September 2010 - picketlink-commits

Picketlink SVN: r402 - federation/branches/Branch_1_x/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-09-17 12:36:07 -0400 (Fri, 17 Sep 2010) New Revision: 402 Modified: federation/branches/Branch_1_x/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java Log: PLFED-98: missing query param Modified: federation/branches/Branch_1_x/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java =================================================================== --- federation/branches/Branch_1_x/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java 2010-09-17 16:34:44 UTC (rev 401) +++ federation/branches/Branch_1_x/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java 2010-09-17 16:36:07 UTC (rev 402) @@ -63,6 +63,11 @@ .getRequest(); StringBuffer returnUrl = httpRequest.getRequestURL(); + + //PLFED-98: missing query parameters + String queryString = httpRequest.getQueryString(); + if( queryString != null && queryString.length() > 0 ) + returnUrl.append( "?" ).append( queryString ); ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component .getInstance(ExternalAuthenticator.class);

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r401 - federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-09-17 12:34:44 -0400 (Fri, 17 Sep 2010) New Revision: 401 Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java Log: PLFED-98: missing query param Modified: federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java =================================================================== --- federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java 2010-09-17 16:25:11 UTC (rev 400) +++ federation/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/PagesSupportingExternalAuthentication.java 2010-09-17 16:34:44 UTC (rev 401) @@ -63,6 +63,11 @@ .getRequest(); StringBuffer returnUrl = httpRequest.getRequestURL(); + + //PLFED-98: missing query parameters + String queryString = httpRequest.getQueryString(); + if( queryString != null && queryString.length() > 0 ) + returnUrl.append( "?" ).append( queryString ); ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component .getInstance(ExternalAuthenticator.class);

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r400 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-09-17 12:25:11 -0400 (Fri, 17 Sep 2010) New Revision: 400 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java Log: PLFED-89: additional Tomcat AuthenticatorBase signature change Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2010-09-17 16:24:50 UTC (rev 399) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2010-09-17 16:25:11 UTC (rev 400) @@ -31,11 +31,14 @@ import java.util.concurrent.locks.ReentrantLock; import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletResponse; import javax.xml.crypto.dsig.CanonicalizationMethod; import org.apache.catalina.LifecycleException; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.deploy.LoginConfig; import org.apache.log4j.Logger; import org.picketlink.identity.federation.core.config.SPType; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; @@ -117,6 +120,25 @@ return request.getParameter("SAMLResponse") != null; } + /** + * Authenticate the request + * @param request + * @param response + * @param config + * @return + * @throws IOException + * @throws {@link RuntimeException} when the response is not of type catalina response object + */ + public boolean authenticate( Request request, HttpServletResponse response, LoginConfig config) throws IOException + { + if( response instanceof Response ) + { + Response catalinaResponse = (Response) response; + return authenticate(request, catalinaResponse, config); + } + throw new RuntimeException( "Response was not of type catalina response" ); + } + @Override public void start() throws LifecycleException {

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r399 - federation/branches/Branch_1_x/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-09-17 12:24:50 -0400 (Fri, 17 Sep 2010) New Revision: 399 Modified: federation/branches/Branch_1_x/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java Log: PLFED-89: additional Tomcat AuthenticatorBase signature change Modified: federation/branches/Branch_1_x/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/branches/Branch_1_x/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2010-09-15 22:50:04 UTC (rev 398) +++ federation/branches/Branch_1_x/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2010-09-17 16:24:50 UTC (rev 399) @@ -31,11 +31,14 @@ import java.util.concurrent.locks.ReentrantLock; import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletResponse; import javax.xml.crypto.dsig.CanonicalizationMethod; import org.apache.catalina.LifecycleException; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.deploy.LoginConfig; import org.apache.log4j.Logger; import org.picketlink.identity.federation.core.config.SPType; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; @@ -117,6 +120,25 @@ return request.getParameter("SAMLResponse") != null; } + /** + * Authenticate the request + * @param request + * @param response + * @param config + * @return + * @throws IOException + * @throws {@link RuntimeException} when the response is not of type catalina response object + */ + public boolean authenticate( Request request, HttpServletResponse response, LoginConfig config) throws IOException + { + if( response instanceof Response ) + { + Response catalinaResponse = (Response) response; + return authenticate(request, catalinaResponse, config); + } + throw new RuntimeException( "Response was not of type catalina response" ); + } + @Override public void start() throws LifecycleException {

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r398 - in federation/branches/Branch_1_x: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2010-09-15 18:50:04 -0400 (Wed, 15 Sep 2010) New Revision: 398 Modified: federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java Log: Added missing javadocs Modified: federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java =================================================================== --- federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java 2010-09-15 00:35:42 UTC (rev 397) +++ federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java 2010-09-15 22:50:04 UTC (rev 398) @@ -163,7 +163,7 @@ log.trace("Calling STS at " + this.endpointURL); Element assertionElement = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); SamlCredential credential = new SamlCredential(assertionElement); - this.principal = new SAMLPrincipal(this.getPrincipalFromAssertion(assertionElement), credential); + this.principal = new SAMLPrincipal(this.getAssertionSubjectName(assertionElement), credential); } catch (WSTrustException we) { @@ -241,7 +241,15 @@ return new Group[] {callerPrincipal}; } - private String getPrincipalFromAssertion(Element assertionElement) + /** + * + * Obtains the subject name of the specified SAML assertion. + * + * + * @param assertionElement the assertion {@code Element}. + * @return the name of the assertion subject. + */ + private String getAssertionSubjectName(Element assertionElement) { try { Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java 2010-09-15 00:35:42 UTC (rev 397) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java 2010-09-15 22:50:04 UTC (rev 398) @@ -1,3 +1,20 @@ +/* + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. + */ package org.picketlink.identity.federation.core.wstrust; import java.io.Serializable; @@ -3,4 +20,11 @@ import java.security.Principal; +/** + * + * A {@code Principal} implementation that encloses a {@code SamlCredential}. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ public class SAMLPrincipal implements Principal, Serializable {

