /**
+ * Sign a document
+ * @param doc
+ * @param idValueOfAssertion
+ * @param keypair
+ * @param referenceURI
+ * @return
+ * @throws JAXBException
+ * @throws ParserConfigurationException
+ * @throws XPathException
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
+ * @throws GeneralSecurityException
+ * @throws MarshalException
+ * @throws XMLSignatureException
+ */
+ public Document sign(Document doc,
+ String idValueOfAssertion,
+ KeyPair keypair,
+ String referenceURI) throws JAXBException, ParserConfigurationException,
XPathException, TransformerFactoryConfigurationError, TransformerException,
GeneralSecurityException, MarshalException, XMLSignatureException
+ {
+
Node assertionNode = DocumentUtil.getNodeWithAttribute(doc,
JBossSAMLURIConstants.ASSERTION_NSURI.get(),
"Assertion",
@@ -166,6 +211,6 @@
return XMLSignatureUtil.sign(doc, assertionNode,
keypair,
digestMethod, signatureMethod,
- referenceURI);
+ referenceURI);
}
}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,131 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference
Implementation, vhudson-jaxb-ri-2.1-661
+// See <a
href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/...
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.06 at 01:13:30 PM CDT
+//
+
+
+package org.jboss.identity.federation.core.handler.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlType;
+
+import org.jboss.identity.federation.core.config.KeyValueType;
+
+
+/**
+ * <p>Java class for Handler complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within
this class.
+ *
+ * <pre>
+ * <complexType name="Handler">
+ * <complexContent>
+ * <restriction
base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * <sequence>
+ * <element name="Option"
type="{urn:jboss:identity-federation:config:1.0}KeyValueType"
maxOccurs="unbounded" minOccurs="0"/>
+ * </sequence>
+ * <attribute name="name"
type="{http://www.w3.org/2001/XMLSchema}string" />
+ * <attribute name="class"
type="{http://www.w3.org/2001/XMLSchema}string" />
+ * </restriction>
+ * </complexContent>
+ * </complexType>
+ * </pre>
+ *
+ *
+ */
+(a)XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "Handler", propOrder = {
+ "Option"
+})
+public class Handler {
+
+ protected List<KeyValueType> Option;
+ @XmlAttribute
+ protected String name;
+ @XmlAttribute(name = "class")
+ protected String clazz;
+
+ /**
+ * Gets the value of the option property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the option
property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getOption().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link KeyValueType }
+ *
+ *
+ */
+ public List<KeyValueType> getOption() {
+ if (Option == null) {
+ Option = new ArrayList<KeyValueType>();
+ }
+ return this.Option;
+ }
+
+ /**
+ * Gets the value of the name property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Sets the value of the name property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setName(String value) {
+ this.name = value;
+ }
+
+ /**
+ * Gets the value of the clazz property.
+ *
+ * @return
+ * possible object is
+ * {@link String }
+ *
+ */
+ public String getClazz() {
+ return clazz;
+ }
+
+ /**
+ * Sets the value of the clazz property.
+ *
+ * @param value
+ * allowed object is
+ * {@link String }
+ *
+ */
+ public void setClazz(String value) {
+ this.clazz = value;
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handlers.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handlers.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/Handlers.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,76 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference
Implementation, vhudson-jaxb-ri-2.1-661
+// See <a
href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/...
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.06 at 01:13:30 PM CDT
+//
+
+
+package org.jboss.identity.federation.core.handler.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * <p>Java class for Handlers complex type.
+ *
+ * <p>The following schema fragment specifies the expected content contained within
this class.
+ *
+ * <pre>
+ * <complexType name="Handlers">
+ * <complexContent>
+ * <restriction
base="{http://www.w3.org/2001/XMLSchema}anyType">
+ * <sequence>
+ * <element name="Handler"
type="{urn:jboss:identity-federation:handler:config:1.0}Handler"
maxOccurs="unbounded"/>
+ * </sequence>
+ * </restriction>
+ * </complexContent>
+ * </complexType>
+ * </pre>
+ *
+ *
+ */
+(a)XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "Handlers", propOrder = {
+ "handler"
+})
+public class Handlers {
+
+ @XmlElement(name = "Handler", required = true)
+ protected List<Handler> handler;
+
+ /**
+ * Gets the value of the handler property.
+ *
+ * <p>
+ * This accessor method returns a reference to the live list,
+ * not a snapshot. Therefore any modification you make to the
+ * returned list will be present inside the JAXB object.
+ * This is why there is not a <CODE>set</CODE> method for the handler
property.
+ *
+ * <p>
+ * For example, to add a new item, do as follows:
+ * <pre>
+ * getHandler().add(newItem);
+ * </pre>
+ *
+ *
+ * <p>
+ * Objects of the following type(s) are allowed in the list
+ * {@link Handler }
+ *
+ *
+ */
+ public List<Handler> getHandler() {
+ if (handler == null) {
+ handler = new ArrayList<Handler>();
+ }
+ return this.handler;
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/ObjectFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/ObjectFactory.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/ObjectFactory.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,68 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference
Implementation, vhudson-jaxb-ri-2.1-661
+// See <a
href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/...
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.06 at 02:14:55 PM CDT
+//
+
+
+package org.jboss.identity.federation.core.handler.config;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.namespace.QName;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the jboss.identity_federation.handler.config._1 package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+ private final static QName _Handlers_QNAME = new
QName("urn:jboss:identity-federation:handler:config:1.0",
"Handlers");
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema
derived classes for package: jboss.identity_federation.handler.config._1
+ *
+ */
+ public ObjectFactory() {
+ }
+
+ /**
+ * Create an instance of {@link Handler }
+ *
+ */
+ public Handler createHandler() {
+ return new Handler();
+ }
+
+ /**
+ * Create an instance of {@link Handlers }
+ *
+ */
+ public Handlers createHandlers() {
+ return new Handlers();
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link Handlers }{@code
>}}
+ *
+ */
+ @XmlElementDecl(namespace =
"urn:jboss:identity-federation:handler:config:1.0", name =
"Handlers")
+ public JAXBElement<Handlers> createHandlers(Handlers value) {
+ return new JAXBElement<Handlers>(_Handlers_QNAME, Handlers.class, null,
value);
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/package-info.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/package-info.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/handler/config/package-info.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,9 @@
+//
+// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference
Implementation, vhudson-jaxb-ri-2.1-661
+// See <a
href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/...
+// Any modifications to this file will be lost upon recompilation of the source schema.
+// Generated on: 2009.10.06 at 01:13:30 PM CDT
+//
+
+(a)javax.xml.bind.annotation.XmlSchema(namespace =
"urn:jboss:identity-federation:handler:config:1.0", elementFormDefault =
javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
+package org.jboss.identity.federation.core.handler.config;
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/interfaces/ProtocolContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/interfaces/ProtocolContext.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/interfaces/ProtocolContext.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.interfaces;
+
+/**
+ * Marker Interface
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 17, 2009
+ */
+public interface ProtocolContext
+{
+}
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -27,8 +27,10 @@
* A Holder class that can store
* the SAML object as well as the corresponding
* DOM object.
- * It is thread safe because each thread
- * can have only one instance of this class
+ *
+ * Users of this class need to make it threadsafe
+ * by having one instance per thread (ThreadLocal)
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Aug 13, 2009
*/
@@ -52,6 +54,7 @@
this.samlObject = samlObject;
this.samlDocument = samlDocument;
}
+
public Object getSamlObject()
{
return samlObject;
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerChain.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.impl;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
+
+/**
+ * Default implementation of the SAML2 handler chain
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 1, 2009
+ */
+public class DefaultSAML2HandlerChain implements SAML2HandlerChain
+{
+ private Set<SAML2Handler> handlers = new HashSet<SAML2Handler>();
+
+ /**
+ * @see SAML2HandlerChain#add(SAML2Handler)
+ */
+ public boolean add(SAML2Handler handler)
+ {
+ return handlers.add(handler);
+ }
+
+ /**
+ * @see SAML2HandlerChain#add(SAML2Handler)
+ */
+ public boolean addAll(Collection<SAML2Handler> handlers)
+ {
+ return this.handlers.addAll(handlers);
+ }
+
+ /**
+ * @see SAML2HandlerChain#handlers()
+ */
+ public Set<SAML2Handler> handlers()
+ {
+ return Collections.unmodifiableSet(handlers);
+ }
+
+ /**
+ * @see SAML2HandlerChain#remove(SAML2Handler)
+ */
+ public boolean remove(SAML2Handler handler)
+ {
+ return handlers.remove(handler);
+ }
+
+ /**
+ * @see SAML2HandlerChain#size()
+ */
+ public int size()
+ {
+ return handlers.size();
+ }
+
+ /**
+ * @see SAML2HandlerChain#removeAll(Collection)
+ */
+ public boolean removeAll(Collection<SAML2Handler> handlers)
+ {
+ return handlers.removeAll(handlers);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,130 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.impl;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.identity.federation.core.interfaces.ProtocolContext;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+
+/**
+ * Default SAML2HandlerRequest
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 1, 2009
+ */
+public class DefaultSAML2HandlerRequest implements SAML2HandlerRequest
+{
+ private ProtocolContext protocolContext = null;
+ private NameIDType issuer;
+ private SAML2Object saml2Object;
+ private HANDLER_TYPE handlerType;
+ private Map<String,Object> options = new HashMap<String,Object>();
+ private GENERATE_REQUEST_TYPE generateRequestType;
+ private String relayState;
+
+ public DefaultSAML2HandlerRequest(ProtocolContext protocolContext,
+ NameIDType issuer, SAML2Object saml2Object,
+ HANDLER_TYPE handlerType)
+ {
+ this.protocolContext = protocolContext;
+ this.issuer = issuer;
+ this.saml2Object = saml2Object;
+ this.handlerType = handlerType;
+ }
+
+ public void setOptions(Map<String,Object> options)
+ {
+ this.options = options;
+ }
+
+ /**
+ * @see SAML2HandlerRequest#getContext()
+ */
+ public ProtocolContext getContext()
+ {
+ return this.protocolContext;
+ }
+ /**
+ * @see SAML2HandlerRequest#getIssuer()
+ */
+ public NameIDType getIssuer()
+ {
+ return this.issuer;
+ }
+ /**
+ * @see SAML2HandlerRequest#getSAML2Object()
+ */
+ public SAML2Object getSAML2Object()
+ {
+ return this.saml2Object;
+ }
+ /**
+ * @see SAML2HandlerRequest#getType()
+ */
+ public HANDLER_TYPE getType()
+ {
+ return handlerType;
+ }
+
+ /**
+ * @see SAML2HandlerRequest#getOptions()
+ */
+ public Map<String, Object> getOptions()
+ {
+ return Collections.unmodifiableMap(this.options);
+ }
+
+ /**
+ * Set the type of saml2 request that need to be generated
+ * by the handler
+ * @param grt
+ */
+ public void setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE grt)
+ {
+ this.generateRequestType = grt;
+ }
+
+ /**
+ * @see SAML2HandlerRequest#getTypeOfRequestToBeGenerated()
+ */
+ public GENERATE_REQUEST_TYPE getTypeOfRequestToBeGenerated()
+ {
+ return this.generateRequestType;
+ }
+
+ /**
+ * @see SAML2HandlerRequest#getRelayState()
+ */
+ public String getRelayState()
+ {
+ return this.relayState;
+ }
+
+ public void setRelayState(String relay)
+ {
+ this.relayState = relay;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerResponse.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,143 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.w3c.dom.Document;
+
+/**
+ * Default implementation of the SAML2 Handler response
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 1, 2009
+ */
+public class DefaultSAML2HandlerResponse implements SAML2HandlerResponse
+{
+ private Document document;
+ private String relayState;
+ private List<String> roles = new ArrayList<String>();
+ private String destination;
+ private int errorCode;
+ private String errorMessage;
+ private boolean errorMode;
+
+ /**
+ * @see SAML2HandlerResponse#getRelayState()
+ */
+ public String getRelayState()
+ {
+ return this.relayState;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#getResultingDocument()
+ */
+ public Document getResultingDocument()
+ {
+ return this.document;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#setRelayState(String)
+ */
+ public void setRelayState(String relayState)
+ {
+ this.relayState= relayState;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#setResultingDocument(Document)
+ */
+ public void setResultingDocument(Document doc)
+ {
+ this.document = doc;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#getRoles()
+ */
+ public List<String> getRoles()
+ {
+ return this.roles ;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#setRoles(List)
+ */
+ public void setRoles(List<String> roles)
+ {
+ this.roles.addAll(roles);
+ }
+
+ /**
+ * @see SAML2HandlerResponse#getDestination()
+ */
+ public String getDestination()
+ {
+ return this.destination;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#setDestination(String)
+ */
+ public void setDestination(String destination)
+ {
+ this.destination = destination;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#getErrorCode()
+ */
+ public int getErrorCode()
+ {
+ return this.errorCode;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#getErrorMessage()
+ */
+ public String getErrorMessage()
+ {
+ return this.errorMessage;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#setError(int, String)
+ */
+ public void setError(int errorCode, String errorMessage)
+ {
+ this.errorCode = errorCode;
+ this.errorMessage = errorMessage;
+
+ this.errorMode = true;
+ }
+
+ /**
+ * @see SAML2HandlerResponse#isInError()
+ */
+ public boolean isInError()
+ {
+ return this.errorMode;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2Handler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.interfaces;
+
+import java.util.Map;
+
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+
+/**
+ * Handle SAML2 Request types and status response types
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 17, 2009
+ */
+public interface SAML2Handler
+{
+ /**
+ * Initialize the handler
+ * @param options
+ */
+ void init(Map<String,Object> options);
+
+ /**
+ * Generate a SAML Request to be sent to the IDP
+ * if the handler is invoked at the SP and vice-versa
+ * @param request
+ * @param response
+ * @throws ProcessingException
+ */
+ void generateSAMLRequest(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException;
+ /**
+ * Handle a SAML2 RequestAbstractType
+ * @param requestAbstractType
+ * @param resultingDocument
+ * @return
+ */
+ void handleRequestType(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException;
+
+ /**
+ * Handle a SAML2 Status Response Type
+ * @param statusResponseType
+ * @param resultingDocument
+ * @return
+ */
+ void handleStatusResponseType(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException;
+
+ /**
+ * Shed all state
+ * @throws ProcessingException
+ */
+ void reset() throws ProcessingException;
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerChain.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerChain.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerChain.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.interfaces;
+
+import java.util.Collection;
+import java.util.Set;
+
+/**
+ * A SAML2 chain of handlers
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 1, 2009
+ */
+public interface SAML2HandlerChain
+{
+ /**
+ * Number of handlers
+ * @return
+ */
+ int size();
+
+ /**
+ * Get a read-only set of handlers
+ * @return
+ */
+ Set<SAML2Handler> handlers();
+
+ /**
+ * Add an handler
+ * @param handler
+ * @return whether add was successful
+ */
+ boolean add(SAML2Handler handler);
+
+ /**
+ * Add a collection of handlers
+ * @param handlers
+ * @return
+ */
+ boolean addAll(Collection<SAML2Handler> handlers);
+
+ /**
+ * Remove an handler
+ * @param handler
+ * @return whether remove was successful
+ */
+ boolean remove(SAML2Handler handler);
+
+ /**
+ * Remove a collection of handlers
+ * @param handlers
+ * @return
+ */
+ boolean removeAll(Collection<SAML2Handler> handlers);
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.interfaces;
+
+import java.util.Map;
+
+import org.jboss.identity.federation.core.interfaces.ProtocolContext;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+
+/**
+ * Request for {@code SAML2Handler}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 25, 2009
+ */
+public interface SAML2HandlerRequest
+{
+ /**
+ * Processing Point - idp side
+ * or service side
+ */
+ public enum HANDLER_TYPE
+ {
+ IDP,SP;
+ };
+
+ public enum GENERATE_REQUEST_TYPE
+ {
+ AUTH,LOGOUT;
+ };
+
+ /**
+ * Holder of transport context such
+ * as HTTP
+ * @return
+ */
+ ProtocolContext getContext();
+
+ /**
+ * The SAML2 Request
+ * @return
+ */
+ SAML2Object getSAML2Object();