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r397 - in federation/branches/Branch_1_x: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2010-09-14 20:35:42 -0400 (Tue, 14 Sep 2010) New Revision: 397 Added: federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java Modified: federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java Log: PLFED-56: Added SAML2STSIssuingLoginModule that can be used to exchange the incoming username/pw for a SAML assertion. In this case, authentication of the client is delegated to the STS. Added: federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java =================================================================== --- federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSIssuingLoginModule.java 2010-09-15 00:35:42 UTC (rev 397) @@ -0,0 +1,292 @@ +/* + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. + */ +package org.picketlink.identity.federation.bindings.jboss.auth; + +import java.security.Principal; +import java.security.acl.Group; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.LoginException; +import javax.xml.bind.JAXBElement; + +import org.jboss.security.auth.spi.AbstractServerLoginModule; +import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkGroup; +import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; +import org.picketlink.identity.federation.core.wstrust.SAMLPrincipal; +import org.picketlink.identity.federation.core.wstrust.STSClient; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.identity.federation.core.wstrust.WSTrustException; +import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder; +import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; +import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; +import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; +import org.w3c.dom.Element; + +/** + * + * This login module delegates authentication of clients to a security token service (STS). If the STS succeeds at + * authenticating the client, it issues a SAML assertion that may contain other attributes such as security roles. The + * assertion is then included in a {@code Principal} instance that is in turn added to the "CallerPrincipal" group. This + * makes the SAML assertion available to JEE applications via {@code getUserPrincipal} or {@code getCallerPrincipal} + * methods. + * + * + * This login module defines three module options that are used to specify the location of the STS: + * <ul> + * <li>endpointAddress - this property specifies the URL of the STS (required).</li> + * <li>serviceName - this property is used to specify the STS service name (optional, default value=PicketLinkSTS).</li> + * <li>portName - this property is used to specify the STS port name (optional, default value=PicketLinkSTSPort).</li> + * </ul> + * + * + * Note: applications may use the resulting {@code Principal} to propagate the client's identity using a SAML assertion. + * For example, a Web container may use this module to exchange the client's username/password for a SAML assertion and + * then use this SAML assertion when calling EJBs or other services. The EJB container can then use the {@code + * SAML2STSLoginModule} to validate the incoming assertion and establish the client's identity. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +@SuppressWarnings("unchecked") +public class SAML2STSIssuingLoginModule extends AbstractServerLoginModule +{ + + private String endpointURL = null; + + private String portName = "PicketLinkSTSPort"; + + private String serviceName = "PicketLinkSTS"; + + private SAMLPrincipal principal; + + /* + * (non-Javadoc) + * @see org.jboss.security.auth.spi.AbstractServerLoginModule#initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map) + */ + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, + Map<String, ?> options) + { + super.initialize(subject, callbackHandler, sharedState, options); + // check if the required endpointURL property has been specified. + if (options.get("endpointAddress") == null) + throw new IllegalArgumentException("The endpointURL property is required and must specify the STS URL"); + this.endpointURL = (String) options.get("endpointAddress"); + // check if the optional properties have been specified. + String option = (String) options.get("portName"); + if (option != null) + this.portName = option; + option = (String) options.get("serviceName"); + if (option != null) + this.serviceName = option; + } + + @Override + public boolean login() throws LoginException + { + // if client has already been authenticated, just save the principal. + if (super.login() == true) + { + Object sharedPrincipal = super.sharedState.get("javax.security.auth.login.name"); + if (sharedPrincipal instanceof SAMLPrincipal) + this.principal = (SAMLPrincipal) sharedPrincipal; + else + { + super.log.warn("Shared principal is not a SAMLPrincipal."); + return false; + } + return true; + } + + // client hasn't been authenticated: get username/password pair from callback handler. + if (callbackHandler == null) + { + throw new LoginException("Error: no CallbackHandler available " + "to collect authentication information"); + } + + NameCallback nc = new NameCallback("User name: ", "guest"); + PasswordCallback pc = new PasswordCallback("Password: ", false); + Callback[] callbacks = + {nc, pc}; + + String username = null; + String password = null; + try + { + callbackHandler.handle(callbacks); + username = nc.getName(); + password = new String(pc.getPassword()); + } + catch (Exception e) + { + LoginException exception = new LoginException("Error handling callback" + e.getMessage()); + exception.initCause(e); + throw exception; + } + + // create a WS-Trust request with the username/password and send it to the STS. + Builder builder = new Builder(); + builder.endpointAddress(this.endpointURL).portName(this.portName).serviceName(this.serviceName); + builder.username(username).password(password); + STSClient client = new STSClient(builder.build()); + + try + { + if (log.isTraceEnabled()) + log.trace("Calling STS at " + this.endpointURL); + Element assertionElement = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); + SamlCredential credential = new SamlCredential(assertionElement); + this.principal = new SAMLPrincipal(this.getPrincipalFromAssertion(assertionElement), credential); + } + catch (WSTrustException we) + { + LoginException exception = new LoginException("Failed to authenticate client via STS: " + we.getMessage()); + exception.initCause(we); + throw exception; + } + + if (super.getUseFirstPass()) + { + super.sharedState.put("javax.security.auth.login.name", this.principal); + super.sharedState.put("javax.security.auth.login.password", this.principal.getSAMLCredential()); + } + return (super.loginOk = true); + } + + /* + * (non-Javadoc) + * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getIdentity() + */ + @Override + protected Principal getIdentity() + { + return this.principal; + } + + /* + * (non-Javadoc) + * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets() + */ + @Override + protected Group[] getRoleSets() throws LoginException + { + // add the SAMLPrincipal to the CallerPrincipal group. + Group callerPrincipal = new PicketLinkGroup("CallerPrincipal"); + callerPrincipal.addMember(this.principal); + + // try to extract roles from the SAML assertion. + try + { + AssertionType assertion = SAMLUtil.fromElement(this.principal.getSAMLCredential().getAssertionAsElement()); + // check the assertion statements and look for role attributes. + AttributeStatementType attributeStatement = this.getAttributeStatement(assertion); + if (attributeStatement != null) + { + Set<Principal> roles = new HashSet<Principal>(); + List<Object> attributeList = attributeStatement.getAttributeOrEncryptedAttribute(); + for (Object obj : attributeList) + { + if (obj instanceof AttributeType) + { + AttributeType attribute = (AttributeType) obj; + // if this is a role attribute, get its values and add them to the role set. + if (attribute.getName().equals("role")) + { + for (Object value : attribute.getAttributeValue()) + roles.add(new PicketLinkPrincipal((String) value)); + } + } + } + Group rolesGroup = new PicketLinkGroup("Roles"); + for (Principal role : roles) + rolesGroup.addMember(role); + + return new Group[] {callerPrincipal, rolesGroup}; + } + } + catch (Exception e) + { + LoginException le = new LoginException("Failed to parse assertion element: " + e.getMessage()); + le.initCause(e); + throw le; + } + + return new Group[] {callerPrincipal}; + } + + private String getPrincipalFromAssertion(Element assertionElement) + { + try + { + AssertionType assertion = SAMLUtil.fromElement(assertionElement); + SubjectType subject = assertion.getSubject(); + if (subject != null) + { + for (JAXBElement<?> element : subject.getContent()) + { + if (element.getDeclaredType().equals(NameIDType.class)) + { + NameIDType nameID = (NameIDType) element.getValue(); + return nameID.getValue(); + } + } + } + } + catch (Exception e) + { + throw new RuntimeException("Failed to parse assertion element" + e.getMessage(), e); + } + return null; + } + + /** + * + * Checks if the specified SAML assertion contains a {@code AttributeStatementType} and returns this type when it is + * available. + * + * + * @param assertion a reference to the {@code AssertionType} that may contain an {@code AttributeStatementType}. + * @return the assertion's {@code AttributeStatementType}, or {@code null} if no such type can be found in the SAML + * assertion. + */ + private AttributeStatementType getAttributeStatement(AssertionType assertion) + { + List<StatementAbstractType> statementList = assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement(); + if (statementList.size() != 0) + { + for (StatementAbstractType statement : statementList) + { + if (statement instanceof AttributeStatementType) + return (AttributeStatementType) statement; + } + } + return null; + } +} Modified: federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java =================================================================== --- federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2010-09-10 03:50:38 UTC (rev 396) +++ federation/branches/Branch_1_x/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2010-09-15 00:35:42 UTC (rev 397) @@ -59,11 +59,11 @@ * * * This module defines one module option: - * <li> - * <ul>configFile - this property identifies the properties file that will be used to establish communication with + * <ul> + * <li>configFile - this property identifies the properties file that will be used to establish communication with * the external security token service. - * </ul> - * </li> + * </li> + * </ul> * An example of a {@code configFile} can be seen bellow: * <pre> * serviceName=PicketLinkSTS @@ -148,7 +148,7 @@ { super.callbackHandler.handle(new Callback[]{callback}); if (callback.getCredential() instanceof SamlCredential == false) - throw new IllegalArgumentException("Supplied credential is not a SAML credential"); + throw new LoginException("Supplied credential is not a SAML credential"); this.credential = (SamlCredential) callback.getCredential(); assertionElement = this.credential.getAssertionAsElement(); } Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SAMLPrincipal.java 2010-09-15 00:35:42 UTC (rev 397) @@ -0,0 +1,33 @@ +package org.picketlink.identity.federation.core.wstrust; + +import java.io.Serializable; +import java.security.Principal; + +public class SAMLPrincipal implements Principal, Serializable +{ + private static final long serialVersionUID = -1920118158545149797L; + + private String principalName; + + private SamlCredential credential; + + public SAMLPrincipal(String name, SamlCredential credential) + { + this.principalName = name; + this.credential = credential; + } + + /* + * (non-Javadoc) + * @see java.security.Principal#getName() + */ + public String getName() + { + return this.principalName; + } + + public SamlCredential getSAMLCredential() + { + return this.credential; + } +}