+
+ /**
+ * Get the type of handler
+ * - handler at IDP or SP
+ * @return
+ */
+ HANDLER_TYPE getType();
+
+ /**
+ * Return the type of SAML request
+ * that needs to be generated at the handler
+ * @return
+ */
+ GENERATE_REQUEST_TYPE getTypeOfRequestToBeGenerated();
+
+ /**
+ * set the type of SAML request
+ * that needs to be generated at the handler
+ * @return
+ */
+ void setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE grt);
+
+ /**
+ * Get the Issuer (SP or IDP) where
+ * the handler chain is currently processing
+ * @return
+ */
+ NameIDType getIssuer();
+
+ /**
+ * Set the relay state that was part of the interaction
+ * @param relayState
+ */
+ void setRelayState(String relayState);
+
+ /**
+ * Get the RelayState that was part of the interaction
+ * @return
+ */
+ String getRelayState();
+
+ /**
+ * Configure options
+ * @param options
+ */
+ void setOptions(Map<String, Object> options);
+
+ /**
+ * Get the configured options
+ * @return
+ */
+ Map<String, Object> getOptions();
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerResponse.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.interfaces;
+
+import java.util.List;
+
+import org.w3c.dom.Document;
+
+/**
+ * A response object sent to the
+ * {@code SAML2Handler} as part of a chain
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 25, 2009
+ */
+public interface SAML2HandlerResponse
+{
+ /**
+ * Set the destination where the response
+ * from the current processing node is sent
+ * @param destination
+ */
+ void setDestination(String destination);
+
+ /**
+ * Get the destination
+ * @return
+ */
+ String getDestination();
+
+ /**
+ * Set the resulting document from the handler
+ * @param doc
+ */
+ void setResultingDocument(Document doc);
+
+ /**
+ * Set any relay state that needs to be used
+ * in the workflow
+ * @param relayState
+ */
+ void setRelayState(String relayState);
+
+ /**
+ * Get the resulting document from the handler invocation
+ * @return
+ */
+ Document getResultingDocument();
+
+ /**
+ * Get the relay state
+ * @return
+ */
+ String getRelayState();
+
+ /**
+ * Set an roles that are generated by handlers
+ * @param roles
+ */
+ void setRoles(List<String> roles);
+
+ /**
+ * Get the roles generated by handlers
+ * @return
+ */
+ List<String> getRoles();
+
+ /**
+ * Specifies whether the handler chain processing
+ * resulted in an error
+ * @return
+ */
+ boolean isInError();
+
+ /**
+ * Handler can set an error
+ * @param errorCode
+ * @param errorMessage
+ */
+ void setError(int errorCode, String errorMessage);
+
+ /**
+ * Get the error code set in the handler chain
+ * @return
+ */
+ int getErrorCode();
+
+ /**
+ * Get the error message set in the handler chain
+ * @return
+ */
+ String getErrorMessage();
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/HandlerUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/HandlerUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/HandlerUtil.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,91 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.util;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.jboss.identity.federation.core.config.KeyValueType;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.handler.config.Handler;
+import org.jboss.identity.federation.core.handler.config.Handlers;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+
+/**
+ * Deals with SAML2 Handlers
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public class HandlerUtil
+{
+ public static Set<SAML2Handler> getHandlers(Handlers handlers) throws
ConfigurationException
+ {
+ if(handlers == null)
+ throw new IllegalArgumentException("handlers is null");
+ List<Handler> handlerList = handlers.getHandler();
+
+ Set<SAML2Handler> handlerSet = new HashSet<SAML2Handler>();
+
+ for(Handler handler : handlerList)
+ {
+ String clazzName = handler.getClazz();
+
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz;
+ try
+ {
+ clazz = tcl.loadClass(clazzName);
+
+ SAML2Handler samlhandler = (SAML2Handler) clazz.newInstance();
+ List<KeyValueType> options = handler.getOption();
+
+ Map<String, Object> mapOptions = new HashMap<String, Object>();
+
+ for(KeyValueType kvtype : options)
+ {
+ mapOptions.put(kvtype.getKey(), kvtype.getValue());
+ }
+ samlhandler.init(mapOptions);
+
+ handlerSet.add(samlhandler);
+ }
+ catch (ClassNotFoundException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (InstantiationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (IllegalAccessException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ }
+
+ return handlerSet;
+ }
+
+}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/JAXBElementMappingUtil.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -31,13 +31,16 @@
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import
org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.jboss.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.jboss.identity.federation.saml.v2.protocol.ArtifactResponseType;
import org.jboss.identity.federation.saml.v2.protocol.AssertionIDRequestType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ManageNameIDRequestType;
import org.jboss.identity.federation.saml.v2.protocol.NameIDMappingRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.NameIDMappingResponseType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusResponseType;
/**
* Maps various saml/xacml types to their corresponding JAXBElement
@@ -102,9 +105,26 @@
* @param responseType
* @return
*/
- public static JAXBElement<?> get(ResponseType responseType)
- {
- return SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
+ public static JAXBElement<?> get(StatusResponseType statusResponseType)
+ {
+ if(statusResponseType instanceof ResponseType)
+ {
+ ResponseType responseType = (ResponseType) statusResponseType;
+ return SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
+ }
+ else if(statusResponseType instanceof NameIDMappingResponseType)
+ {
+ NameIDMappingResponseType nameIDResponseType = (NameIDMappingResponseType)
statusResponseType;
+ return
SAMLProtocolFactory.getObjectFactory().createNameIDMappingResponse(nameIDResponseType);
+ }
+ else if(statusResponseType instanceof StatusResponseType)
+ {
+ StatusResponseType srt = (StatusResponseType) statusResponseType;
+ return SAMLProtocolFactory.getObjectFactory().createLogoutResponse(srt);
+ }
+
+ ArtifactResponseType artifactResponse = (ArtifactResponseType) statusResponseType;
+ return
SAMLProtocolFactory.getObjectFactory().createArtifactResponse(artifactResponse);
}
/**
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SecurityActions.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.util;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ /**
+ * Set the system property
+ * @param key
+ * @param defaultValue
+ * @return
+ */
+ static void setSystemProperty(final String key, final String value)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty(key, value);
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Get the system property
+ * @param key
+ * @param defaultValue
+ * @return
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+}
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -21,6 +21,7 @@
*/
package org.jboss.identity.federation.core.util;
+import java.io.IOException;
import java.net.URL;
import java.util.HashMap;
@@ -28,6 +29,8 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
@@ -107,6 +110,25 @@
JAXBContext jc = getJAXBContext(pkgName);
return jc.createUnmarshaller();
}
+
+ /**
+ * Get the JAXB Unmarshaller for a selected set
+ * of package names
+ * @param pkgNames
+ * @return
+ * @throws JAXBException
+ */
+ public static Unmarshaller getUnmarshaller(String... pkgNames) throws JAXBException
+ {
+ if(pkgNames == null)
+ throw new IllegalArgumentException("pkgName is null");
+ int len = pkgNames.length;
+ if(len == 0)
+ return getUnmarshaller(pkgNames[0]);
+
+ JAXBContext jc = getJAXBContext(pkgNames);
+ return jc.createUnmarshaller();
+ }
/**
* Get the JAXB Unmarshaller
@@ -125,13 +147,59 @@
return unmarshaller;
}
+
+ public static Unmarshaller getValidatingUnmarshaller(String[] pkgNames,
+ String[] schemaLocations) throws JAXBException,SAXException, IOException
+ {
+ StringBuilder builder = new StringBuilder();
+ int len = pkgNames.length;
+ if(len == 0)
+ throw new IllegalArgumentException("Packages are empty");
+
+ for(String pkg:pkgNames)
+ {
+ builder.append(pkg);
+ builder.append(":");
+ }
+
+ Unmarshaller unmarshaller = getUnmarshaller(builder.toString());
+
+ SchemaFactory schemaFactory = getSchemaFactory();
+
+ //Get the sources
+ Source[] schemaSources = new Source[schemaLocations.length];
+
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+
+ int i=0;
+ for(String schemaLocation : schemaLocations)
+ {
+ URL schemaURL = tcl.getResource(schemaLocation);
+ if(schemaURL == null)
+ throw new IllegalStateException("Schema URL is null:" +
schemaLocation);
+ schemaSources[i++] = new StreamSource(schemaURL.openStream());
+ }
+
+ Schema schema = schemaFactory.newSchema(schemaSources);
+ unmarshaller.setSchema(schema);
+
+ return unmarshaller;
+ }
+
private static Schema getJAXPSchemaInstance(String schemaLocation) throws
SAXException
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
URL schemaURL = tcl.getResource(schemaLocation);
if(schemaURL == null)
throw new IllegalStateException("Schema URL is null:" +
schemaLocation);
+ SchemaFactory scFact = getSchemaFactory();
+ Schema schema = scFact.newSchema(schemaURL);
+ return schema;
+ }
+
+ private static SchemaFactory getSchemaFactory()
+ {
SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
//Always install the resolver unless the system property is set
@@ -176,8 +244,7 @@
if(trace) log.trace("SAX Warn:" + builder.toString());
}
});
- Schema schema = scFact.newSchema(schemaURL);
- return schema;
+ return scFact;
}
public static JAXBContext getJAXBContext(String path) throws JAXBException
@@ -191,6 +258,29 @@
return jx;
}
+ public static JAXBContext getJAXBContext(String... paths) throws JAXBException
+ {
+ int len = paths.length;
+ if (len == 0)
+ return getJAXBContext(paths[0]);
+
+ StringBuilder builder = new StringBuilder();
+ for(String path: paths)
+ {
+ builder.append(path).append(":");
+ }
+
+ String finalPath = builder.toString();
+
+ JAXBContext jx = jaxbContextHash.get(finalPath);
+ if(jx == null)
+ {
+ jx = JAXBContext.newInstance(finalPath);
+ jaxbContextHash.put(finalPath, jx);
+ }
+ return jx;
+ }
+
public static JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException
{
String clazzName = clazz.getName();
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -162,6 +162,7 @@
* @return the constructed {@code BaseRequestSecurityTokenResponse} instance.
According to the WS-Trust
* specification, the returned object will be an instance of {@code
RequestSecurityTokenResponseCollection}.
*/
+ @SuppressWarnings("unchecked")
public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source
response)
{
// if the response contains an issued token, we must preserve it from the JAXB
unmarshalling.
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -126,7 +126,7 @@
public abstract QName getTokenElementQName();
/**
- * Post constuct will be called when the handler is deployed.
+ * Post construct will be called when the handler is deployed.
*
* @throws WebServiceException
*/
@@ -256,4 +256,4 @@
}
return null;
}
-}
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed-handler.xsd
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed-handler.xsd
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed-handler.xsd 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
xmlns="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="urn:jboss:identity-federation:handler:config:1.0"
+ xmlns:tns="urn:jboss:identity-federation:handler:config:1.0"
+ xmlns:idfed="urn:jboss:identity-federation:config:1.0"
+ elementFormDefault="qualified">
+
+ <!-- Import the JBID configuration schema -->
+ <import schemaLocation="jboss-identity-fed.xsd"
+ namespace="urn:jboss:identity-federation:config:1.0">
+ </import>
+
+
+ <complexType name="Handler">
+ <sequence>
+ <element name="Option" type="idfed:KeyValueType"
maxOccurs="unbounded"
+ minOccurs="0">
+ </element>
+ </sequence>
+ <attribute name="name" type="string"></attribute>
+ <attribute name="class" type="string"></attribute>
+ </complexType>
+
+
+ <complexType name="Handlers">
+ <sequence>
+ <element name="Handler" type="tns:Handler"
maxOccurs="unbounded" minOccurs="1"></element>
+ </sequence>
+ </complexType>
+
+ <element name="Handlers" type="tns:Handlers"/>
+</schema>
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-10-09
18:44:57 UTC (rev 828)
@@ -159,6 +159,13 @@
</sequence>
</complexType>
+ <complexType name="MetadataProviderType">
+ <sequence>
+ <element name="Option" type="tns:KeyValueType"
maxOccurs="unbounded" minOccurs="0"></element>
+ </sequence>
+ <attribute name="ClassName"
type="string"></attribute>
+ </complexType>
+
<!-- Security Token Service Elements -->
<complexType name="STSType">
@@ -248,11 +255,4 @@
<attribute name="Name" type="string"
use="required"/>
<attribute name="Value" type="string"
use="required"/>
</complexType>
-
- <complexType name="MetadataProviderType">
- <sequence>
- <element name="Option" type="tns:KeyValueType"
maxOccurs="unbounded" minOccurs="0"></element>
- </sequence>
- <attribute name="ClassName"
type="string"></attribute>
- </complexType>
</schema>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/config/ConfigUnitTestCase.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,213 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.config;
+
+import java.io.InputStream;
+import java.util.List;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.config.AuthPropertyType;
+import org.jboss.identity.federation.core.config.IDPType;
+import org.jboss.identity.federation.core.config.KeyProviderType;
+import org.jboss.identity.federation.core.config.KeyValueType;
+import org.jboss.identity.federation.core.config.PropertyType;
+import org.jboss.identity.federation.core.config.SPType;
+import org.jboss.identity.federation.core.config.STSType;
+import org.jboss.identity.federation.core.config.ServiceProviderType;
+import org.jboss.identity.federation.core.config.ServiceProvidersType;
+import org.jboss.identity.federation.core.config.TokenProviderType;
+import org.jboss.identity.federation.core.config.TokenProvidersType;
+import org.jboss.identity.federation.core.config.TrustType;
+import org.jboss.identity.federation.core.handler.config.Handler;
+import org.jboss.identity.federation.core.handler.config.Handlers;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+
+/**
+ * Unit Test the various config
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 21, 2009
+ */
+public class ConfigUnitTestCase extends TestCase
+{
+ String config = "config/test-config-";
+
+ @SuppressWarnings("unchecked")
+ public void test01() throws Exception
+ {
+ Object object = this.unmarshall(config + "1.xml");
+ assertNotNull("IDP is not null", object);
+ assertTrue(object instanceof JAXBElement);
+
+ IDPType idp = ((JAXBElement<IDPType>) object).getValue();
+ assertEquals("300000", 300000L, idp.getAssertionValidity());
+
assertEquals("org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator",
idp.getRoleGenerator());
+
+ TrustType trust = idp.getTrust();
+ assertNotNull("Trust is not null", trust);
+ String domains = trust.getDomains();
+ assertTrue("localhost trusted", domains.indexOf("localhost")
> -1);
+
assertTrue("jboss.com trusted", domains.indexOf("jboss.com")
> -1);
+ }
+
+ @SuppressWarnings("unchecked")
+ public void test02() throws Exception
+ {
+ Object object = this.unmarshall(config + "2.xml");
+ assertNotNull("IDP is not null", object);
+ assertTrue(object instanceof JAXBElement);
+
+ IDPType idp = ((JAXBElement<IDPType>) object).getValue();
+ assertEquals("20000", 20000L, idp.getAssertionValidity());
+ assertEquals("somefqn", idp.getRoleGenerator());
+ assertTrue(idp.isEncrypt());
+ KeyProviderType kp = idp.getKeyProvider();
+ assertNotNull("KeyProvider is not null", kp);
+ assertEquals("SomeClass", "SomeClass", kp.getClassName());
+ List<AuthPropertyType> authProps = kp.getAuth();
+ AuthPropertyType authProp = authProps.get(0);
+ assertEquals("SomeKey", "SomeKey", authProp.getKey());
+ assertEquals("SomeValue", "SomeValue", authProp.getValue());
+
+ authProp = authProps.get(1);
+ assertEquals("DBURL", "DBURL", authProp.getKey());
+ assertEquals("SomeDBURL", "SomeDBURL", authProp.getValue());
+
+ List<KeyValueType> validatingAliases = kp.getValidatingAlias();
+ assertEquals("Validating Alias length is 2", 2,
validatingAliases.size());
+
+ KeyValueType kv = validatingAliases.get(0);
+ assertEquals("localhost", kv.getKey());
+ assertEquals("localhostalias", kv.getValue());
+
+ kv = validatingAliases.get(1);
+ assertEquals("jboss.com", kv.getKey());
+ assertEquals("jbossalias", kv.getValue());
+
+ TrustType trust = idp.getTrust();
+ assertNotNull("Trust is not null", trust);
+ String domains = trust.getDomains();
+ assertTrue("localhost trusted", domains.indexOf("localhost")
> -1);
+
assertTrue("jboss.com trusted", domains.indexOf("jboss.com")
> -1);
+ }
+
+ @SuppressWarnings("unchecked")
+ public void test03() throws Exception
+ {
+ Object object = this.unmarshall(config + "3.xml");
+ assertNotNull("SP is null", object);
+ assertTrue(object instanceof JAXBElement);
+
+ SPType sp = ((JAXBElement<SPType>) object).getValue();
+ assertEquals("http://localhost:8080/idp", sp.getIdentityURL());
+ assertEquals("http://localhost:8080/sales", sp.getServiceURL());
+ }
+
+ /**
+ * <p>
+ * Tests the parsing of a Security Token Service configuration.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ @SuppressWarnings("unchecked")
+ public void test04() throws Exception
+ {
+ Object object = this.unmarshall(this.config + "4.xml");
+ assertNotNull("Found a null STS configuration", object);
+ assertTrue("Unexpected configuration type", object instanceof
JAXBElement);
+
+ STSType stsType = ((JAXBElement<STSType>) object).getValue();
+ // general STS configurations.
+ assertEquals("Unexpected STS name", "Test STS",
stsType.getSTSName());
+ assertEquals("Unexpected token timeout value", 7200,
stsType.getTokenTimeout());
+ assertTrue("Encryption of tokens should have been enabled",
stsType.isEncryptToken());
+ // we don't verify all values of the key provider config as it has been done in
the other test scenarios.
+ assertNotNull("Unexpected null key provider", stsType.getKeyProvider());
+ // request handler and configurations based on the token type.
+ assertEquals("Unexpected request handler class",
"org.jboss.identity.federation.wstrust.Handler", stsType
+ .getRequestHandler());
+ // configuration of the token providers.
+ TokenProvidersType tokenProviders = stsType.getTokenProviders();
+ assertNotNull("Unexpected null list of token providers",
tokenProviders);
+ assertEquals("Unexpected number of token providers", 1,
tokenProviders.getTokenProvider().size());
+ TokenProviderType tokenProvider = tokenProviders.getTokenProvider().get(0);
+ assertNotNull("Unexpected null token provider", tokenProvider);
+ assertEquals("Unexpected provider class name",
"org.jboss.SpecialTokenProvider", tokenProvider.getProviderClass());
+ assertEquals("Unexpected token type", "specialToken",
tokenProvider.getTokenType());
+ assertEquals("Unexpected token element name", "SpecialToken",
tokenProvider.getTokenElement());
+ assertEquals("Unexpected token namespace",
"http://www.tokens.org", tokenProvider.getTokenElementNS());
+ List<PropertyType> properties = tokenProvider.getProperty();
+ assertEquals("Invalid number of properties", 2, properties.size());
+ // configuration of the service providers.
+ ServiceProvidersType serviceProviders = stsType.getServiceProviders();
+ assertNotNull("Unexpected null list of service providers",
serviceProviders);
+ assertEquals("Unexpected number of service providers", 1,
serviceProviders.getServiceProvider().size());
+ ServiceProviderType serviceProvider =
serviceProviders.getServiceProvider().get(0);
+ assertNotNull("Unexpected null service provider", serviceProvider);
+ assertEquals("Unexpected provider endpoint",
"http://provider.endpoint/provider", serviceProvider.getEndpoint());
+ assertEquals("Unexpected truststore alias", "providerAlias",
serviceProvider.getTruststoreAlias());
+ assertEquals("Unexpected token type", "specialToken",
serviceProvider.getTokenType());
+ }
+
+ @SuppressWarnings("unchecked")
+ public void test05() throws Exception
+ {
+ JAXBElement<Handlers> handlersJaxb = (JAXBElement<Handlers>)
this.unmarshall(config + "5.xml");
+ assertNotNull("Handlers not null", handlersJaxb);
+
+ Handlers handlers = handlersJaxb.getValue();
+ List<Handler> handlerList = handlers.getHandler();
+ assertEquals("1 handler",1, handlerList.size());
+
+ Handler handler = handlerList.get(0);
+ assertEquals("Class Name","a", handler.getClazz());
+ List<KeyValueType> options = handler.getOption();
+ assertEquals("2 options", 2, options.size());
+ KeyValueType k1 = options.get(0);
+ assertEquals("1", "1", k1.getKey());
+ assertEquals("1.1", "1.1", k1.getValue());
+ KeyValueType k2 = options.get(1);
+ assertEquals("2", "2", k2.getKey());
+ assertEquals("2.2", "2.2", k2.getValue());
+ }
+
+ private Object unmarshall(String configFile) throws Exception
+ {
+ String[] schemas = new String[] {
"schema/config/jboss-identity-fed.xsd",
+ "schema/config/jboss-identity-fed-handler.xsd"};
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(configFile);
+ assertNotNull("Inputstream not null for config file:" + configFile, is);
+
+ String[] pkgNames = new String[]
{"org.jboss.identity.federation.core.config",
+
"org.jboss.identity.federation.core.handler.config"};
+ Unmarshaller un = JAXBUtil.getValidatingUnmarshaller(pkgNames,
+ schemas);
+ return un.unmarshal(is);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-1.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-1.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-1.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,6 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0">
+<IdentityURL>http://localhost:8080/idp</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org</Domains>
+</Trust>
+</JBossIDP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-2.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-2.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-2.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,15 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0"
+ AssertionValidity="20000"
+ RoleGenerator="somefqn"
+ Encrypt="true">
+<IdentityURL>http://localhost:8080/idp</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org</Domains>
+</Trust>
+<KeyProvider ClassName="SomeClass">
+ <Auth Key="SomeKey" Value="SomeValue" />
+ <Auth Key="DBURL" Value="SomeDBURL" />
+ <ValidatingAlias Key="localhost" Value="localhostalias"/>
+ <ValidatingAlias Key="jboss.com" Value="jbossalias"/>
+</KeyProvider>
+</JBossIDP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-3.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-3.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-3.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,14 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0">
+<IdentityURL>http://localhost:8080/idp</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org</Domains>
+</Trust>
+<KeyProvider ClassName="SomeClass">
+ <Auth Key="SomeKey" Value="SomeValue" />
+ <Auth Key="DBURL" Value="SomeDBURL" />
+ <ValidatingAlias Key="localhost" Value="localhostalias"/>
+ <ValidatingAlias Key="jboss.com" Value="jbossalias"/>
+</KeyProvider>
+
+<ServiceURL>http://localhost:8080/sales</ServiceURL>
+</JBossSP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-4.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,24 @@
+<JBossSTS xmlns="urn:jboss:identity-federation:config:1.0"
+ STSName="Test STS" TokenTimeout="7200"
EncryptToken="true">
+ <KeyProvider ClassName="SomeClass">
+ <ValidatingAlias Key="localhost" Value="localhostalias"/>
+ <ValidatingAlias Key="jboss.com" Value="jbossalias"/>
+ <SigningAlias>issueralias</SigningAlias>
+ </KeyProvider>
+ <RequestHandler>org.jboss.identity.federation.wstrust.Handler</RequestHandler>
+ <TokenProviders>
+ <TokenProvider
+ ProviderClass="org.jboss.SpecialTokenProvider"
+ TokenType="specialToken"
+ TokenElement="SpecialToken"
+ TokenElementNS="http://www.tokens.org">
+ <Property Name="Property1" Value="Value1"/>
+ <Property Name="Property2" Value="Value2"/>
+ </TokenProvider>
+ </TokenProviders>
+ <ServiceProviders>
+ <ServiceProvider Endpoint="http://provider.endpoint/provider"
+ TokenType="specialToken"
+ TruststoreAlias="providerAlias"/>
+ </ServiceProviders>
+</JBossSTS>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-5.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-5.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-config-5.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,6 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler class="a">
+ <Option Key="1" Value="1.1"/>
+ <Option Key="2" Value="2.2"/>
+ </Handler>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-metadata-config-1.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-metadata-config-1.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/config/test-metadata-config-1.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,18 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0"
+ AssertionValidity="20000"
+ RoleGenerator="somefqn"
+ Encrypt="true">
+<IdentityURL>http://localhost:8080/idp</IdentityURL>
+<Trust>
+ <Domains>localhost,jboss.com,jboss.org</Domains>
+</Trust>
+<KeyProvider ClassName="SomeClass">
+ <Auth Key="SomeKey" Value="SomeValue" />
+ <Auth Key="DBURL" Value="SomeDBURL" />
+ <ValidatingAlias Key="localhost" Value="localhostalias"/>
+ <ValidatingAlias Key="jboss.com" Value="jbossalias"/>
+</KeyProvider>
+<MetaDataProvider ClassName="org.jboss.test.somefqn">
+ <Option Key="FileName" Value="myfile"/>
+</MetaDataProvider>
+</JBossIDP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,45 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.constants;
+
+/**
+ * Constants
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 8, 2009
+ */
+public interface GeneralConstants
+{
+ String ASSERTIONS_VALIDITY = "ASSERTIONS_VALIDITY";
+ String ATTRIBUTES = "ATTRIBUTES";
+ String ATTRIBUTE_KEYS = "ATTRIBUTE_KEYS";
+ String CONFIGURATION = "CONFIGURATION";
+ String IGNORE_SIGNATURES = "IGNORE_SIGNATURES";
+ String PRINCIPAL_ID = "jboss_identity.principal";
+ String ROLES = "ROLES";
+ String ROLES_ID = "jboss_identity.roles";
+ String ROLE_GENERATOR = "ROLE_GENERATOR";
+ String ROLE_VALIDATOR = "ROLE_VALIDATOR";
+ String SIGN_OUTGOING_MESSAGES = "SIGN_OUTGOING_MESSAGES";
+
+ String USERNAME_FIELD = "JBID_USERNAME";
+ String PASS_FIELD = "JBID_PASSWORD";
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/HTTPContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/HTTPContext.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/HTTPContext.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,84 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.core;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.identity.federation.core.interfaces.ProtocolContext;
+
+/**
+ * Protocol Context based on HTTP
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 17, 2009
+ */
+public class HTTPContext implements ProtocolContext
+{
+ protected HttpServletRequest request;
+ protected HttpServletResponse response;
+
+ protected ServletContext servletContext;
+
+ public HTTPContext(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ ServletContext sctx)
+ {
+ this.request = httpReq;
+ this.response = httpResp;
+ this.servletContext = sctx;
+ }
+
+ public HttpServletRequest getRequest()
+ {
+ return request;
+ }
+
+ public HttpServletResponse getResponse()
+ {
+ return response;
+ }
+
+ public ServletContext getServletContext()
+ {
+ return servletContext;
+ }
+
+ //Setters
+
+ public HTTPContext setRequest(HttpServletRequest req)
+ {
+ this.request = req;
+ return this;
+ }
+
+ public HTTPContext setResponse(HttpServletResponse resp)
+ {
+ this.response = resp;
+ return this;
+ }
+
+ public HTTPContext setServletContext(ServletContext sctx)
+ {
+ this.servletContext = sctx;
+ return this;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/core/IdentityServer.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,194 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.core;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.Stack;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+/**
+ * Represents an Identity Server
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 17, 2009
+ */
+public class IdentityServer implements HttpSessionListener
+{
+ private STACK stack = new STACK();
+
+ public class STACK
+ {
+ private ConcurrentHashMap<String,Stack<String>> sessionParticipantsMap
=
+ new ConcurrentHashMap<String, Stack<String>>();
+
+ private ConcurrentHashMap<String, Set<String>> inTransitMap =
+ new ConcurrentHashMap<String, Set<String>>();
+
+ /**
+ * Peek at the most recent participant in the session
+ * @param sessionID
+ * @return
+ */
+ public String peek(String sessionID)
+ {
+ Stack<String> stack = sessionParticipantsMap.get(sessionID);
+ if(stack != null)
+ return stack.peek();
+ return "";
+ }
+
+ /**
+ * Remove the most recent participant in the session
+ * @param sessionID
+ * @return
+ */
+ public String pop(String sessionID)
+ {
+ String result = null;
+ Stack<String> stack = sessionParticipantsMap.get(sessionID);
+ if(stack != null)
+ {
+ result = stack.pop();
+ }
+ return result;
+ }
+
+ /**
+ * Register a participant in a session
+ * @param sessionID
+ * @param participant
+ */
+ public void register(String sessionID, String participant)
+ {
+ Stack<String> stack = sessionParticipantsMap.get(sessionID);
+ if(stack.contains(participant) == false)
+ stack.push(participant);
+ }
+
+ /**
+ * For a given identity session, return the number of participants
+ * @param sessionID
+ * @return
+ */
+ public int getParticipants(String sessionID)
+ {
+ Stack<String> stack = sessionParticipantsMap.get(sessionID);
+ if(stack != null)
+ return stack.size();
+
+ return 0;
+ }
+
+ /**
+ * Register a participant as in transit in a logout interaction
+ * @param sessionID
+ * @param participant
+ * @return
+ */
+ public boolean registerTransitParticipant(String sessionID, String participant)
+ {
+ Set<String> transitSet = inTransitMap.get(sessionID);
+ if(transitSet != null)
+ return transitSet.add(participant);
+ return false;
+ }
+
+ /**
+ * Deregister a participant as in transit in a logout interaction
+ * @param sessionID
+ * @param participant
+ * @return
+ */
+ public boolean deRegisterTransitParticipant(String sessionID, String participant)
+ {
+ Set<String> transitSet = inTransitMap.get(sessionID);
+ if(transitSet != null)
+ return transitSet.remove(participant);
+ return false;
+ }
+
+ /**
+ * Return the number of participants in transit
+ * @param sessionID
+ * @return
+ */
+ public int getNumOfParticipantsInTransit(String sessionID)
+ {
+ Set<String> transitSet = inTransitMap.get(sessionID);
+ if(transitSet != null)
+ return transitSet.size();
+ return 0;
+ }
+
+ /**
+ * The total number of sessions active
+ * @return
+ */
+ public int totalSessions()
+ {
+ return sessionParticipantsMap.keySet().size();
+ }
+
+ private void put(String id)
+ {
+ sessionParticipantsMap.put(id, new Stack<String>());
+ inTransitMap.put(id, new HashSet<String>());
+ }
+
+ private void remove(String id)
+ {
+ sessionParticipantsMap.remove(id);
+ inTransitMap.remove(id);
+ }
+ }
+
+
+ /**
+ * Return a reference to the internal stack
+ * @return
+ */
+ public STACK stack()
+ {
+ return stack;
+ }
+
+
+ /**
+ * @see HttpSessionListener#sessionCreated(HttpSessionEvent)
+ */
+ public void sessionCreated(HttpSessionEvent sessionEvent)
+ {
+ String id = sessionEvent.getSession().getId();
+ stack.put(id);
+ }
+
+ /**
+ * @see HttpSessionListener#sessionDestroyed(HttpSessionEvent)
+ */
+ public void sessionDestroyed(HttpSessionEvent sessionEvent)
+ {
+ stack.remove(sessionEvent.getSession().getId());
+ }
+}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -34,6 +34,7 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -49,6 +50,8 @@
import javax.xml.bind.JAXBException;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
@@ -57,7 +60,9 @@
import org.jboss.identity.federation.core.config.SPType;
import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.handler.config.Handlers;
+import org.jboss.identity.federation.core.interfaces.ProtocolContext;
import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyProcessingException;
@@ -67,17 +72,32 @@
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChain;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.HANDLER_TYPE;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.HandlerUtil;
import org.jboss.identity.federation.core.util.XMLSignatureUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
-import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.saml.v2.protocol.StatusType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
import org.jboss.identity.federation.web.interfaces.IRoleValidator;
import org.jboss.identity.federation.web.roles.DefaultRoleValidator;
import org.jboss.identity.federation.web.util.ConfigurationUtil;
@@ -86,6 +106,8 @@
import org.xml.sax.SAXException;
/**
+ * A service provider filter for web container agnostic
+ * providers
* @author Anil.Saldhana(a)redhat.com
* @since Aug 21, 2009
*/
@@ -94,9 +116,6 @@
private static Logger log = Logger.getLogger(SPFilter.class);
private boolean trace = log.isTraceEnabled();
- public static final String PRINCIPAL_ID = "jboss_identity.principal";
- public static final String ROLES_ID = "jboss_identity.roles";
-
protected SPType spConfiguration = null;
protected String configFile = "/WEB-INF/jboss-idfed.xml";
@@ -106,7 +125,10 @@
private TrustKeyManager keyManager;
private ServletContext context = null;
+ private transient SAML2HandlerChain chain = null;
+ protected boolean ignoreSignatures = false;
+
private IRoleValidator roleValidator = new DefaultRoleValidator();
public void destroy()
@@ -121,13 +143,17 @@
HttpServletResponse response = (HttpServletResponse) servletResponse;
boolean postMethod = "POST".equalsIgnoreCase(request.getMethod());
- Principal userPrincipal = null;
+
+ HttpSession session = request.getSession();
- HttpSession session = request.getSession();
+ Principal userPrincipal = (Principal)
session.getAttribute(GeneralConstants.PRINCIPAL_ID);;
+
+ String samlRequest = request.getParameter("SAMLRequest");
+ String samlResponse = request.getParameter("SAMLResponse");
+
if(!postMethod)
{
- //Check if we are already authenticated
- userPrincipal = (Principal) session.getAttribute(PRINCIPAL_ID);
+ //Check if we are already authenticated
if(userPrincipal != null)
{
filterChain.doFilter(servletRequest, servletResponse);
@@ -139,7 +165,8 @@
{
String relayState = null;
try
- {
+ {
+ //TODO: use the handlers to generate the request
AuthnRequestType authnRequest = createSAMLRequest(serviceURL,
identityURL);
sendRequestToIDP(authnRequest, relayState, response);
}
@@ -152,8 +179,68 @@
}
else
{
+ if(!isNotNull(samlRequest) && !isNotNull(samlResponse))
+ {
+ //Neither saml request nor response from IDP
+ //So this is a user request
+
+ //Ask the handler chain to generate the saml request
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context);
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), null,
+ HANDLER_TYPE.SP);
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+
+ saml2HandlerResponse.setDestination(identityURL);
+
+ //Reset the state
+ try
+ {
+ for(SAML2Handler handler: handlers)
+ {
+ handler.reset();
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
+ handler.generateSAMLRequest(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
+ catch(ProcessingException pe)
+ {
+ throw new RuntimeException(pe);
+ }
+ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
+ String relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
+ try
+ {
+ this.sendToDestination(samlResponseDocument, relayState, destination,
response);