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r396 - in federation/branches/Branch_1_x: picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/wstrust and 5 other directories.

by picketlink-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2010-09-09 23:50:38 -0400 (Thu, 09 Sep 2010) New Revision: 396 Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java federation/branches/Branch_1_x/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSecurityHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientUnitTestCase.java Log: Fixed warnings Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2010-09-10 03:50:38 UTC (rev 396) @@ -28,7 +28,6 @@ import javax.xml.bind.JAXBException; import javax.xml.crypto.MarshalException; -import javax.xml.crypto.dsig.CanonicalizationMethod; import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.SignatureMethod; import javax.xml.crypto.dsig.XMLSignatureException; Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2010-09-10 03:50:38 UTC (rev 396) @@ -194,7 +194,7 @@ Element token = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); assertTrue("Token is valid" , client.validateToken(token)); - Element renewedToken = client.renewToken(SAMLUtil.SAML2_TOKEN_TYPE, token); + Element renewedToken = client.renewToken(token); System.out.println("Renewed Token=" + DocumentUtil.getNodeAsString(renewedToken)); } Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2010-09-10 03:50:38 UTC (rev 396) @@ -118,7 +118,6 @@ { return AccessController.doPrivileged( new PrivilegedAction< String >() { - @Override public String run() { return System.getProperty( key, defaultValue ); Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2010-09-10 03:50:38 UTC (rev 396) @@ -180,7 +180,7 @@ try { Object object = this.binder.unmarshal(documentNode); - if (object instanceof JAXBElement) + if (object instanceof JAXBElement<?>) { JAXBElement<?> element = (JAXBElement<?>) object; if (element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class)) Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-09-10 03:50:38 UTC (rev 396) @@ -159,7 +159,7 @@ { if (obj instanceof EndpointReferenceType) reference = (EndpointReferenceType) obj; - else if (obj instanceof JAXBElement) + else if (obj instanceof JAXBElement<?>) { JAXBElement<?> element = (JAXBElement<?>) obj; if (element.getName().getLocalPart().equalsIgnoreCase("EndpointReference")) @@ -207,7 +207,7 @@ Object content = onBehalfOf.getAny(); if (content instanceof UsernameTokenType) usernameToken = (UsernameTokenType) content; - else if (content instanceof JAXBElement) + else if (content instanceof JAXBElement<?>) { JAXBElement<?> element = (JAXBElement<?>) content; if (element.getName().getLocalPart().equalsIgnoreCase("UsernameToken")) @@ -263,14 +263,13 @@ * @return a {@code byte[]} containing the secret; {@code null} if the specified entropy doesn't contain * any secret. */ - @SuppressWarnings("rawtypes") public static byte[] getBinarySecret(EntropyType entropy) { byte[] secret = null; for (Object obj : entropy.getAny()) { - JAXBElement element = (JAXBElement) obj; + JAXBElement<?> element = (JAXBElement<?>) obj; if (element.getDeclaredType().equals(BinarySecretType.class)) { BinarySecretType binarySecret = (BinarySecretType) element.getValue(); Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2010-09-10 03:50:38 UTC (rev 396) @@ -353,7 +353,7 @@ } } - @SuppressWarnings({"unchecked", "rawtypes"}) + @SuppressWarnings({"unchecked"}) private void setPasswordStackingCredentials(final Builder builder) { final Map sharedState = (Map) this.sharedState; @@ -440,7 +440,7 @@ this.samlToken = samlToken; } - @SuppressWarnings({"unchecked", "rawtypes"}) + @SuppressWarnings({"unchecked"}) protected void setSharedToken(final Object token) { if (sharedState == null) Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java 2010-09-10 03:50:38 UTC (rev 396) @@ -36,7 +36,6 @@ { protected List<KeyValueType> options = new ArrayList<KeyValueType>(); - @Override public void setOptions(List<KeyValueType> options) { this.options.addAll( options ); Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSecurityHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/handlers/STSSecurityHandler.java 2010-09-10 03:50:38 UTC (rev 396) @@ -206,7 +206,7 @@ return true; } - @SuppressWarnings("rawtypes") + @SuppressWarnings("unchecked") private Element extractSecurityToken(final SOAPMessageContext messageContext, final QName securityQName, final QName tokenQName) { try Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientUnitTestCase.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientUnitTestCase.java 2010-09-10 03:42:37 UTC (rev 395) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientUnitTestCase.java 2010-09-10 03:50:38 UTC (rev 396) @@ -197,7 +197,7 @@ Element token = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); assertTrue("Token is valid" , client.validateToken(token)); - Element renewedToken = client.renewToken(SAMLUtil.SAML2_TOKEN_TYPE, token); + Element renewedToken = client.renewToken(token); System.out.println("Renewed Token=" + DocumentUtil.getNodeAsString(renewedToken)); } @@ -219,7 +219,7 @@ Element token = client.issueTokenForEndpoint(endpointURI); assertTrue("Token is valid" , client.validateToken(token)); - Element renewedToken = client.renewToken(SAMLUtil.SAML2_TOKEN_TYPE, token); + Element renewedToken = client.renewToken(token); System.out.println("Renewed Token=" + DocumentUtil.getNodeAsString(renewedToken)); }

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r395 - in integration-tests/trunk: parent and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2010-09-09 23:42:37 -0400 (Thu, 09 Sep 2010) New Revision: 395 Modified: integration-tests/trunk/parent/pom.xml integration-tests/trunk/picketlink-saml-tests/pom.xml integration-tests/trunk/picketlink-sts-tests/pom.xml integration-tests/trunk/pom.xml Log: PLFED-102: Setting trunk version to 2.0.0-SNAPSHOT Modified: integration-tests/trunk/parent/pom.xml =================================================================== --- integration-tests/trunk/parent/pom.xml 2010-09-09 22:20:46 UTC (rev 394) +++ integration-tests/trunk/parent/pom.xml 2010-09-10 03:42:37 UTC (rev 395) @@ -8,7 +8,7 @@ <groupId>org.picketlink</groupId> <artifactId>picketlink-integration-tests-parent</artifactId> <packaging>pom</packaging> - <version>1.0.4-SNAPSHOT</version> + <version>2.0.0-SNAPSHOT</version> <name>PicketLink Integration Tests- Parent</name> <url>http://labs.jboss.org/portal/picketlink/</url> <description>PicketLink is a cross-cutting project that handles identity needs for the JEMS projects</description> Modified: integration-tests/trunk/picketlink-saml-tests/pom.xml =================================================================== --- integration-tests/trunk/picketlink-saml-tests/pom.xml 2010-09-09 22:20:46 UTC (rev 394) +++ integration-tests/trunk/picketlink-saml-tests/pom.xml 2010-09-10 03:42:37 UTC (rev 395) @@ -2,7 +2,7 @@ <parent> <groupId>org.picketlink</groupId> <artifactId>picketlink-integration-tests-parent</artifactId> - <version>1.0.4-SNAPSHOT</version> + <version>2.0.0-SNAPSHOT</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: integration-tests/trunk/picketlink-sts-tests/pom.xml =================================================================== --- integration-tests/trunk/picketlink-sts-tests/pom.xml 2010-09-09 22:20:46 UTC (rev 394) +++ integration-tests/trunk/picketlink-sts-tests/pom.xml 2010-09-10 03:42:37 UTC (rev 395) @@ -2,7 +2,7 @@ <parent> <groupId>org.picketlink</groupId> <artifactId>picketlink-integration-tests-parent</artifactId> - <version>1.0.4-SNAPSHOT</version> + <version>2.0.0-SNAPSHOT</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: integration-tests/trunk/pom.xml =================================================================== --- integration-tests/trunk/pom.xml 2010-09-09 22:20:46 UTC (rev 394) +++ integration-tests/trunk/pom.xml 2010-09-10 03:42:37 UTC (rev 395) @@ -2,7 +2,7 @@ <parent> <groupId>org.picketlink</groupId> <artifactId>picketlink-integration-tests-parent</artifactId> - <version>1.0.4-SNAPSHOT</version> + <version>2.0.0-SNAPSHOT</version> <relativePath>parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion>

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r394 - in federation/branches/Branch_1_x: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directories.

by picketlink-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2010-09-09 18:20:46 -0400 (Thu, 09 Sep 2010) New Revision: 394 Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java Log: PLFED-17: added batch support to WSTrustClient and STSClient Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-09-09 22:20:46 UTC (rev 394) @@ -19,6 +19,7 @@ import java.net.URI; import java.security.Principal; +import java.util.List; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.wstrust.STSClient; @@ -28,6 +29,7 @@ import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; import org.w3c.dom.Element; /** @@ -142,7 +144,7 @@ { if (endpointURI == null && tokenType == null) throw new IllegalArgumentException("Either the token type or endpoint URI must be specified"); - + RequestSecurityToken request = new RequestSecurityToken(); if (tokenType != null) request.setTokenType(URI.create(tokenType)); @@ -170,7 +172,7 @@ throw new IllegalArgumentException("Either the token type or endpoint URI must be specified"); if (principal == null) throw new IllegalArgumentException("The on-behalf-of principal cannot be null"); - + RequestSecurityToken request = new RequestSecurityToken(); if (tokenType != null) request.setTokenType(URI.create(tokenType)); @@ -198,19 +200,73 @@ } /** + * + * Issues a collection of security tokens. This is a batch operation, so all tokens will be issued using a single + * WS-Trust request message. This message contains all requests encapsulated in a {@code + * RequestSecurityTokenCollection} instance. + * + * + * @param requestCollection the object that contains all the issue requests. + * @return a {@code List<Element>} containing all issued security tokens. The list respects the order of the request + * collection. In other words, each token in the list will have the same index of the request that was used + * to generate that token. + * @throws WSTrustException if an error occurs while issuing the tokens. + */ + public List<Element> issueTokens(RequestSecurityTokenCollection requestCollection) throws WSTrustException + { + if (requestCollection == null || requestCollection.getRequestSecurityTokens().size() == 0) + throw new IllegalArgumentException("The specified request collection must contain at least one request."); + return this.issueInternal(requestCollection, 0); + } + + /** * This method will send a RequestSecurityToken with a RequestType of renew and the passed-in tokenType identifies * the type of token to be renewed by the STS. * * @param tokenType - The type of token to be renewed. * @param token - The security token to be renewed. * @return Element - The Security Token element. Will be of the tokenType specified. + * @deprecated the tokenType argument is unnecessary as the type can be derived from the token. Use + * {@link #renewToken(Element)} instead. */ public Element renewToken(String tokenType, Element token) throws WSTrustException { - return this.renewInternal(tokenType, token, 0); + return this.renewInternal(token, 0); } /** + * + * Renews the specified security token by sending a WS-Trust renew request to the STS. + * + * + * @param token the security token to be renewed. + * @return an {@code Element} representing the renewed token. + * @throws WSTrustException if an error occurs while renewing the security token. + */ + public Element renewToken(Element token) throws WSTrustException + { + return this.renewInternal(token, 0); + } + + /** + * + * Renews all the specified security tokens. This is a batch operation, so all tokens will be renewed using a single + * WS-Trust renew message. + * + * + * @param tokens a list that contains all the security tokens that must be renewed. + * @return a list containing all the renewed tokens. The list preserves the position of the tokens. + * @throws WSTrustException if an error occurs while renewing the tokens. + */ + public List<Element> renewTokens(List<Element> tokens) throws WSTrustException + { + if (tokens == null || tokens.size() == 0) + throw new IllegalArgumentException("The specified list must contain at least one token for renewal"); + + return this.renewInternal(tokens, 0); + } + + /** * This method will send a RequestSecurityToken with a RequestType of validated by the STS. * * @param token - The security token to be validated. @@ -223,6 +279,25 @@ /** * + * Validates all the specified security tokens. This is a batch operation, so all tokens will be validated using a + * single WS-Trust validate message. + * + * + * @param tokens a list that contains all the security tokens that must be validated. + * @return a list containing the result of the validation. Each boolean in the list indicates if the respective + * security token was considered valid or not. + * @throws WSTrustException if an error occurs while validating the tokens. + */ + public List<Boolean> validateTokens(List<Element> tokens) throws WSTrustException + { + if (tokens == null || tokens.size() == 0) + throw new IllegalArgumentException("The specified list must contain at least one token for validation"); + + return this.validateInternal(tokens, 0); + } + + /** + * * This method sends a WS-Trust cancel message to the STS in order to cancel (revoke) the specified security token. * * @@ -237,6 +312,25 @@ /** * + * Cancels all the specified security tokens. This is a batch operation, so all tokens will be canceled using a + * single WS-Trust cancel message. + * + * + * @param tokens a list that contains all the security tokens that must be canceled. + * @return a list containing the result of the cancel request. Each boolean in the list indicates if the respective + * security token was successfully canceled or not. + * @throws WSTrustException if an error occurs while renewing the tokens. + */ + public List<Boolean> cancelTokens(List<Element> tokens) throws WSTrustException + { + if (tokens == null || tokens.size() == 0) + throw new IllegalArgumentException("The specified list must contain at least one token"); + + return this.cancelInternal(tokens, 0); + } + + /** + * * This method issues a token using the specified request and has failover support when more than one endpoint URI * has been provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to * one endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all @@ -269,31 +363,62 @@ /** * + * This method issues a collection of tokens using the specified request and has failover support when more than one + * endpoint URI has been provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust + * request to one endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance + * or all URIs have been tried. + * + * + * @param request a {@code RequestSecurityTokenCollection} instance that contains the WS-Trust requests. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Element>} representing the security token that has been issued. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Element> issueInternal(RequestSecurityTokenCollection request, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.issueTokens(request); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.issueInternal(request, ++clientIndex); + } + throw e; + } + } + + /** + * * This method renews the specified token and has failover support when more than one endpoint URI has been provided * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. * * - * @param tokenType the type of the token being renewed. * @param token an {@code Element} representing the security token being renewed. * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to * perform the request. * @return an {@code Element} representing the security token that has been renewed. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ - private Element renewInternal(String tokenType, Element token, int clientIndex) throws WSTrustException + private Element renewInternal(Element token, int clientIndex) throws WSTrustException { STSClient client = this.clients[clientIndex]; try { - return client.renewToken(tokenType, token); + return client.renewToken(token); } catch (RuntimeException e) { // if this was a connection refused exception and we still have clients to try, call the next client. if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) { - return this.renewInternal(tokenType, token, ++clientIndex); + return this.renewInternal(token, ++clientIndex); } throw e; } @@ -301,13 +426,44 @@ /** * + * This method renews the specified tokens and has failover support when more than one endpoint URI has been provided + * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the + * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. + * + * + * @param tokens a {@code List<Element>} containing the security tokens to be renewed. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Element>} representing the security tokens that have been renewed. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Element> renewInternal(List<Element> tokens, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.renewTokens(tokens); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.renewInternal(tokens, ++clientIndex); + } + throw e; + } + } + + /** + * * This method validates the specified token and has failover support when more than one endpoint URI has been * provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one * endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all URIs * have been tried. * * - * @param token an {@code Element} representing the security token being validated. + * @param tokens an {@code Element} representing the security token being validated. * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to * perform the request. * @return {@code true} if the token was considered valid; {@code false} otherwise. @@ -333,6 +489,39 @@ /** * + * This method validates the specified tokens and has failover support when more than one endpoint URI has been + * provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one + * endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all URIs + * have been tried. + * + * + * @param tokens a {@code Element} representing the security tokens being validated. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Boolean>}. Each position in the list indicates if the respective security token was + * considered valid or not. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Boolean> validateInternal(List<Element> tokens, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.validateTokens(tokens); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.validateInternal(tokens, ++clientIndex); + } + throw e; + } + } + + /** + * * This method cancels the specified token and has failover support when more than one endpoint URI has been provided * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. @@ -364,6 +553,38 @@ /** * + * This method cancels the specified tokens and has failover support when more than one endpoint URI has been provided + * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the + * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. + * + * + * @param tokens a {@code List<Element>} containing all tokens to be canceled. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Boolean>}. Each position in the list indicates if the respective security token was + * successfully canceled or not. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Boolean> cancelInternal(List<Element> tokens, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.cancelTokens(tokens); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.cancelInternal(tokens, ++clientIndex); + } + throw e; + } + } + + /** + * * Checks if the root of the specified {@code Throwable} is an instance of {@code java.net.ConnectException}. * * Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-09-09 22:20:46 UTC (rev 394) @@ -1,28 +1,26 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.core.wstrust; import java.net.URI; import java.security.Principal; +import java.util.ArrayList; +import java.util.List; import java.util.Map; import javax.xml.namespace.QName; @@ -39,6 +37,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; import org.picketlink.identity.federation.ws.trust.CancelTargetType; @@ -94,10 +93,10 @@ /** * Issues a Security Token for the ultimate recipient of the token. * - * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. - * @return Element - The Security Token Element which will be of the TokenType configured - * for the endpointURI passed in. + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. + * @return Element - The Security Token Element which will be of the TokenType configured for the endpointURI passed + * in. * @throws WSTrustException */ public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException @@ -108,12 +107,11 @@ } /** - * Issues a Security Token from the STS. This methods has the option of - * specifying one or both of endpointURI/tokenType but at least one must - * specified. + * Issues a Security Token from the STS. This methods has the option of specifying one or both of + * endpointURI/tokenType but at least one must specified. * - * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. * @param tokenType - The type of security token to be issued. * @return Element - The Security Token Element issued. * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified. @@ -135,11 +133,11 @@ * Issues a security token on behalf of the specified principal. * * - * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. - * @param tokenType the type of the token to be issued. - * @param principal the {@code Principal} to whom the token will be issued. - * @return an {@code Element} representing the issued security token. + * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. + * @param tokenType the type of the token to be issued. + * @param principal the {@code Principal} to whom the token will be issued. + * @return an {@code Element} representing the issued security token. * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified. * @throws WSTrustException if an error occurs while issuing the security token. */ @@ -169,7 +167,7 @@ rst.setTokenType(URI.create(tokenType)); return rst; } - + private RequestSecurityToken setOnBehalfOf(Principal principal, RequestSecurityToken request) { if (principal != null) @@ -179,14 +177,34 @@ public Element issueToken(RequestSecurityToken request) throws WSTrustException { - if (request.getRequestType() == null) - request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST)); - if (request.getContext() == null) - request.setContext("default-context"); + // convert the request type to BatchIssue before dispatching the batch request. + request.setRequestType(URI.create(WSTrustConstants.BATCH_ISSUE_REQUEST)); + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + requestCollection.addRequestSecurityToken(request); + return this.issueTokens(requestCollection).get(0); + } + + public List<Element> issueTokens(RequestSecurityTokenCollection requestCollection) throws WSTrustException + { + // check if all requests are of type BatchIssue. + for (RequestSecurityToken request : requestCollection.getRequestSecurityTokens()) + { + // if null or type: assume BatchIssue. + if (request.getRequestType() == null) + request.setRequestType(URI.create(WSTrustConstants.BATCH_ISSUE_REQUEST)); + // non-null type: check if type equals BatchIssue. + else if (!request.getRequestType().toString().equals(WSTrustConstants.BATCH_ISSUE_REQUEST)) + throw new IllegalArgumentException("The request type must be of type BatchIssue"); + } + + // use the JAXB factory to marshal the batch request. WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); + + // invoke the STS. Source response = dispatchLocal.get().invoke(requestSource); + // parse the response and extract all nodes that contain the security tokens. NodeList nodes; try { @@ -216,31 +234,58 @@ { throw new WSTrustException("Exception in issuing token:", e); } - if (nodes == null) throw new WSTrustException("NodeList is null"); + else + { + List<Element> tokens = new ArrayList<Element>(); + for (int i = 0; i < nodes.getLength(); i++) + { + Node node = nodes.item(i); + tokens.add((Element) node.getFirstChild()); + } + return tokens; + } + } - Node rstr = nodes.item(0); + /** + * @deprecated tokenType parameter is unnecessary as the type can be derived from the token. Use + * {@link #renewToken(Element)} instead. + */ + public Element renewToken(String tokenType, Element token) throws WSTrustException + { + return this.renewToken(token); + } - return (Element) rstr.getFirstChild(); + public Element renewToken(Element token) throws WSTrustException + { + List<Element> tokens = new ArrayList<Element>(); + tokens.add(token); + return this.renewTokens(tokens).get(0); } - public Element renewToken(String tokenType, Element token) throws WSTrustException + public List<Element> renewTokens(List<Element> tokens) throws WSTrustException { - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("context"); + // create a request collection containing all tokens to be renewed. + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + for (Element token : tokens) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setRequestType(URI.create(WSTrustConstants.BATCH_RENEW_REQUEST)); + RenewTargetType renewTarget = new RenewTargetType(); + renewTarget.setAny(token); + request.setRenewTarget(renewTarget); + requestCollection.addRequestSecurityToken(request); + } - request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - request.