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Exception:",e);
+ throw new ServletException("Server Error");
+ }
+ return;
+ }
+ }
+
//See if we got a response from IDP
- String samlResponse = request.getParameter("SAMLResponse");
if(samlResponse != null && samlResponse.length() > 0 )
{
boolean isValid = false;
@@ -176,8 +263,55 @@
{
SAML2Response saml2Response = new SAML2Response();
- ResponseType responseType = saml2Response.getResponseType(is);
+ SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is);
+ Set<SAML2Handler> handlers = chain.handlers();
+ IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context);
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ holder.getIssuer(), samlObject,
+ HANDLER_TYPE.SP);
+
+ Map<String,Object> requestOptions = new
HashMap<String,Object>();
+ requestOptions.put(GeneralConstants.CONFIGURATION, this.spConfiguration);
+ saml2HandlerRequest.setOptions(requestOptions);
+
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+
+ //Deal with handler chains
+ for(SAML2Handler handler : handlers)
+ {
+ if(saml2HandlerResponse.isInError())
+ {
+ response.sendError(saml2HandlerResponse.getErrorCode());
+ break;
+ }
+ if(samlObject instanceof RequestAbstractType)
+ {
+ handler.handleRequestType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ else
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
+
+ Document samlResponseDocument =
saml2HandlerResponse.getResultingDocument();
+ String relayState = saml2HandlerResponse.getRelayState();
+
+ String destination = saml2HandlerResponse.getDestination();
+
+
+ if(destination != null &&
+ samlResponseDocument != null)
+ {
+ this.sendToDestination(samlResponseDocument, relayState, destination,
response);
+ return;
+ }
+ /*ResponseType responseType = saml2Response.getResponseType(is);
+
SAMLDocumentHolder samlDocumentHolder =
saml2Response.getSamlDocumentHolder();
boolean validSignature = this.verifySignature(samlDocumentHolder);
@@ -199,25 +333,19 @@
userPrincipal = handleSAMLResponse(request, responseType);
if(userPrincipal == null)
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);*/
filterChain.doFilter(request, servletResponse);
}
- catch (ParsingException e)
+ catch (Exception e)
{
if(trace)
- log.trace("Parsing Exception:", e);
- throw new ServletException("Parsing Exception");
- }
- catch (ConfigurationException e)
+ log.trace("Server Exception:", e);
+ throw new ServletException("Server Exception");
+ }
+ /*catch (IssuerNotTrustedException e)
{
if(trace)
- log.trace("ConfigurationException:", e);
- throw new ServletException("Config Exception");
- }
- catch (IssuerNotTrustedException e)
- {
- if(trace)
log.trace("IssuerNotTrustedException:", e);
throw new ServletException("Issuer Not Trusted Exception");
}
@@ -226,7 +354,7 @@
if(trace)
log.trace("AssertionExpiredException:", e);
throw new ServletException("Assertion expired Exception");
- }
+ } */
}
}
@@ -250,30 +378,53 @@
{
throw new RuntimeException(e);
}
- KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
- if(keyProvider == null)
- throw new RuntimeException("KeyProvider is null");
+
+ //Get the chain from config
+ chain = new DefaultSAML2HandlerChain();
try
{
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- String keyManagerClassName = keyProvider.getClassName();
- if(keyManagerClassName == null)
- throw new RuntimeException("KeyManager class name is null");
-
- Class<?> clazz = tcl.loadClass(keyManagerClassName);
- this.keyManager = (TrustKeyManager) clazz.newInstance();
- keyManager.setAuthProperties(keyProvider.getAuth());
- keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ //Get the handlers
+ Handlers handlers =
ConfigurationUtil.getHandlers(context.getResourceAsStream("/WEB-INF/jbid-handlers.xml"));
+ chain.addAll(HandlerUtil.getHandlers(handlers));
}
catch(Exception e)
{
- log.error("Exception reading configuration:",e);
- throw new RuntimeException(e.getLocalizedMessage());
+ throw new RuntimeException(e);
}
- log.trace("Key Provider=" + keyProvider.getClassName());
+ String ignoreSigString =
filterConfig.getInitParameter(GeneralConstants.IGNORE_SIGNATURES);
+ if(ignoreSigString != null && !"".equals(ignoreSigString))
+ {
+ this.ignoreSignatures = Boolean.parseBoolean(ignoreSigString);
+ }
+
+ if(ignoreSignatures == false)
+ {
+ KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
+ if(keyProvider == null)
+ throw new RuntimeException("KeyProvider is null");
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ String keyManagerClassName = keyProvider.getClassName();
+ if(keyManagerClassName == null)
+ throw new RuntimeException("KeyManager class name is null");
+
+ Class<?> clazz = tcl.loadClass(keyManagerClassName);
+ this.keyManager = (TrustKeyManager) clazz.newInstance();
+ keyManager.setAuthProperties(keyProvider.getAuth());
+ keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ }
+ catch(Exception e)
+ {
+ log.error("Exception reading configuration:",e);
+ throw new RuntimeException(e.getLocalizedMessage());
+ }
+ log.trace("Key Provider=" + keyProvider.getClassName());
+ }
+
//Get the Role Validator if configured
- String roleValidatorName =
filterConfig.getInitParameter("ROLE_VALIDATOR");
+ String roleValidatorName =
filterConfig.getInitParameter(GeneralConstants.ROLE_VALIDATOR);
if(roleValidatorName != null && !"".equals(roleValidatorName))
{
try
@@ -288,7 +439,7 @@
}
Map<String,String> options = new HashMap<String, String>();
- String roles = filterConfig.getInitParameter("ROLES");
+ String roles = filterConfig.getInitParameter(GeneralConstants.ROLES);
if(trace)
log.trace("Found Roles in SPFilter config="+roles);
if(roles != null)
@@ -331,6 +482,28 @@
response, true);
}
+ protected void sendToDestination(Document samlDocument, String relayState,
+ String destination,
+ HttpServletResponse response)
+ throws IOException, SAXException, JAXBException,GeneralSecurityException
+ {
+ String samlMessage;
+ try
+ {
+ samlMessage =
PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage,
relayState),
+ response, true);
+ }
+
protected boolean validate(HttpServletRequest request) throws IOException,
GeneralSecurityException
{
return request.getParameter("SAMLResponse") != null;
@@ -477,4 +650,9 @@
}
return principal;
}
+
+ private boolean isNotNull(String str)
+ {
+ return str != null && !"".equals(str);
+ }
}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/BaseSAML2Handler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/BaseSAML2Handler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/BaseSAML2Handler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.web.core.HTTPContext;
+
+/**
+ * Base Class for SAML2 handlers
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public abstract class BaseSAML2Handler implements SAML2Handler
+{
+ protected Map<String, Object> options;
+
+ /**
+ * Initialize the handler
+ * @param options
+ */
+ public void init(Map<String, Object> options)
+ {
+ this.options = options;
+ }
+
+
+ public static HttpServletRequest getHttpRequest(SAML2HandlerRequest request)
+ {
+ HTTPContext context = (HTTPContext) request.getContext();
+ return context.getRequest();
+ }
+
+ public static HttpSession getHttpSession(SAML2HandlerRequest request)
+ {
+ HTTPContext context = (HTTPContext) request.getContext();
+ return context.getRequest().getSession(false);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/RolesGenerationHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/RolesGenerationHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/RolesGenerationHandler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpSession;
+
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.interfaces.RoleGenerator;
+import org.jboss.identity.federation.web.roles.DefaultRoleGenerator;
+
+/**
+ * Handles the generation of roles
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public class RolesGenerationHandler extends BaseSAML2Handler
+{
+ private transient RoleGenerator rg = new DefaultRoleGenerator();
+
+ @Override
+ public void init(Map<String, Object> options)
+ {
+ super.init(options);
+ if(options.containsKey("ROLE_GENERATOR"))
+ {
+ String clazzName = (String) options.get(GeneralConstants.ROLE_GENERATOR);
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ try
+ {
+ rg = (RoleGenerator) tcl.loadClass(clazzName).newInstance();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Unable to instantiate Role
Generator:",e);
+ }
+
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public void handleRequestType(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+ //Do not handle log out request interaction
+ if(request.getSAML2Object() instanceof LogoutRequestType)
+ return ;
+
+ //only handle IDP side
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.SP)
+ return;
+
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ HttpSession session = httpContext.getRequest().getSession(false);
+
+ Principal userPrincipal = (Principal)
session.getAttribute(GeneralConstants.PRINCIPAL_ID);
+ List<String> roles = (List<String>)
session.getAttribute(GeneralConstants.ROLES_ID);
+
+ if(roles == null)
+ {
+ RoleGenerator rg = (RoleGenerator)
request.getOptions().get(GeneralConstants.ROLE_GENERATOR);
+ roles = rg.generateRoles(userPrincipal);
+ session.setAttribute(GeneralConstants.ROLES_ID, roles);
+ }
+ response.setRoles(roles);
+ }
+
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ }
+
+ public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ return;
+ }
+
+ public void reset() throws ProcessingException
+ {
+ // TODO Auto-generated method stub
+
+ }
+}
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,380 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.io.StringWriter;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.saml.v2.util.StatementUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.interfaces.IRoleValidator;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+/**
+ * Handles for dealing with SAML2 Authentication
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 8, 2009
+ */
+public class SAML2AuthenticationHandler extends BaseSAML2Handler
+{
+ private static Logger log = Logger.getLogger(SAML2AuthenticationHandler.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private IDPAuthenticationHandler idp = new IDPAuthenticationHandler();
+ private SPAuthenticationHandler sp = new SPAuthenticationHandler();
+
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
+ {
+ if(request.getSAML2Object() instanceof AuthnRequestType == false)
+ return ;
+
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.handleRequestType(request, response);
+ }
+ else
+ {
+ sp.handleRequestType(request, response);
+ }
+ }
+
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ if(request.getSAML2Object() instanceof ResponseType == false)
+ return ;
+
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.handleStatusResponseType(request, response);
+ }
+ else
+ {
+ sp.handleStatusResponseType(request, response);
+ }
+ }
+
+ public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ if(GENERATE_REQUEST_TYPE.AUTH != request.getTypeOfRequestToBeGenerated())
+ return;
+
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.generateSAMLRequest(request, response);
+ }
+ else
+ {
+ sp.generateSAMLRequest(request, response);
+ }
+ }
+
+ private class IDPAuthenticationHandler
+ {
+ public void generateSAMLRequest(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+
+ }
+
+
+ public void handleStatusResponseType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ }
+
+ @SuppressWarnings("unchecked")
+ public void handleRequestType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ AuthnRequestType art = (AuthnRequestType) request.getSAML2Object();
+ HttpSession session = BaseSAML2Handler.getHttpSession(request);
+ Principal userPrincipal = (Principal)
session.getAttribute(GeneralConstants.PRINCIPAL_ID);
+ List<String> roles = (List<String>)
session.getAttribute(GeneralConstants.ROLES_ID);
+ try
+ {
+ Map<String,Object> attribs = (Map<String, Object>)
request.getOptions().get(GeneralConstants.ATTRIBUTES);
+ long assertionValidity = (Long)
request.getOptions().get(GeneralConstants.ASSERTIONS_VALIDITY);
+ String destination = art.getAssertionConsumerServiceURL();
+ Document samlResponse = this.getResponse(destination,
+ userPrincipal, roles, request.getIssuer().getValue(),
+ attribs,
+ assertionValidity);
+
+ response.setDestination(destination);
+ response.setResultingDocument(samlResponse);
+ }
+ catch(Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+
+ public Document getResponse( String assertionConsumerURL,
+ Principal userPrincipal,
+ List<String> roles,
+ String identityURL,
+ Map<String, Object> attribs,
+ long assertionValidity)
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ Document samlResponseDocument = null;
+
+ if(trace)
+ log.trace("AssertionConsumerURL=" + assertionConsumerURL +
+ "::assertion validity=" + assertionValidity);
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(userPrincipal.getName());
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(assertionConsumerURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+ //Add information on the roles
+ AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+
+ AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+
+ //Add timed conditions
+ saml2Response.createTimedConditions(assertion, assertionValidity);
+
+ //Add in the attributes information
+ if(attribs != null)
+ {
+ AttributeStatementType attStatement =
StatementUtil.createAttributeStatement(attribs);
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attStatement);
+ }
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+ try
+ {
+ samlResponseDocument = saml2Response.convert(responseType);
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace(e);
+ }
+ return samlResponseDocument;
+ }
+ }
+
+ private class SPAuthenticationHandler
+ {
+ public void generateSAMLRequest(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+ String issuerValue = request.getIssuer().getValue();
+
+ SAML2Request samlRequest = new SAML2Request();
+ String id = IDGenerator.create("ID_");
+ try
+ {
+ AuthnRequestType authn = samlRequest.createAuthnRequestType(id,
+ issuerValue, response.getDestination(), issuerValue);
+
+ response.setResultingDocument(samlRequest.convert(authn));
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+
+ public void handleStatusResponseType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ ResponseType responseType = (ResponseType) request.getSAML2Object();
+ List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
+ Object assertion = assertions.get(0);
+ if(assertion instanceof EncryptedElementType)
+ {
+ responseType = this.decryptAssertion(responseType);
+ }
+
+ Principal userPrincipal = handleSAMLResponse(responseType);
+ if(userPrincipal == null)
+ {
+ response.setError(403, "User Principal not determined:
Forbidden");
+ }
+ else
+ {
+ //add it to the session
+ HttpSession session = httpContext.getRequest().getSession(false);
+ session.setAttribute(GeneralConstants.PRINCIPAL_ID, userPrincipal);
+ }
+ }
+
+ public void handleRequestType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ }
+
+ private ResponseType decryptAssertion(ResponseType responseType)
+ {
+ throw new RuntimeException("This authenticator does not handle
encryption");
+ }
+
+ private Principal handleSAMLResponse(ResponseType responseType)
+ throws ProcessingException
+ {
+ if(responseType == null)
+ throw new IllegalArgumentException("response type is null");
+
+ StatusType statusType = responseType.getStatus();
+ if(statusType == null)
+ throw new IllegalArgumentException("Status Type from the IDP is
null");
+
+ String statusValue = statusType.getStatusCode().getValue();
+ if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
+ throw new SecurityException("IDP forbid the user");
+
+ List<Object> assertions =
responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
+ AssertionType assertion = (AssertionType)assertions.get(0);
+ //Check for validity of assertion
+ boolean expiredAssertion;
+ try
+ {
+ expiredAssertion = AssertionUtil.hasExpired(assertion);
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException(e);
+ }
+ if(expiredAssertion)
+ {
+ throw new ProcessingException("Assertion has expired");
+ }
+
+ SubjectType subject = assertion.getSubject();
+ JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>)
subject.getContent().get(0);
+ NameIDType nameID = jnameID.getValue();
+ final String userName = nameID.getValue();
+ List<String> roles = new ArrayList<String>();
+
+ //Let us get the roles
+ AttributeStatementType attributeStatement = (AttributeStatementType)
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
+ List<Object> attList =
attributeStatement.getAttributeOrEncryptedAttribute();
+ for(Object obj:attList)
+ {
+ AttributeType attr = (AttributeType) obj;
+ String roleName = (String) attr.getAttributeValue().get(0);
+ roles.add(roleName);
+ }
+
+ Principal principal = new Principal()
+ {
+ public String getName()
+ {
+ return userName;
+ }
+ };
+
+ //Validate the roles
+ IRoleValidator roleValidator = (IRoleValidator)
options.get(GeneralConstants.ROLE_VALIDATOR);
+ boolean validRole = roleValidator.userInRole(principal, roles);
+ if(!validRole)
+ {
+ if(trace)
+ log.trace("Invalid role:" + roles);
+ principal = null;
+ }
+ return principal;
+ }
+ }
+
+ public void reset() throws ProcessingException
+ {
+ // TODO Auto-generated method stub
+
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,218 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.StringTokenizer;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.config.IDPType;
+import org.jboss.identity.federation.core.config.SPType;
+import org.jboss.identity.federation.core.config.TrustType;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+
+/**
+ * Handles Issuer trust
+ * <p>Trust decisions are based on the url of the issuer of the
+ * saml request/response sent to the handler chain</p>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 8, 2009
+ */
+public class SAML2IssuerTrustHandler extends BaseSAML2Handler
+{
+ private static Logger log = Logger.getLogger(SAML2IssuerTrustHandler.class);