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST)); - RenewTargetType renewTarget = new RenewTargetType(); - renewTarget.setAny(token); - request.setRenewTarget(renewTarget); + // use the JAXB factory to marshal the batch request. + WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); - // send the token request to JBoss STS and get the response. - WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + // invoke the STS. Source response = dispatchLocal.get().invoke(requestSource); + // parse the response and extract all nodes that contain the security tokens. NodeList nodes; try { @@ -268,45 +313,67 @@ } catch (Exception e) { - throw new WSTrustException("Exception in renewing token:", e); + throw new WSTrustException("Exception in issuing token:", e); } - if (nodes == null) throw new WSTrustException("NodeList is null"); - - Node rstr = nodes.item(0); - - return (Element) rstr.getFirstChild(); - + else + { + List<Element> renewedTokens = new ArrayList<Element>(); + for (int i = 0; i < nodes.getLength(); i++) + { + Node node = nodes.item(i); + renewedTokens.add((Element) node.getFirstChild()); + } + return renewedTokens; + } } public boolean validateToken(Element token) throws WSTrustException { - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("context"); + List<Element> tokens = new ArrayList<Element>(); + tokens.add(token); + return this.validateTokens(tokens).get(0); + } - request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST)); - ValidateTargetType validateTarget = new ValidateTargetType(); - validateTarget.setAny(token); - request.setValidateTarget(validateTarget); + public List<Boolean> validateTokens(List<Element> tokens) throws WSTrustException + { + // create a request collection containing all tokens to be validated. + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + for (Element token : tokens) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); + request.setRequestType(URI.create(WSTrustConstants.BATCH_VALIDATE_REQUEST)); + ValidateTargetType validateTarget = new ValidateTargetType(); + validateTarget.setAny(token); + request.setValidateTarget(validateTarget); + requestCollection.addRequestSecurityToken(request); + } + // use the JAXB factory to marshal the batch request. WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + // invoke the STS. + Source response = dispatchLocal.get().invoke(requestSource); - Source response = dispatchLocal.get().invoke(requestSource); + // parse the response and check the validation status of each security token. RequestSecurityTokenResponseCollection responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory .parseRequestSecurityTokenResponse(response); - RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0); - StatusType status = tokenResponse.getStatus(); - if (status != null) + List<Boolean> result = new ArrayList<Boolean>(); + for (RequestSecurityTokenResponse tokenResponse : responseCollection.getRequestSecurityTokenResponses()) { - String code = status.getCode(); - return WSTrustConstants.STATUS_CODE_VALID.equals(code); + StatusType status = tokenResponse.getStatus(); + if (status != null) + { + String code = status.getCode(); + result.add(WSTrustConstants.STATUS_CODE_VALID.equals(code)); + } + result.add(Boolean.FALSE); } - return false; + return result; } /** @@ -320,25 +387,43 @@ */ public boolean cancelToken(Element securityToken) throws WSTrustException { - // create a WS-Trust cancel request containing the specified token. - RequestSecurityToken request = new RequestSecurityToken(); - request.setRequestType(URI.create(WSTrustConstants.CANCEL_REQUEST)); - CancelTargetType cancelTarget = new CancelTargetType(); - cancelTarget.setAny(securityToken); - request.setCancelTarget(cancelTarget); + List<Element> tokens = new ArrayList<Element>(); + tokens.add(securityToken); + return this.cancelTokens(tokens).get(0); + } + public List<Boolean> cancelTokens(List<Element> tokens) throws WSTrustException + { + // create a request collection containing all tokens to be canceled. + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + for (Element token : tokens) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setRequestType(URI.create(WSTrustConstants.BATCH_CANCEL_REQUEST)); + CancelTargetType cancelTarget = new CancelTargetType(); + cancelTarget.setAny(token); + request.setCancelTarget(cancelTarget); + requestCollection.addRequestSecurityToken(request); + } + // marshal the request and send it to the STS. WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); Source response = dispatchLocal.get().invoke(requestSource); // get the WS-Trust response and check for presence of the RequestTokenCanceled element. RequestSecurityTokenResponseCollection responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory .parseRequestSecurityTokenResponse(response); - RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0); - if (tokenResponse.getRequestedTokenCancelled() != null) - return true; - return false; + + List<Boolean> result = new ArrayList<Boolean>(); + for (RequestSecurityTokenResponse tokenResponse : responseCollection.getRequestSecurityTokenResponses()) + { + if (tokenResponse.getRequestedTokenCancelled() != null) + result.add(Boolean.TRUE); + result.add(Boolean.FALSE); + } + + return result; } public Dispatch<Source> getDispatch() Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-09-09 22:20:46 UTC (rev 394) @@ -377,7 +377,8 @@ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); if (request.getContext() != null) response.setContext(request.getContext()); - response.setTokenType(request.getTokenType()); + if (request.getTokenType() != null) + response.setTokenType(request.getTokenType()); response.setLifetime(request.getLifetime()); response.setRequestedSecurityToken(requestedSecurityToken); if (context.getAttachedReference() != null) Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-09-09 22:20:46 UTC (rev 394) @@ -1,23 +1,19 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.core.wstrust.plugins.saml; @@ -167,8 +163,8 @@ this.attributeProvider.setProperties(this.properties); } else - logger.warn("Attribute provider not installed: " + attributeProviderClassName + - "is not an instance of SAML20TokenAttributeProvider"); + logger.warn("Attribute provider not installed: " + attributeProviderClassName + + "is not an instance of SAML20TokenAttributeProvider"); } catch (PrivilegedActionException pae) { @@ -348,8 +344,7 @@ { throw new WSTrustException("Failed to marshall SAMLV2 assertion", e); } - SecurityToken securityToken = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType() - .toString(), assertionElement, assertionID); + SecurityToken securityToken = new StandardSecurityToken(SAMLUtil.SAML2_TOKEN_TYPE, assertionElement, assertionID); context.setSecurityToken(securityToken); // set the SAML assertion attached reference. @@ -431,7 +426,7 @@ * * Checks whether the specified element is a SAMLV2.0 assertion or not. * - * + * * @param element the {@code Element} being verified. * @return {@code true} if the element is a SAMLV2.0 assertion; {@code false} otherwise. */