+ private boolean trace = log.isTraceEnabled();
+ private IDPTrustHandler idp = new IDPTrustHandler();
+ private SPTrustHandler sp = new SPTrustHandler();
+
+ public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ //Nothing to do here
+ }
+
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
+ {
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.handleRequestType(request, response);
+ }
+ else
+ {
+ sp.handleRequestType(request, response);
+ }
+ }
+
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.handleStatusResponseType(request, response);
+ }
+ else
+ {
+ sp.handleStatusResponseType(request, response);
+ }
+ }
+
+ public void reset() throws ProcessingException
+ {
+ }
+
+ private class IDPTrustHandler
+ {
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
+ {
+ IDPType idpConfiguration = (IDPType)
request.getOptions().get(GeneralConstants.CONFIGURATION);
+ String issuer = request.getIssuer().getValue();
+
+ trustIssuer(idpConfiguration, issuer);
+ }
+
+
+ public void handleStatusResponseType(SAML2HandlerRequest request,
SAML2HandlerResponse response)
+ throws ProcessingException
+ {
+ IDPType idpConfiguration = (IDPType)
request.getOptions().get(GeneralConstants.CONFIGURATION);
+ String issuer = request.getIssuer().getValue();
+
+ trustIssuer(idpConfiguration, issuer);
+ }
+
+
+ private void trustIssuer(IDPType idpConfiguration, String issuer) throws
ProcessingException
+ {
+ if(idpConfiguration == null)
+ throw new IllegalStateException("IDP Configuration is null");
+ try
+ {
+ String issuerDomain = getDomain(issuer);
+ TrustType idpTrust = idpConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(trace)
+ log.trace("Domains that IDP trusts="+domainsTrusted + "
and issuer domain="+issuerDomain);
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted,
",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ if(trace)
+ log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ if(trace)
+ log.trace("Matched " + uriBit + " trust for
" + issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(new
IssuerNotTrustedException(e.getLocalizedMessage(),e));
+ }
+ }
+ }
+
+ private class SPTrustHandler
+ {
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
+ {
+ SPType spConfiguration = (SPType)
request.getOptions().get(GeneralConstants.CONFIGURATION);
+ String issuer = request.getIssuer().getValue();
+
+ trustIssuer(spConfiguration, issuer);
+ }
+
+ public void handleStatusResponseType(SAML2HandlerRequest request,
SAML2HandlerResponse response)
+ throws ProcessingException
+ {
+ SPType spConfiguration = (SPType)
request.getOptions().get(GeneralConstants.CONFIGURATION);
+ String issuer = request.getIssuer().getValue();
+
+ trustIssuer(spConfiguration, issuer);
+ }
+
+ private void trustIssuer(SPType spConfiguration, String issuer) throws
ProcessingException
+ {
+ if(spConfiguration == null)
+ throw new IllegalStateException("SP Configuration is null");
+ try
+ {
+ String issuerDomain = getDomain(issuer);
+ TrustType spTrust = spConfiguration.getTrust();
+ if(spTrust != null)
+ {
+ String domainsTrusted = spTrust.getDomains();
+ if(trace)
+ log.trace("Domains that SP trusts="+domainsTrusted + "
and issuer domain="+issuerDomain);
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted,
",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ if(trace)
+ log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ if(trace)
+ log.trace("Matched " + uriBit + " trust for
" + issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(new
IssuerNotTrustedException(e.getLocalizedMessage(),e));
+ }
+ }
+ }
+
+ /**
+ * Given a SP or IDP issuer from the assertion, return the host
+ * @param domainURL
+ * @return
+ * @throws IOException
+ */
+ private static String getDomain(String domainURL) throws IOException
+ {
+ URL url = new URL(domainURL);
+ return url.getHost();
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,462 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.io.IOException;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ObjectFactory;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusCodeType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusType;
+import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.core.IdentityServer;
+import org.xml.sax.SAXException;
+
+/**
+ * SAML2 LogOut Profile
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Sep 17, 2009
+ */
+public class SAML2LogOutHandler extends BaseSAML2Handler
+{
+ private static Logger log = Logger.getLogger(SAML2LogOutHandler.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private IDPLogOutHandler idp = new IDPLogOutHandler();
+ private SPLogOutHandler sp = new SPLogOutHandler();
+
+ private ObjectFactory objectFactory = new ObjectFactory();
+
+ /**
+ * @see SAML2Handler#generateSAMLRequest(SAML2HandlerRequest, SAML2HandlerResponse)
+ */
+ public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ if(request.getTypeOfRequestToBeGenerated() == null)
+ {
+ if(trace)
+ {
+ log.trace("Request type to be generated=null");
+ }
+ return;
+ }
+ if(GENERATE_REQUEST_TYPE.LOGOUT != request.getTypeOfRequestToBeGenerated())
+ return;
+
+
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.generateSAMLRequest(request, response);
+ }
+ else
+ {
+ sp.generateSAMLRequest(request, response);
+ }
+ }
+
+ /**
+ * @see SAML2Handler#handleRequestType(RequestAbstractType)
+ */
+ public void handleRequestType(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+ if(request.getSAML2Object() instanceof LogoutRequestType == false)
+ return ;
+
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.handleRequestType(request, response);
+ }
+ else
+ {
+ sp.handleRequestType(request, response);
+ }
+ }
+
+ /**
+ * @see SAML2Handler#handleStatusResponseType(StatusResponseType,
+ Document resultingDocument)
+ */
+ public void handleStatusResponseType(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+ //we do not handle any ResponseType (authentication etc)
+ if(request.getSAML2Object() instanceof ResponseType)
+ return;
+
+ if(request.getSAML2Object() instanceof StatusResponseType == false)
+ return ;
+
+ if(request.getType() == SAML2HandlerRequest.HANDLER_TYPE.IDP)
+ {
+ idp.handleStatusResponseType(request, response);
+ }
+ else
+ {
+ sp.handleStatusResponseType(request, response);
+ }
+ }
+
+ private class IDPLogOutHandler
+ {
+ public void generateSAMLRequest(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+
+ }
+
+
+ public void handleStatusResponseType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ //we got a logout response from a SP
+ SAML2Object samlObject = request.getSAML2Object();
+ StatusResponseType statusResponseType = (StatusResponseType) samlObject;
+
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ HttpServletRequest httpRequest = httpContext.getRequest();
+ HttpSession httpSession = httpRequest.getSession(false);
+
+ String relayState = request.getRelayState();
+
+ ServletContext servletCtx = httpContext.getServletContext();
+ IdentityServer server =
(IdentityServer)servletCtx.getAttribute("IDENTITY_SERVER");
+
+ if(server == null)
+ throw new ProcessingException("Identity Server not found");
+
+ String sessionID = httpSession.getId();
+
+ String statusIssuer = statusResponseType.getIssuer().getValue();
+ server.stack().deRegisterTransitParticipant(sessionID, statusIssuer);
+
+ String nextParticipant = this.getParticipant(server, sessionID, relayState);
+ if(nextParticipant == null || nextParticipant.equals(relayState))
+ {
+ //we are done with logout
+
+ //TODO: check the in transit map for partial logouts
+
+ try
+ {
+ generateSuccessStatusResponseType(statusResponseType.getInResponseTo(),
+ request, response, relayState);
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+ else
+ {
+ //Put the participant in transit mode
+ server.stack().registerTransitParticipant(sessionID, nextParticipant);
+
+ //send logout request to participant with relaystate to orig
+ response.setRelayState(relayState);
+
+ response.setDestination(nextParticipant);
+
+ SAML2Request saml2Request = new SAML2Request();
+ try
+ {
+ LogoutRequestType lort =
saml2Request.createLogoutRequest(request.getIssuer().getValue());
+ response.setResultingDocument(saml2Request.convert(lort));
+ }
+ catch(Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+ }
+
+ public void handleRequestType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ HttpSession session = httpContext.getRequest().getSession(false);
+ String sessionID = session.getId();
+
+ String relayState =
httpContext.getRequest().getParameter("RelayState");
+
+ LogoutRequestType logOutRequest = (LogoutRequestType) request.getSAML2Object();
+ String issuer = logOutRequest.getIssuer().getValue();
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ SAML2Request saml2Request = new SAML2Request();
+
+ ServletContext servletCtx = httpContext.getServletContext();
+ IdentityServer server =
(IdentityServer)servletCtx.getAttribute("IDENTITY_SERVER");
+
+ if(server == null)
+ throw new ProcessingException("Identity Server not found");
+
+ String originalIssuer = (relayState == null) ? issuer : relayState;
+
+ String participant = this.getParticipant(server, sessionID, originalIssuer);
+
+ if(participant == null || participant.equals(originalIssuer))
+ {
+ //All log out is done
+ session.invalidate();
+ server.stack().pop(sessionID);
+
+ generateSuccessStatusResponseType(logOutRequest.getID(),
+ request, response, originalIssuer);
+ }
+ else
+ {
+ //Put the participant in transit mode
+ server.stack().registerTransitParticipant(sessionID, participant);
+
+ if(relayState == null)
+ relayState = originalIssuer;
+
+ //send logout request to participant with relaystate to orig
+ response.setRelayState(originalIssuer);
+
+ response.setDestination(participant);
+
+
+ LogoutRequestType lort =
saml2Request.createLogoutRequest(request.getIssuer().getValue());
+ response.setResultingDocument(saml2Request.convert(lort));
+ }
+ }
+ catch(ParserConfigurationException pe)
+ {
+ throw new ProcessingException(pe);
+ }
+ catch(ConfigurationException pe)
+ {
+ throw new ProcessingException(pe);
+ }
+ catch(JAXBException pe)
+ {
+ throw new ProcessingException(pe);
+ }
+ catch(IOException pe)
+ {
+ throw new ProcessingException(pe);
+ }
+ catch(SAXException pe)
+ {
+ throw new ProcessingException(pe);
+ }
+ return;
+ }
+
+
+ private void generateSuccessStatusResponseType(
+ String logOutRequestID,
+ SAML2HandlerRequest request,
+ SAML2HandlerResponse response,
+ String originalIssuer)
+ throws ConfigurationException, ParserConfigurationException,
ProcessingException
+ {
+ StatusResponseType statusResponse = objectFactory.createStatusResponseType();
+
+ //Status
+ StatusType statusType = objectFactory.createStatusType();
+ StatusCodeType statusCodeType = objectFactory.createStatusCodeType();
+ statusCodeType.setValue(JBossSAMLURIConstants.STATUS_RESPONDER.get());
+
+ //2nd level status code
+ StatusCodeType status2ndLevel = objectFactory.createStatusCodeType();
+ status2ndLevel.setValue(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+ statusCodeType.setStatusCode(status2ndLevel);
+
+ statusType.setStatusCode(statusCodeType);
+
+ statusResponse.setStatus(statusType);
+
+ statusResponse.setIssueInstant(XMLTimeUtil.getIssueInstant());
+ statusResponse.setInResponseTo(logOutRequestID);
+ statusResponse.setID(IDGenerator.create("ID_"));
+
+ statusResponse.setIssuer(request.getIssuer());
+
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ response.setResultingDocument(saml2Response.convert(statusResponse));
+ }
+ catch(JAXBException je)
+ {
+ throw new ProcessingException(je);
+ }
+
+ response.setDestination(originalIssuer);
+ }
+
+ private String getParticipant(IdentityServer server, String sessionID,
+ String originalRequestor)
+ {
+ int participants = server.stack().getParticipants(sessionID);
+
+ String participant = originalRequestor;
+ //Get a participant who is not equal to the original issuer of the logout
request
+ if(participants > 0)
+ {
+ do
+ {
+ participant = server.stack().pop(sessionID);
+ --participants;
+ }
+ while(participants > 0 && participant.equals(originalRequestor));
+ }
+
+ return participant;
+ }
+ }
+
+ private class SPLogOutHandler
+ {
+ public void generateSAMLRequest(SAML2HandlerRequest request,
+ SAML2HandlerResponse response) throws ProcessingException
+ {
+ //Generate the LogOut Request
+ SAML2Request samlRequest = new SAML2Request();
+ try
+ {
+ LogoutRequestType lot =
+ samlRequest.createLogoutRequest(request.getIssuer().getValue());
+ response.setResultingDocument(samlRequest.convert(lot));
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+
+ public void handleStatusResponseType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ //Handler a log out response from IDP
+ StatusResponseType statusResponseType = (StatusResponseType)
request.getSAML2Object();
+
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ HttpServletRequest servletRequest = httpContext.getRequest();
+ HttpSession session = servletRequest.getSession(false);
+
+ //TODO: Deal with partial logout report
+
+ StatusType statusType = statusResponseType.getStatus();
+ StatusCodeType statusCode = statusType.getStatusCode();
+ StatusCodeType secondLevelstatusCode = statusCode.getStatusCode();
+
if(secondLevelstatusCode.getValue().equals(JBossSAMLURIConstants.STATUS_SUCCESS.get()))
+ {
+ //we are successfully logged out
+ session.invalidate();
+ }
+ }
+
+ public void handleRequestType( SAML2HandlerRequest request,
+ SAML2HandlerResponse response ) throws ProcessingException
+ {
+ SAML2Object samlObject = request.getSAML2Object();
+ if(samlObject instanceof LogoutRequestType == false)
+ return;
+
+ LogoutRequestType logOutRequest = (LogoutRequestType) samlObject;
+ HTTPContext httpContext = (HTTPContext) request.getContext();
+ HttpServletRequest servletRequest = httpContext.getRequest();
+ HttpSession session = servletRequest.getSession(false);
+
+ String relayState = servletRequest.getParameter("RelayState");
+
+ session.invalidate(); //Invalidate the current session at the SP
+
+ //Generate a Logout Response
+ StatusResponseType statusResponse = objectFactory.createStatusResponseType();
+
+ //Status
+ StatusType statusType = objectFactory.createStatusType();
+ StatusCodeType statusCodeType = objectFactory.createStatusCodeType();
+ statusCodeType.setValue(JBossSAMLURIConstants.STATUS_RESPONDER.get());
+
+ //2nd level status code
+ StatusCodeType status2ndLevel = objectFactory.createStatusCodeType();
+ status2ndLevel.setValue(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+ statusCodeType.setStatusCode(status2ndLevel);
+
+ statusType.setStatusCode(statusCodeType);
+
+ statusResponse.setStatus(statusType);
+
+ try
+ {
+ statusResponse.setIssueInstant(XMLTimeUtil.getIssueInstant());
+ }
+ catch (ConfigurationException e)
+ {
+ throw new ProcessingException(e);
+ }
+ statusResponse.setInResponseTo(logOutRequest.getID());
+ statusResponse.setID(IDGenerator.create("ID_"));
+
+ statusResponse.setIssuer(request.getIssuer());
+
+ SAML2Response saml2Response = new SAML2Response();
+ try
+ {
+ response.setResultingDocument(saml2Response.convert(statusResponse));
+ }
+ catch(Exception je)
+ {
+ throw new ProcessingException(je);
+ }
+
+ response.setRelayState(relayState);
+ response.setDestination(logOutRequest.getIssuer().getValue());
+ }
+ }
+
+ public void reset() throws ProcessingException
+ {
+ // TODO Auto-generated method stub
+
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SecurityActions.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPOpenIDContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPOpenIDContext.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/openid/HTTPOpenIDContext.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -25,76 +25,33 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.jboss.identity.federation.web.core.HTTPContext;
+
/**
* HTTP Context for OpenID
* @author Anil.Saldhana(a)redhat.com
* @since Jul 6, 2009
*/
-public class HTTPOpenIDContext
-{
- private HttpServletRequest request;
- private HttpServletResponse response;
-
- private String returnURL;
- private ServletContext servletContext;
-
- public HTTPOpenIDContext()
- {
- }
-
+public class HTTPOpenIDContext extends HTTPContext
+{
+ private String returnURL;
+
public HTTPOpenIDContext(HttpServletRequest httpReq, HttpServletResponse httpResp,
ServletContext sctx)
{
- this.request = httpReq;
- this.response = httpResp;
- this.servletContext = sctx;
- }
-
-
- public HttpServletRequest getRequest()
- {
- return request;
- }
+ super(httpReq, httpResp, sctx);
+ }
- public HttpServletResponse getResponse()
- {
- return response;
- }
-
public String getReturnURL()
{
return returnURL;
- }
+ }
-
- public ServletContext getServletContext()
- {
- return servletContext;
- }
-
//Setters
- public HTTPOpenIDContext setRequest(HttpServletRequest req)
- {
- this.request = req;
- return this;
- }
-
- public HTTPOpenIDContext setResponse(HttpServletResponse resp)
- {
- this.response = resp;
- return this;
- }
-
public HTTPOpenIDContext setReturnURL(String url)
{
this.returnURL = url;
return this;
- }
-
- public HTTPOpenIDContext setServletContext(ServletContext sctx)
- {
- this.servletContext = sctx;
- return this;
- }
+ }
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPLoginServlet.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -34,6 +34,7 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
import org.jboss.identity.federation.web.handlers.DefaultLoginHandler;
import org.jboss.identity.federation.web.interfaces.ILoginHandler;
@@ -46,8 +47,6 @@
{
private static final long serialVersionUID = 1L;
private transient ServletContext context;
- private String USERNAME_FIELD = "JBID_USERNAME";
- private String PASS_FIELD = "JBID_PASSWORD";
private transient ILoginHandler loginHandler = null;
@Override
@@ -57,7 +56,7 @@
HttpSession session = request.getSession();
//Check if we are already authenticated
- Principal principal = (Principal) session.getAttribute(IDPServlet.PRINCIPAL_ID);
+ Principal principal = (Principal)
session.getAttribute(GeneralConstants.PRINCIPAL_ID);
if(principal != null)
{
this.saveRequest(request, session);