14 years, 3 months

1
0
0 / 0

Picketlink SVN: r393 - in federation/branches/Branch_1_x/picketlink-fed-core/src/main: java/org/picketlink/identity/federation/core/wstrust/confighandlers and 1 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-09-08 16:28:12 -0400 (Wed, 08 Sep 2010) New Revision: 393 Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml Log: PLFED-103: config handler stack for the STS Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-09-08 18:54:57 UTC (rev 392) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2010-09-08 20:28:12 UTC (rev 393) @@ -270,6 +270,8 @@ { Class<?> clazz = tcl.loadClass( handler.getClazz() ); STSConfigHandler stsConfigHandler = (STSConfigHandler) clazz.newInstance(); + stsConfigHandler.setOptions( handler.getOption() ); + configuration = stsConfigHandler.getConfiguration(); if( configuration != null ) break; Added: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java (rev 0) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/BaseSTSConfigHandler.java 2010-09-08 20:28:12 UTC (rev 393) @@ -0,0 +1,44 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.confighandlers; + +import java.util.ArrayList; +import java.util.List; + +import org.picketlink.identity.federation.core.config.KeyValueType; + + +/** + * Base class for STS configuration handlers + * @author Anil.Saldhana(a)redhat.com + * @since Sep 8, 2010 + */ +public abstract class BaseSTSConfigHandler implements STSConfigHandler +{ + protected List<KeyValueType> options = new ArrayList<KeyValueType>(); + + @Override + public void setOptions(List<KeyValueType> options) + { + this.options.addAll( options ); + } +} Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java 2010-09-08 18:54:57 UTC (rev 392) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ClassPathConfigHandler.java 2010-09-08 20:28:12 UTC (rev 393) @@ -25,7 +25,7 @@ import java.net.URL; import org.apache.log4j.Logger; -import org.picketlink.identity.federation.core.config.STSType; +import org.picketlink.identity.federation.core.config.STSType; import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration; import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConstants; import org.picketlink.identity.federation.core.wstrust.STSConfiguration; @@ -38,7 +38,7 @@ * @author Anil.Saldhana(a)redhat.com * @since Sep 8, 2010 */ -public class ClassPathConfigHandler implements STSConfigHandler +public class ClassPathConfigHandler extends BaseSTSConfigHandler { protected static Logger log = Logger.getLogger( ClassPathConfigHandler.class ); Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java 2010-09-08 18:54:57 UTC (rev 392) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/ConsoleHomeDirectoryConfigHandler.java 2010-09-08 20:28:12 UTC (rev 393) @@ -38,7 +38,7 @@ * @author Anil.Saldhana(a)redhat.com * @since Sep 8, 2010 */ -public class ConsoleHomeDirectoryConfigHandler implements STSConfigHandler +public class ConsoleHomeDirectoryConfigHandler extends BaseSTSConfigHandler { protected static Logger log = Logger.getLogger( ConsoleHomeDirectoryConfigHandler.class ); Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java 2010-09-08 18:54:57 UTC (rev 392) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/confighandlers/STSConfigHandler.java 2010-09-08 20:28:12 UTC (rev 393) @@ -21,6 +21,9 @@ */ package org.picketlink.identity.federation.core.wstrust.confighandlers; +import java.util.List; + +import org.picketlink.identity.federation.core.config.KeyValueType; import org.picketlink.identity.federation.core.wstrust.STSConfiguration; /** @@ -32,6 +35,12 @@ public interface STSConfigHandler { /** + * Set the options configured + * @param options + */ + void setOptions(List<KeyValueType> options); + + /** * Return {@code STSConfiguration} or null * @return */ Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml 2010-09-08 18:54:57 UTC (rev 392) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/resources/picketlink-sts-confighandlers.xml 2010-09-08 20:28:12 UTC (rev 393) @@ -1,10 +1,8 @@ <Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0"> <Handler class="org.picketlink.identity.federation.core.wstrust.confighandlers.ConsoleHomeDirectoryConfigHandler"> - <Option Key="1" Value="1.1"/> - <Option Key="2" Value="2.2"/> + <Option Key="description" Value="Configuration Handler that is used to pick up settings by console"/> </Handler> <Handler class="org.picketlink.identity.federation.core.wstrust.confighandlers.ClassPathConfigHandler"> - <Option Key="1" Value="1.1"/> - <Option Key="2" Value="2.2"/> + <Option Key="description" Value="Configuration Handler that is used to pick up picketlink-sts.xml"/> </Handler> -</Handlers> \ No newline at end of file +</Handlers>

14 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits September 2010