@@ -65,8 +64,8 @@
return;
}
- final String username = request.getParameter(USERNAME_FIELD);
- String passwd = request.getParameter(PASS_FIELD);
+ final String username = request.getParameter(GeneralConstants.USERNAME_FIELD);
+ String passwd = request.getParameter(GeneralConstants.PASS_FIELD);
if(username == null || passwd == null)
{
@@ -95,7 +94,7 @@
return;
}
- session.setAttribute(IDPServlet.PRINCIPAL_ID, new Principal()
+ session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal()
{
public String getName()
{
@@ -121,15 +120,7 @@
{
super.init(config);
this.context = config.getServletContext();
- //Users can customize the username and password fields of their html forms here
- String userNameField = config.getInitParameter("USERNAME_FIELD");
- if(userNameField != null && userNameField.length() > 0)
- USERNAME_FIELD = userNameField;
- String pwdField = config.getInitParameter("PASSWORD_FIELD");
- if(pwdField != null && pwdField.length() > 0)
- PASS_FIELD = pwdField;
-
String loginClass = config.getInitParameter("loginClass");
if(loginClass == null || loginClass.length() == 0)
loginClass = DefaultLoginHandler.class.getName();
@@ -145,6 +136,12 @@
}
}
+ public void testPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ this.doPost(request, response);
+ }
+
private void saveRequest(HttpServletRequest request, HttpSession session)
{
//Save the SAMLRequest and relayState
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -27,7 +27,10 @@
import java.security.Principal;
import java.security.PublicKey;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
@@ -43,16 +46,31 @@
import org.jboss.identity.federation.core.config.KeyProviderType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.handler.config.Handlers;
import org.jboss.identity.federation.core.impl.DelegatedAttributeManager;
import org.jboss.identity.federation.core.interfaces.AttributeManager;
+import org.jboss.identity.federation.core.interfaces.ProtocolContext;
import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChain;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.HANDLER_TYPE;
+import org.jboss.identity.federation.core.saml.v2.util.HandlerUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.web.roles.DefaultRoleGenerator;
import org.jboss.identity.federation.web.util.ConfigurationUtil;
@@ -70,10 +88,7 @@
private static final long serialVersionUID = 1L;
private static Logger log = Logger.getLogger(IDPServlet.class);
private boolean trace = log.isTraceEnabled();
-
- public static final String PRINCIPAL_ID = "jboss_identity.principal";
- public static final String ROLES_ID = "jboss_identity.roles";
-
+
protected transient IDPType idpConfiguration = null;
private transient RoleGenerator rg = new DefaultRoleGenerator();
@@ -93,6 +108,8 @@
private Boolean signOutgoingMessages = true;
private transient ServletContext context = null;
+
+ private transient SAML2HandlerChain chain = null;
public Boolean getIgnoreIncomingSignatures()
{
@@ -102,12 +119,17 @@
@Override
public void init(ServletConfig config) throws ServletException
{
+ Handlers handlers = null;
super.init(config);
String configFile = "/WEB-INF/jboss-idfed.xml";
context = config.getServletContext();
InputStream is = context.getResourceAsStream(configFile);
if(is == null)
throw new RuntimeException(configFile + " missing");
+
+ //Get the chain from config
+ chain = new DefaultSAML2HandlerChain();
+
try
{
idpConfiguration = ConfigurationUtil.getIDPConfiguration(is);
@@ -123,11 +145,22 @@
AttributeManager delegate = (AttributeManager)
tcl.loadClass(attributeManager).newInstance();
this.attribManager.setDelegate(delegate);
}
+
+ //Get the handlers
+ handlers =
ConfigurationUtil.getHandlers(context.getResourceAsStream("/WEB-INF/jbid-handlers.xml"));
+ chain.addAll(HandlerUtil.getHandlers(handlers));
}
catch (Exception e)
{
throw new RuntimeException(e);
}
+
+ //Handle the sign outgoing messages
+ String signOutgoingString =
config.getInitParameter(GeneralConstants.SIGN_OUTGOING_MESSAGES);
+ if(signOutgoingString != null && !"".equals(signOutgoingString))
+ this.signOutgoingMessages = Boolean.parseBoolean(signOutgoingString);
+
+
if(this.signOutgoingMessages)
{
KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
@@ -156,12 +189,12 @@
}
//handle the role generator
- String rgString = config.getInitParameter("ROLE_GENERATOR");
+ String rgString = config.getInitParameter(GeneralConstants.ROLE_GENERATOR);
if(rgString != null && !"".equals(rgString))
this.setRoleGenerator(rgString);
//Get a list of attributes we are interested in
- String attribList = config.getInitParameter("ATTRIBUTE_KEYS");
+ String attribList = config.getInitParameter(GeneralConstants.ATTRIBUTE_KEYS);
if(attribList != null && !"".equals(attribList))
{
StringTokenizer st = new StringTokenizer(attribList,",");
@@ -169,23 +202,24 @@
{
this.attributeKeys.add(st.nextToken());
}
- }
+ }
}
-
- @SuppressWarnings("unchecked")
+
+
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
{
//Some issue with filters and servlets
HttpSession session = request.getSession(false);
- String samlMessage = (String) session.getAttribute("SAMLRequest");
+ String samlRequestMessage = (String)
session.getAttribute("SAMLRequest");
+ String samlResponseMessage = (String)
session.getAttribute("SAMLResponse");
String relayState = (String) session.getAttribute("RelayState");
String referer = request.getHeader("Referer");
//See if the user has already been authenticated
- Principal userPrincipal = (Principal) session.getAttribute(PRINCIPAL_ID);
+ Principal userPrincipal = (Principal)
session.getAttribute(GeneralConstants.PRINCIPAL_ID);
if(userPrincipal == null)
{
@@ -193,9 +227,8 @@
if(trace)
log.trace("Login Filters have not been configured");
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
+ }
-
IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request,
idpConfiguration, keyManager);
webRequestUtil.setAttributeManager(this.attribManager);
@@ -206,52 +239,187 @@
if(trace)
{
log.trace("Retrieved saml message and relay state from session");
- log.trace("saml message=" + samlMessage + "::relay
state="+ relayState);
+ log.trace("saml Request message=" + samlRequestMessage +
"::relay state="+ relayState);
+ log.trace("saml Response message=" + samlResponseMessage +
"::relay state="+ relayState);
}
session.removeAttribute("SAMLRequest");
+ session.removeAttribute("SAMLResponse");
if(relayState != null && relayState.length() > 0)
session.removeAttribute("RelayState");
+
+ SAML2Object samlObject = null;
+ String destination = null;
+ Document samlResponse = null;
+
+ if(samlResponseMessage != null)
+ {
+ StatusResponseType statusResponseType = null;
+ try
+ {
+ samlObject = webRequestUtil.getSAMLObject(samlResponseMessage);
+
+ boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
+ boolean isValid = validate(request.getRemoteAddr(),
+ request.getQueryString(),
+ new SessionHolder(samlResponseMessage, null), isPost);
+
+ if(!isValid)
+ throw new GeneralSecurityException("Validation check
failed");
+ String issuer = null;
+ IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context);
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ idpIssuer.getIssuer(), samlObject,
+ HANDLER_TYPE.IDP);
+ saml2HandlerRequest.setRelayState(relayState);
+
+ Map<String, Object> requestOptions = new HashMap<String,
Object>();
+ requestOptions.put("ROLE_GENERATOR", rg);
+ saml2HandlerRequest.setOptions(requestOptions);
+
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ if(samlObject instanceof StatusResponseType)
+ {
+ statusResponseType = (StatusResponseType) samlObject;
+ issuer = statusResponseType.getIssuer().getValue();
+ webRequestUtil.isTrusted(issuer);
+
+ if(handlers != null)
+ {
+ for(SAML2Handler handler: handlers)
+ {
+ handler.handleStatusResponseType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
+ }
+ else
+ throw new RuntimeException("Unknown type:" +
samlObject.getClass().getName());
+
+ samlResponse = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ destination = saml2HandlerResponse.getDestination();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ }
+ else
//Send valid saml response after processing the request
- if(samlMessage != null)
+ if(samlRequestMessage != null)
{
//Get the SAML Request Message
- RequestAbstractType requestAbstractType = null;
- Document samlResponse = null;
- String destination = null;
+ RequestAbstractType requestAbstractType = null;
+ StatusResponseType statusResponseType = null;
+
try
{
- requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
+ samlObject = webRequestUtil.getSAMLObject(samlRequestMessage);
+
boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
boolean isValid = validate(request.getRemoteAddr(),
request.getQueryString(),
- new SessionHolder(samlMessage, null), isPost);
+ new SessionHolder(samlRequestMessage, null), isPost);
if(!isValid)
throw new GeneralSecurityException("Validation check
failed");
- webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
-
+ String issuer = null;
+ IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
+ ProtocolContext protocolContext = new HTTPContext(request,response,
context);
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest =
+ new DefaultSAML2HandlerRequest(protocolContext,
+ idpIssuer.getIssuer(), samlObject,
+ HANDLER_TYPE.IDP);
+ saml2HandlerRequest.setRelayState(relayState);
- List<String> roles = (List<String>)
session.getAttribute(ROLES_ID);
+ Map<String, Object> requestOptions = new HashMap<String,
Object>();
+ requestOptions.put(GeneralConstants.ROLE_GENERATOR, rg);
+ requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY,
this.assertionValidity);
+ requestOptions.put(GeneralConstants.CONFIGURATION,
this.idpConfiguration);
+ Map<String,Object> attribs =
this.attribManager.getAttributes(userPrincipal, attributeKeys);
+ requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
+
+ saml2HandlerRequest.setOptions(requestOptions);
+
+ List<String> roles = (List<String>)
session.getAttribute(GeneralConstants.ROLES_ID);
if(roles == null)
{
roles = rg.generateRoles(userPrincipal);
- session.setAttribute(ROLES_ID, roles);
+ session.setAttribute(GeneralConstants.ROLES_ID, roles);
}
+
+ SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
+
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ if(samlObject instanceof RequestAbstractType)
+ {
+ requestAbstractType = (RequestAbstractType) samlObject;
+ issuer = requestAbstractType.getIssuer().getValue();
+ webRequestUtil.isTrusted(issuer);
+ if(handlers != null)
+ {
+ for(SAML2Handler handler: handlers)
+ {
+ handler.handleRequestType(saml2HandlerRequest,
saml2HandlerResponse);
+ }
+ }
+ }
+ else
+ throw new RuntimeException("Unknown type:" +
samlObject.getClass().getName());
- if(trace)
- log.trace("Roles have been determined:Creating response");
+ samlResponse = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ destination = saml2HandlerResponse.getDestination();
+
+
+ //requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
+
+
+ /*//RequestAbstractType
+ if(requestAbstractType != null)
+ {
+ List<String> roles = (List<String>)
session.getAttribute(ROLES_ID);
+ if(roles == null)
+ {
+ roles = rg.generateRoles(userPrincipal);
+ session.setAttribute(ROLES_ID, roles);
+ }
+
+ if(trace)
+ log.trace("Roles have been determined:Creating
response");
+
+ if(requestAbstractType instanceof LogoutRequestType)
+ {
+ LogoutRequestType lot = (LogoutRequestType) requestAbstractType;
+
+ }
- AuthnRequestType art = (AuthnRequestType) requestAbstractType;
- destination = art.getAssertionConsumerServiceURL();
+ AuthnRequestType art = (AuthnRequestType) requestAbstractType;
+ destination = art.getAssertionConsumerServiceURL();
- samlResponse =
- webRequestUtil.getResponse(destination,
- userPrincipal, roles,
- this.identityURL, this.assertionValidity,
this.signOutgoingMessages);
+ samlResponse =
+ webRequestUtil.getResponse(destination,
+ userPrincipal, roles,
+ this.identityURL, this.assertionValidity,
this.signOutgoingMessages);
+ }
+ else
+ {
+ //status response type
+ }*/
}
catch (IssuerNotTrustedException e)
{
@@ -298,29 +466,7 @@
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL, this.signOutgoingMessages);
}
- finally
- {
- try
- {
- if(samlResponse == null)
- throw new ServletException("SAML Response has not been
generated");
-
- if(this.signOutgoingMessages)
- webRequestUtil.send(samlResponse, destination,relayState, response,
true,
- this.keyManager.getSigningKey());
- else
- webRequestUtil.send(samlResponse, destination, relayState, response,
false,null);
- }
- catch (ParsingException e)
- {
- if(trace) log.trace(e);
- }
- catch (GeneralSecurityException e)
- {
- if(trace) log.trace(e);
- }
- }
- return;
+
}
else
{
@@ -330,13 +476,36 @@
try
{
sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ return;
}
catch (ConfigurationException e)
{
if(trace) log.trace(e);
}
}
- }
+
+ try
+ {
+ if(samlResponse == null)
+ throw new ServletException("SAML Response has not been
generated");
+
+ if(this.signOutgoingMessages)
+ webRequestUtil.send(samlResponse, destination,relayState, response, true,
+ this.keyManager.getSigningKey());
+ else
+ webRequestUtil.send(samlResponse, destination, relayState, response,
false,null);
+ }
+ catch (ParsingException e)
+ {
+ if(trace) log.trace(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ if(trace) log.trace(e);
+ }
+
+ return;
+ }
}
protected void sendErrorResponseToSP(String referrer, HttpServletResponse response,
String relayState,
@@ -430,6 +599,11 @@
}
}
+ public void testPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
+ {
+ this.doPost(request, response);
+ }
+
private void setRoleGenerator(String rgName)
{
try
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/ConfigurationUtil.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -21,6 +21,7 @@
*/
package org.jboss.identity.federation.web.util;
+import java.io.IOException;
import java.io.InputStream;
import javax.xml.bind.JAXBElement;
@@ -31,53 +32,97 @@
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.core.config.IDPType;
import org.jboss.identity.federation.core.config.SPType;
+import org.jboss.identity.federation.core.handler.config.Handlers;
import org.xml.sax.SAXException;
/**
+ * Deals with Configuration
* @author Anil.Saldhana(a)redhat.com
* @since Aug 21, 2009
*/
public class ConfigurationUtil
{
+ /**
+ * Get the IDP Configuration
+ * from the passed configuration
+ * @param is
+ * @return
+ * @throws JAXBException
+ * @throws SAXException
+ * @throws IOException
+ */
@SuppressWarnings("unchecked")
- public static IDPType getIDPConfiguration(InputStream is) throws JAXBException,
SAXException
+ public static IDPType getIDPConfiguration(InputStream is) throws JAXBException,
SAXException, IOException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
String schema = "schema/config/jboss-identity-fed.xsd";
- String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
- boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
+ Unmarshaller un = getUnmarshaller(schema);
- String pkgName = "org.jboss.identity.federation.core.config";
- Unmarshaller un = null;
- if(validate)
- un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
- else
- un = JAXBUtil.getUnmarshaller(pkgName);
-
JAXBElement<IDPType> jaxbSp = (JAXBElement<IDPType>)
un.unmarshal(is);
return jaxbSp.getValue();
}
+
+ /**
+ * Get the SP Configuration from the
+ * passed inputstream
+ * @param is
+ * @return
+ * @throws JAXBException
+ * @throws SAXException
+ * @throws IOException
+ */
@SuppressWarnings("unchecked")
- public static SPType getSPConfiguration(InputStream is) throws JAXBException,
SAXException
+ public static SPType getSPConfiguration(InputStream is) throws JAXBException,
SAXException, IOException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
String schema = "schema/config/jboss-identity-fed.xsd";
+ Unmarshaller un = getUnmarshaller(schema);
+
+ JAXBElement<SPType> jaxbSp = (JAXBElement<SPType>) un.unmarshal(is);
+ return jaxbSp.getValue();
+ }
+
+ /**
+ * Get the Handlers from the configuration
+ * @param is
+ * @return
+ * @throws JAXBException
+ * @throws SAXException
+ * @throws IOException
+ */
+ @SuppressWarnings("unchecked")
+ public static Handlers getHandlers(InputStream is) throws JAXBException, SAXException,
IOException
+ {
+ if(is == null)
+ throw new IllegalArgumentException("inputstream is null");
+ String[] schemas = new String[] {
"schema/config/jboss-identity-fed.xsd",
+ "schema/config/jboss-identity-fed-handler.xsd"};
+
+ Unmarshaller un = getUnmarshaller(schemas);
+ JAXBElement<Handlers> handlers = (JAXBElement<Handlers>)
un.unmarshal(is);
+ return handlers.getValue();
+ }
+
+
+ private static Unmarshaller getUnmarshaller(String... schema) throws JAXBException,
SAXException, IOException
+ {
String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key,
"false"));
- String pkgName = "org.jboss.identity.federation.core.config";
+ String[] pkgName = new String[] { IDPType.class.getPackage().getName(),
+ Handlers.class.getPackage().getName()
+ } ;
+
Unmarshaller un = null;
if(validate)
un = JAXBUtil.getValidatingUnmarshaller(pkgName, schema);
else
un = JAXBUtil.getUnmarshaller(pkgName);
-
- JAXBElement<SPType> jaxbSp = (JAXBElement<SPType>) un.unmarshal(is);
- return jaxbSp.getValue();
+ return un;
}
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -59,6 +59,7 @@
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.StatementUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -113,6 +114,33 @@
return postProfile;
}
+ public SAML2Object getSAMLObject(String samlMessage)
+ throws ParsingException, IOException
+ {
+ InputStream is = null;
+ SAML2Request saml2Request = new SAML2Request();
+ if(redirectProfile)
+ {
+ is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ }
+ else
+ {
+ try
+ {
+ byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
+ if(trace) log.trace("SAMLRequest=" + new String(samlBytes));
+ is = new ByteArrayInputStream(samlBytes);
+ }
+ catch(Exception rte)
+ {
+ if(trace)
+ log.trace("Error in base64 decoding saml message: "+rte);
+ throw new ParsingException(rte);
+ }
+ }
+ return saml2Request.getSAML2ObjectFromStream(is);
+ }
+
public RequestAbstractType getSAMLRequest(String samlMessage)
throws ParsingException, IOException
{
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-10-08
11:39:28 UTC (rev 827)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -69,6 +69,9 @@
String destination = holder.getDestination();
String samlMessage = holder.getSamlMessage();
+ if(destination == null)
+ throw new IllegalStateException("Destination is null");
+
response.setContentType("text/html");
PrintWriter out = response.getWriter();
common(holder.getDestination(), response);
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockContextClassLoader.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockContextClassLoader.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockContextClassLoader.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+
+/**
+ * Mock TCL
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public class MockContextClassLoader extends URLClassLoader
+{
+ private String profile;
+
+ private ClassLoader delegate;
+
+ public MockContextClassLoader(URL[] urls)
+ {
+ super(urls);
+ }
+
+ public void setDelegate(ClassLoader tcl)
+ {
+ this.delegate = tcl;
+ }
+
+ public void setProfile(String profile)
+ {
+ this.profile = profile;
+ }
+
+ @Override
+ public InputStream getResourceAsStream(String name)
+ {
+ if(profile == null)
+ throw new RuntimeException("null profile");
+ return delegate.getResourceAsStream(profile + "/" + name);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterChain.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterChain.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterChain.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ * Mock Filter Chain
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 8, 2009
+ */
+public class MockFilterChain implements FilterChain
+{
+ public void doFilter(ServletRequest arg0, ServletResponse arg1) throws IOException,
ServletException
+ {
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockFilterConfig.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,70 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
+/**
+ * Mock Filter Config
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 8, 2009
+ */
+public class MockFilterConfig implements FilterConfig
+{
+ private Map<String,String> params = new HashMap<String,String>();
+ private ServletContext context = null;
+
+ public MockFilterConfig(ServletContext ctx)
+ {
+ this.context = ctx;
+ }
+
+ public void addInitParameter(String key, String val)
+ {
+ params.put(key, val);
+ }
+
+ public String getFilterName()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String getInitParameter(String arg0)
+ {
+ return params.get(arg0);
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public ServletContext getServletContext()
+ {
+ return context;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletRequest.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletRequest.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletRequest.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,395 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+/**
+ * Mock Http Servlet Request
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+@SuppressWarnings("unchecked")
+public class MockHttpServletRequest implements HttpServletRequest
+{
+ private HttpSession session = null;
+ protected Map headers = new HashMap();
+ protected Map parameters = new HashMap();
+ protected Map attribs = new HashMap();
+
+ private String methodType;
+
+ public MockHttpServletRequest(HttpSession session, String methodType)
+ {
+ this.session = session;
+ this.methodType = methodType;
+ }
+
+ public void addHeader(String key, String value)
+ {
+ headers.put(key, value);
+ }
+ public void addParameter(String key, String value)
+ {
+ parameters.put(key, value);
+ }
+
+ public String getAuthType()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getContextPath()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Cookie[] getCookies()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public long getDateHeader(String arg0)
+ {
+ return 0;
+ }
+
+ public String getHeader(String arg0)
+ {
+ return (String) headers.get(arg0);
+ }
+
+ public Enumeration getHeaderNames()
+ {
+ return new Enumeration()
+ {
+ private Iterator iter = headers.entrySet().iterator();
+
+ public boolean hasMoreElements()
+ {
+ return iter.hasNext();
+ }
+
+ public Object nextElement()
+ {
+ Entry<String,String> entry = (Entry<String, String>)
iter.next();
+ return entry.getValue();
+ }
+ };
+ }
+
+ public Enumeration getHeaders(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public int getIntHeader(String arg0)
+ {
+ return 0;
+ }
+
+ public String getMethod()
+ {
+ return this.methodType;
+ }
+
+ public String getPathInfo()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getPathTranslated()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getQueryString()
+ {
+ if("POST".equalsIgnoreCase(this.methodType))
+ return null;
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getRemoteUser()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getRequestURI()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public StringBuffer getRequestURL()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getRequestedSessionId()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getServletPath()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public HttpSession getSession()
+ {
+ return session;
+ }
+
+ public HttpSession getSession(boolean arg0)
+ {
+ return getSession();
+ }
+
+ public Principal getUserPrincipal()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public boolean isRequestedSessionIdFromCookie()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl()
+ {
+
+ return false;
+ }
+
+ public boolean isRequestedSessionIdValid()
+ {
+
+ return false;
+ }
+
+ public boolean isUserInRole(String arg0)
+ {
+
+ return false;
+ }
+
+ public Object getAttribute(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public Enumeration getAttributeNames()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getCharacterEncoding()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public int getContentLength()
+ {
+
+ return 0;
+ }
+
+ public String getContentType()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public ServletInputStream getInputStream() throws IOException
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getLocalAddr()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getLocalName()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public int getLocalPort()
+ {
+
+ return 0;
+ }
+
+ public Locale getLocale()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public Enumeration getLocales()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getParameter(String arg0)
+ {
+ return (String) this.parameters.get(arg0);
+ }
+
+ public Map getParameterMap()
+ {
+ return this.parameters;
+ }
+
+ public Enumeration getParameterNames()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String[] getParameterValues(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getProtocol()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public BufferedReader getReader() throws IOException
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getRealPath(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getRemoteAddr()
+ {
+ return (String) headers.get("Referer");
+ }
+
+ public String getRemoteHost()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public int getRemotePort()
+ {
+
+ return 0;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getScheme()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getServerName()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public int getServerPort()
+ {
+
+ return 0;
+ }
+
+ public boolean isSecure()
+ {
+
+ return false;
+ }
+
+ public void removeAttribute(String arg0)
+ {
+
+
+ }
+
+ public void setAttribute(String arg0, Object arg1)
+ {
+ this.attribs.put(arg0, arg1);
+ }
+
+ public void setCharacterEncoding(String arg0) throws UnsupportedEncodingException
+ {
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpServletResponse.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,246 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Mock Servlet Response
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public class MockHttpServletResponse implements HttpServletResponse
+{
+ private PrintWriter printWriter;
+
+ public void setOutputStream(final OutputStream os)
+ {
+ this.outputStream = new ServletOutputStream()
+ {
+ @Override
+ public void write(int b) throws IOException
+ {
+ os.write(b);
+ }
+ };
+ }
+
+ public void setWriter(PrintWriter pw)
+ {
+ this.printWriter = pw;
+ }
+
+ private int errorCode;
+ private ServletOutputStream outputStream;
+
+ public void addCookie(Cookie arg0)
+ {
+ }
+
+ public void addDateHeader(String arg0, long arg1)
+ {
+ }
+
+ public void addHeader(String arg0, String arg1)
+ {
+ }
+
+ public void addIntHeader(String arg0, int arg1)
+ {
+ }
+
+ public boolean containsHeader(String arg0)
+ {
+ return false;
+ }
+
+ public String encodeRedirectURL(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String encodeRedirectUrl(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String encodeURL(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String encodeUrl(String arg0)
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public int getError()
+ {
+ return this.errorCode;
+ }
+
+ public void sendError(int arg0) throws IOException
+ {
+ this.errorCode = arg0;
+ }
+
+ public void sendError(int arg0, String arg1) throws IOException
+ {
+ sendError(arg0);
+ }
+
+ public void sendRedirect(String arg0) throws IOException
+ {
+
+
+ }
+
+ public void setDateHeader(String arg0, long arg1)
+ {
+
+
+ }
+
+ public void setHeader(String arg0, String arg1)
+ {
+
+
+ }
+
+ public void setIntHeader(String arg0, int arg1)
+ {
+
+
+ }
+
+ public void setStatus(int arg0)
+ {
+
+
+ }
+
+ public void setStatus(int arg0, String arg1)
+ {
+
+
+ }
+
+ public void flushBuffer() throws IOException
+ {
+
+
+ }
+
+ public int getBufferSize()
+ {
+
+ return 0;
+ }
+
+ public String getCharacterEncoding()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public String getContentType()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public Locale getLocale()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public ServletOutputStream getOutputStream() throws IOException
+ {
+ return this.outputStream;
+ }
+
+ public PrintWriter getWriter() throws IOException
+ {
+ return this.printWriter;
+ }
+
+ public boolean isCommitted()
+ {
+
+ return false;
+ }
+
+ public void reset()
+ {
+
+
+ }
+
+ public void resetBuffer()
+ {
+
+
+ }
+
+ public void setBufferSize(int arg0)
+ {
+
+
+ }
+
+ public void setCharacterEncoding(String arg0)
+ {
+
+
+ }
+
+ public void setContentLength(int arg0)
+ {
+
+
+ }
+
+ public void setContentType(String arg0)
+ {
+
+
+ }
+
+ public void setLocale(Locale arg0)
+ {
+
+
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpSession.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpSession.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockHttpSession.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,153 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.UUID;
+import java.util.Map.Entry;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionContext;
+
+/**
+ * Mock HttpSession
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public class MockHttpSession implements HttpSession
+{
+ private boolean valid = true;
+
+ private Map<String,Object> attribs = new HashMap<String,Object>();
+
+ private String id = UUID.randomUUID().toString();
+
+ public boolean isInvalidated()
+ {
+ return valid == false;
+ }
+
+ public Object getAttribute(String arg0)
+ {
+ return attribs.get(arg0);
+ }
+
+ public Enumeration getAttributeNames()
+ {
+ return new Enumeration()
+ {
+ private Iterator iter = attribs.entrySet().iterator();
+
+ public boolean hasMoreElements()
+ {
+ return iter.hasNext();
+ }
+
+ public Object nextElement()
+ {
+ Entry<String,Object> entry = (Entry<String, Object>)
iter.next();
+ return entry.getValue();
+ }
+ };
+ }
+
+ public long getCreationTime()
+ {
+
+ return 0;
+ }
+
+ public String getId()
+ {
+ return id;
+ }
+
+ public long getLastAccessedTime()
+ {
+
+ return 0;
+ }
+
+ public int getMaxInactiveInterval()
+ {
+
+ return 0;
+ }
+
+ public ServletContext getServletContext()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public HttpSessionContext getSessionContext()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+ public Object getValue(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String[] getValueNames()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public void invalidate()
+ {
+ this.valid = false;
+ }
+
+ public boolean isNew()
+ {
+ return false;
+ }
+
+ public void putValue(String arg0, Object arg1)
+ {
+ }
+
+ public void removeAttribute(String arg0)
+ {
+ this.attribs.remove(arg0);
+ }
+
+ public void removeValue(String arg0)
+ {
+ }
+
+ public void setAttribute(String arg0, Object arg1)
+ {
+ this.attribs.put(arg0, arg1);
+ }
+
+ public void setMaxInactiveInterval(int arg0)
+ {
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletConfig.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletConfig.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletConfig.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+
+/**
+ * Mock Servlet Config
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+@SuppressWarnings("unchecked")
+public class MockServletConfig implements ServletConfig
+{
+ private ServletContext context;
+
+ private Map<String,String> params = new HashMap<String,String>();
+
+ public MockServletConfig(ServletContext context)
+ {
+ this.context = context;
+ }
+
+ public void addInitParameter(String key, String value)
+ {
+ params.put(key, value);
+ }
+
+ public String getInitParameter(String arg0)
+ {
+ return params.get(arg0);
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+ return new Enumeration()
+ {
+ private Iterator iter = params.entrySet().iterator();
+
+ public boolean hasMoreElements()
+ {
+ return iter.hasNext();
+ }
+
+ public Object nextElement()
+ {
+ Entry<String,String> entry = (Entry<String, String>)
iter.next();
+ return entry.getValue();
+ }
+ };
+ }
+
+ public ServletContext getServletContext()
+ {
+ return this.context;
+ }
+
+ public String getServletName()
+ {
+
+ throw new RuntimeException("NYI");
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletContext.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/mock/MockServletContext.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,212 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.mock;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.Map.Entry;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.Servlet;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ * Mock Servlet Context
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+@SuppressWarnings("unchecked")
+public class MockServletContext implements ServletContext
+{
+ private Map params = new HashMap();
+ private Map attribs = new HashMap();
+
+ public Object getAttribute(String arg0)
+ {
+ return attribs.get(arg0);
+ }
+
+ public Enumeration getAttributeNames()
+ {
+ return new Enumeration()
+ {
+ private Iterator iter = attribs.entrySet().iterator();
+
+ public boolean hasMoreElements()
+ {
+ return iter.hasNext();
+ }
+
+ public Object nextElement()
+ {
+ Entry<String,Object> entry = (Entry<String, Object>)
iter.next();
+ return entry.getValue();
+ }
+ };
+ }
+
+ public ServletContext getContext(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String getContextPath()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String getInitParameter(String arg0)
+ {
+ return (String) params.get(arg0);
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+ return new Enumeration()
+ {
+ private Iterator iter = params.entrySet().iterator();
+
+ public boolean hasMoreElements()
+ {
+ return iter.hasNext();
+ }
+
+ public Object nextElement()
+ {
+ Entry<String,Object> entry = (Entry<String, Object>)
iter.next();
+ return entry.getKey();
+ }
+ };
+ }
+
+ public int getMajorVersion()
+ {
+ return 0;
+ }
+
+ public String getMimeType(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public int getMinorVersion()
+ {
+ return 0;
+ }
+
+ public RequestDispatcher getNamedDispatcher(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String getRealPath(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public RequestDispatcher getRequestDispatcher(String arg0)
+ {
+ return new RequestDispatcher()
+ {
+
+ public void include(ServletRequest arg0, ServletResponse arg1) throws
ServletException, IOException
+ {
+ }
+
+ public void forward(ServletRequest arg0, ServletResponse arg1) throws
ServletException, IOException
+ {
+ }
+ };
+ }
+
+ public URL getResource(String arg0) throws MalformedURLException
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public InputStream getResourceAsStream(String arg0)
+ {
+ return Thread.currentThread().getContextClassLoader().getResourceAsStream(arg0);
+ }
+
+ public Set getResourcePaths(String arg0)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String getServerInfo()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Servlet getServlet(String arg0) throws ServletException
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public String getServletContextName()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Enumeration getServletNames()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Enumeration getServlets()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public void log(String arg0)
+ {
+ }
+
+ public void log(Exception arg0, String arg1)
+ {
+ }
+
+ public void log(String arg0, Throwable arg1)
+ {
+ }
+
+ public void removeAttribute(String arg0)
+ {
+ this.attribs.remove(arg0);
+ }
+
+ public void setAttribute(String arg0, Object arg1)
+ {
+ this.attribs.put(arg0, arg1);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,250 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.workflow.saml2;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.net.URL;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionEvent;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.saml.v2.SAML2Object;
+import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.IdentityServer;
+import org.jboss.identity.federation.web.filters.SPFilter;
+import org.jboss.identity.federation.web.servlets.IDPServlet;
+import org.jboss.test.identity.federation.web.mock.MockContextClassLoader;
+import org.jboss.test.identity.federation.web.mock.MockFilterChain;
+import org.jboss.test.identity.federation.web.mock.MockFilterConfig;
+import org.jboss.test.identity.federation.web.mock.MockHttpServletRequest;
+import org.jboss.test.identity.federation.web.mock.MockHttpServletResponse;
+import org.jboss.test.identity.federation.web.mock.MockHttpSession;
+import org.jboss.test.identity.federation.web.mock.MockServletConfig;
+import org.jboss.test.identity.federation.web.mock.MockServletContext;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * Unit test the SAML2 Logout workflow
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 7, 2009
+ */
+public class SAML2LogoutWorkflowUnitTestCase extends TestCase
+{
+ private String profile = "saml2/logout";
+ private ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+
+ public void testSPFilterLogOutRequestGeneration() throws Exception
+ {
+
+ }
+
+ public void testSAML2LogOutFromIDPServlet() throws Exception
+ {
+ MockHttpSession session = new MockHttpSession();
+
+ MockContextClassLoader mclIDP = setupTCL(profile + "/idp");
+ Thread.currentThread().setContextClassLoader(mclIDP);
+
+ ServletContext servletContext = new MockServletContext();
+ IdentityServer server = this.getIdentityServer(session);
+ servletContext.setAttribute("IDENTITY_SERVER", server);
+ MockServletConfig servletConfig = new MockServletConfig(servletContext);
+
+ IDPServlet idp = new IDPServlet();
+ //No signing outgoing messages
+ servletConfig.addInitParameter(GeneralConstants.SIGN_OUTGOING_MESSAGES,
"false");
+
+ //Initialize the servlet
+ idp.init(servletConfig);
+
+ //Assume that we already have the principal and roles set in the session
+ session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal()
+ {
+ public String getName()
+ {
+ return "anil";
+ }
+ });
+ List<String> rolesList = new ArrayList<String>();
+ rolesList.add("manager");
+ session.setAttribute(GeneralConstants.ROLES_ID, rolesList);
+
+ MockHttpServletRequest request = new MockHttpServletRequest(session,
"POST");
+ request.addHeader("Referer", "http://localhost:8080/sales/");
+
+ String samlMessage =
Base64.encodeBytes(createLogOutRequest("http://localhost:8080/sales/").getBytes());
+ session.setAttribute("SAMLRequest", samlMessage);
+
+ MockHttpServletResponse response = new MockHttpServletResponse();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ response.setWriter(new PrintWriter(baos));
+
+ // The IDP is preloaded with 2 participants :
"http://localhost:8080/sales/"
+ // and "http://localhost:8080/employee"
+
+ //Lets start the workflow with post
+ idp.testPost(request, response);
+
+ String idpResponse = new String(baos.toByteArray());
+ assertNotNull(idpResponse);
+
+ Document htmlResponse = DocumentUtil.getDocument(idpResponse);
+ assertNotNull(htmlResponse);
+ NodeList nodes = htmlResponse.getElementsByTagName("INPUT");
+ Element inputElement = (Element)nodes.item(0);
+ String logoutOrigResponse =
inputElement.getAttributeNode("VALUE").getValue();
+
+ String relayState = null;
+ if(nodes.getLength() > 1)
+ relayState =
((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ String logoutResponse = new String(Base64.decode(logoutOrigResponse));
+ System.out.println(logoutResponse);
+
+ SAML2Request samlRequest = new SAML2Request();
+ ByteArrayInputStream bis = new ByteArrayInputStream(logoutResponse.getBytes());
+ SAML2Object samlObject = samlRequest.getSAML2ObjectFromStream(bis);
+ assertTrue(samlObject instanceof LogoutRequestType);
+
+ //Let us feed the LogOutRequest to the SPFilter
+ MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
+ Thread.currentThread().setContextClassLoader(mclSPEmp);
+ SPFilter spEmpl = new SPFilter();
+ MockFilterConfig filterConfig = new MockFilterConfig(servletContext);
+ filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES,
"true");
+
+ spEmpl.init(filterConfig);
+
+ MockHttpSession filterSession = new MockHttpSession();
+ MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession,
"POST");
+ filterRequest.addParameter("SAMLResponse", logoutOrigResponse);
+ filterRequest.addParameter("RelayState", relayState);
+
+ MockHttpServletResponse filterResponse = new MockHttpServletResponse();
+ ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
+ filterResponse.setWriter(new PrintWriter(filterbaos));
+
+ spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain());
+ String spResponse = new String(filterbaos.toByteArray());
+ Document spHTMLResponse = DocumentUtil.getDocument(spResponse);
+ nodes = spHTMLResponse.getElementsByTagName("INPUT");
+ inputElement = (Element)nodes.item(0);
+ logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();
+ relayState = null;
+ if(nodes.getLength() > 1)
+ relayState =
((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ //Now the SP (employee app) has logged out and sending a status response to IDP
+ Thread.currentThread().setContextClassLoader(mclIDP);
+ session.setAttribute("SAMLResponse", logoutOrigResponse);
+ session.setAttribute("RelayState", relayState);
+
+ idp.testPost(request, response);
+
+ idpResponse = new String(filterbaos.toByteArray());
+ assertNotNull(idpResponse);
+
+ htmlResponse = DocumentUtil.getDocument(idpResponse);
+ assertNotNull(htmlResponse);
+ nodes = htmlResponse.getElementsByTagName("INPUT");
+ inputElement = (Element)nodes.item(0);
+ logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();
+
+ relayState = null;
+ if(nodes.getLength() > 1)
+ relayState =
((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ //Now we should have got a full success report from IDP
+ MockContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee");
+ Thread.currentThread().setContextClassLoader(mclSPSales);
+ SPFilter spSales = new SPFilter();
+
+ spSales.init(filterConfig);
+
+ filterRequest.addParameter("SAMLResponse", logoutOrigResponse);
+ filterRequest.addParameter("RelayState", relayState);
+
+ spSales.doFilter(filterRequest, filterResponse, new MockFilterChain());
+
+ spResponse = new String(filterbaos.toByteArray());
+
+ assertEquals(0, server.stack().getParticipants(session.getId()));
+ assertEquals(0, server.stack().getNumOfParticipantsInTransit(session.getId()));
+
+ spHTMLResponse = DocumentUtil.getDocument(spResponse);
+ nodes = spHTMLResponse.getElementsByTagName("INPUT");
+ inputElement = (Element)nodes.item(0);
+ logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();
+ relayState = null;
+ if(nodes.getLength() > 1)
+ relayState =
((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ //Finally the session should be invalidated
+ assertTrue(filterSession.isInvalidated());
+ }
+
+ private MockContextClassLoader setupTCL(String resource)
+ {
+ URL[] urls = new URL[] {tcl.getResource(resource)};
+
+ MockContextClassLoader mcl = new MockContextClassLoader(urls);
+ mcl.setDelegate(tcl);
+ mcl.setProfile(resource);
+ return mcl;
+ }
+
+ private String createLogOutRequest(String url) throws Exception
+ {
+ SAML2Request samlRequest = new SAML2Request();
+ LogoutRequestType lot =
+ samlRequest.createLogoutRequest(url);
+ StringWriter sw = new StringWriter();
+ samlRequest.marshall(lot, sw);
+ return sw.toString();
+ }
+
+ //Get the Identity server with 2 participants
+ private IdentityServer getIdentityServer(HttpSession session)
+ {
+ IdentityServer server = new IdentityServer();
+ server.sessionCreated(new HttpSessionEvent(session));
+
+ server.stack().register(session.getId(),
"http://localhost:8080/sales/");
+ server.stack().register(session.getId(),
"http://localhost:8080/employee/");
+ return server;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/workflow/saml2/SAML2PostWorkflowUnitTestCase.java 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,186 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.workflow.saml2;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintWriter;
+import java.net.URL;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionEvent;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.IdentityServer;
+import org.jboss.identity.federation.web.filters.SPFilter;
+import org.jboss.identity.federation.web.servlets.IDPLoginServlet;
+import org.jboss.identity.federation.web.servlets.IDPServlet;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.test.identity.federation.web.mock.MockContextClassLoader;
+import org.jboss.test.identity.federation.web.mock.MockFilterChain;
+import org.jboss.test.identity.federation.web.mock.MockFilterConfig;
+import org.jboss.test.identity.federation.web.mock.MockHttpServletRequest;
+import org.jboss.test.identity.federation.web.mock.MockHttpServletResponse;
+import org.jboss.test.identity.federation.web.mock.MockHttpSession;
+import org.jboss.test.identity.federation.web.mock.MockServletConfig;
+import org.jboss.test.identity.federation.web.mock.MockServletContext;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * Unit test the workflow for SAML2 Post Binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 8, 2009
+ */
+public class SAML2PostWorkflowUnitTestCase extends TestCase
+{
+ private String profile = "saml2/post";
+ private ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+
+ private String employee = "http://localhost:8080/employee/";
+ private String identity = "http://localhost:8080/idp/";
+
+ public void testAuthForIDPServletAndSPFilter() throws Exception
+ {
+ String id = IDGenerator.create("ID_");
+ SAML2Request saml2Request = new SAML2Request();
+ AuthnRequestType art = saml2Request.createAuthnRequestType(id,
+ employee, identity, employee);
+
+ ServletContext servletContext = new MockServletContext();
+
+ //First we go to the employee application
+ MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
+ Thread.currentThread().setContextClassLoader(mclSPEmp);
+ SPFilter spEmpl = new SPFilter();
+ MockFilterConfig filterConfig = new MockFilterConfig(servletContext);
+ filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES,
"true");
+
+ spEmpl.init(filterConfig);
+
+ MockHttpSession filterSession = new MockHttpSession();
+ MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession,
"POST");
+
+ MockHttpServletResponse filterResponse = new MockHttpServletResponse();
+ ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
+ filterResponse.setWriter(new PrintWriter(filterbaos));
+
+ spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain());
+ String spResponse = new String(filterbaos.toByteArray());
+ Document spHTMLResponse = DocumentUtil.getDocument(spResponse);
+ NodeList nodes = spHTMLResponse.getElementsByTagName("INPUT");
+ Element inputElement = (Element)nodes.item(0);
+ String idpResponse = inputElement.getAttributeNode("VALUE").getValue();
+ @SuppressWarnings("unused")
+ String relayState = null;
+ if(nodes.getLength() > 1)
+ relayState =
((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ //Lets call the IDPServlet
+
+ MockHttpSession session = new MockHttpSession();
+ servletContext = new MockServletContext();
+ IdentityServer server = this.getIdentityServer(session);
+ servletContext.setAttribute("IDENTITY_SERVER", server);
+ MockServletConfig servletConfig = new MockServletConfig(servletContext);
+
+ MockContextClassLoader mclIDP = setupTCL(profile + "/idp");
+ Thread.currentThread().setContextClassLoader(mclIDP);
+
+ MockHttpServletRequest request = new MockHttpServletRequest(session,
"POST");
+ request.addHeader("Referer",
"http://localhost:8080/employee/");
+
+ request.addParameter(GeneralConstants.USERNAME_FIELD, "anil");
+ request.addParameter(GeneralConstants.PASS_FIELD, "anil");
+
+
+ MockHttpServletResponse response = new MockHttpServletResponse();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ response.setWriter(new PrintWriter(baos));
+
+ IDPLoginServlet login = new IDPLoginServlet();
+ login.init(servletConfig);
+
+ String samlAuth = DocumentUtil.getDocumentAsString(saml2Request.convert(art));
+
+ String samlMessage = Base64.encodeBytes(samlAuth.getBytes());
+ session.setAttribute("SAMLRequest", samlMessage);
+
+ login.testPost(request, response);
+
+ IDPServlet idp = new IDPServlet();
+ //No signing outgoing messages
+ servletConfig.addInitParameter(GeneralConstants.SIGN_OUTGOING_MESSAGES,
"false");
+
+ //Initialize the servlet
+ idp.init(servletConfig);
+
+ //Lets start the workflow with post
+ idp.testPost(request, response);
+
+ String idpResponseString = new String(baos.toByteArray());
+ Document idpHTMLResponse = DocumentUtil.getDocument(idpResponseString);
+ nodes = idpHTMLResponse.getElementsByTagName("INPUT");
+ inputElement = (Element)nodes.item(0);
+ idpResponse = inputElement.getAttributeNode("VALUE").getValue();
+ relayState = null;
+ if(nodes.getLength() > 1)
+ relayState =
((Element)nodes.item(1)).getAttributeNode("VALUE").getValue();
+
+ byte[] samlIDPResponse = PostBindingUtil.base64Decode(idpResponse);
+
+ SAML2Response saml2Response = new SAML2Response();
+ ResponseType rt = saml2Response.getResponseType(new
ByteArrayInputStream(samlIDPResponse));
+
+ assertEquals("Match Identity URL:" , this.identity,
rt.getIssuer().getValue());
+ }
+
+ private MockContextClassLoader setupTCL(String resource)
+ {
+ URL[] urls = new URL[] {tcl.getResource(resource)};
+
+ MockContextClassLoader mcl = new MockContextClassLoader(urls);
+ mcl.setDelegate(tcl);
+ mcl.setProfile(resource);
+ return mcl;
+ }
+
+
+ //Get the Identity server
+ private IdentityServer getIdentityServer(HttpSession session)
+ {
+ IdentityServer server = new IdentityServer();
+ server.sessionCreated(new HttpSessionEvent(session));
+ return server;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jbid-handlers.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,4 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.RolesGenerationHandler"/>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/WEB-INF/jboss-idfed.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,5 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0"
+ AttributeManager="">
+<IdentityURL>http://localhost:8080/idp/</IdentityURL>
+
+</JBossIDP>
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/roles.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/idp/roles.properties 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1 @@
+manager=manager
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jbid-handlers.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,3 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/WEB-INF/jboss-idfed.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,6 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
+ AttributeManager="">
+<IdentityURL>http://localhost:8080/idp/</IdentityURL>
+<ServiceURL>http://localhost:8080/employee/</ServiceURL>
+
+</JBossSP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/roles.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/employee/roles.properties 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1 @@
+manager=manager
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jbid-handlers.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,3 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/WEB-INF/jboss-idfed.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,6 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
+ AttributeManager="">
+<IdentityURL>http://localhost:8080/idp/</IdentityURL>
+<ServiceURL>http://localhost:8080/sales/</ServiceURL>
+
+</JBossSP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/roles.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/logout/sp/sales/roles.properties 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1 @@
+manager=manager
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jbid-handlers.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,5 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/WEB-INF/jboss-idfed.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,5 @@
+<JBossIDP xmlns="urn:jboss:identity-federation:config:1.0"
+ AttributeManager="">
+<IdentityURL>http://localhost:8080/idp/</IdentityURL>
+
+</JBossIDP>
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/roles.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/roles.properties 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,2 @@
+manager=manager
+anil=manager,sales,employee
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/users.properties
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/users.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/idp/users.properties 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1 @@
+anil=anil
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jbid-handlers.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jbid-handlers.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jbid-handlers.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,5 @@
+<Handlers xmlns="urn:jboss:identity-federation:handler:config:1.0">
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
+ <Handler
class="org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
+</Handlers>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jboss-idfed.xml
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jboss-idfed.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/WEB-INF/jboss-idfed.xml 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1,6 @@
+<JBossSP xmlns="urn:jboss:identity-federation:config:1.0"
+ AttributeManager="">
+<IdentityURL>http://localhost:8080/idp/</IdentityURL>
+<ServiceURL>http://localhost:8080/employee/</ServiceURL>
+
+</JBossSP>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/roles.properties
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/roles.properties
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/resources/saml2/post/sp/employee/roles.properties 2009-10-09
18:44:57 UTC (rev 828)
@@ -0,0 +1 @@
+manager=manager
\ No newline at end of file