June 2011 - picketlink-commits - Jboss List Archives

Picketlink SVN: r985 - in social/trunk/openid: src and 15 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-13 14:25:32 -0400 (Mon, 13 Jun 2011) New Revision: 985 Added: social/trunk/openid/src/ social/trunk/openid/src/main/ social/trunk/openid/src/main/java/ social/trunk/openid/src/main/java/org/ social/trunk/openid/src/main/java/org/picketlink/ social/trunk/openid/src/main/java/org/picketlink/social/ social/trunk/openid/src/main/java/org/picketlink/social/openid/ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java social/trunk/openid/src/main/java/org/picketlink/social/openid/web/ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java social/trunk/openid/src/main/resources/ social/trunk/openid/src/test/ social/trunk/openid/src/test/java/ social/trunk/openid/src/test/java/org/ social/trunk/openid/src/test/java/org/picketlink/ social/trunk/openid/src/test/java/org/picketlink/test/ social/trunk/openid/src/test/java/org/picketlink/test/social/ social/trunk/openid/src/test/java/org/picketlink/test/social/openid/ social/trunk/openid/src/test/resources/ Modified: social/trunk/openid/pom.xml Log: openid code moved from fed trunk Modified: social/trunk/openid/pom.xml =================================================================== --- social/trunk/openid/pom.xml 2011-06-08 04:17:28 UTC (rev 984) +++ social/trunk/openid/pom.xml 2011-06-13 18:25:32 UTC (rev 985) @@ -85,28 +85,14 @@ </dependency> <dependency> <groupId>org.picketlink</groupId> - <artifactId>picketlink-fed-core</artifactId> + <artifactId>picketlink-web</artifactId> <version>${project.version}</version> </dependency> <dependency> - <groupId>org.picketlink</groupId> - <artifactId>picketlink-xmlsec-model</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.picketlink</groupId> - <artifactId>picketlink-fed-api</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> <groupId>org.openid4java</groupId> <artifactId>openid4java-nodeps</artifactId> </dependency> <dependency> - <groupId>org.apache</groupId> - <artifactId>xmlsec</artifactId> - </dependency> - <dependency> <groupId>apache-log4j</groupId> <artifactId>log4j</artifactId> </dependency> Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,195 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers; + +import javax.xml.namespace.QName; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.interfaces.ProtocolContext; +import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDTokenRegistryStore; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage; +import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider; +import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS; + +/** + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider +{ + public final static String OPENID_1_0_NS = "urn:openid:1:0"; + public final static String OPENID_1_1_NS = "urn:openid:1:1"; + public final static String OPENID_2_0_NS = "urn:openid:2:0"; + + protected static OpenIDProviderManager serverManager = null; //Will be initialized the first time of access + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String) + */ + public boolean supports(String namespace) + { + return OPENID_1_0_NS.equals( namespace ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType() + */ + public String tokenType() + { + return OPENID_1_0_NS; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName() + */ + public QName getSupportedQName() + { + return new QName( OPENID_1_0_NS ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family() + */ + public String family() + { + return SecurityTokenProvider.FAMILY_TYPE.OPENID.name(); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void issueToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + + OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context; + if( serverManager.getEndPoint() == null ) + { + serverManager.setEndPoint( openIDProtoCtx.getEndpoint() ); + } + + OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList(); + OpenIDMessage responsem = null; + + if( openIDProtoCtx.getIssueError() ) + { + String errorText = openIDProtoCtx.getErrorText() == null ? "Unknown request" : openIDProtoCtx.getErrorText(); + + responsem = serverManager.getDirectError( errorText ); + } + else + { + MODE mode = openIDProtoCtx.getMode(); + switch (mode ) + { + case ASSOCIATE : + responsem = serverManager.processAssociationRequest( requestp ); + break; + + case CHECK_AUTHENTICATION: + validateToken(openIDProtoCtx); + return; + + case CHECK_ID_SETUP: + case CHECK_ID_IMMEDIATE: + AUTH_HOLDER authHolder = openIDProtoCtx.getAuthenticationHolder(); + if( authHolder == null ) + throw new ProcessingException( "Authentication Holder is null" ); + + responsem = serverManager.processAuthenticationRequest(requestp, + authHolder.getUserSelectedId(), + authHolder.getUserSelectedClaimedId(), + authHolder.isAuthenticatedAndApproved() ); + break; + default: + throw new ProcessingException("Unknown mode"); + } + } + openIDProtoCtx.setResponseMessage( responsem ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void renewToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + } + + /* + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void cancelToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void validateToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + + OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context; + if( serverManager.getEndPoint() == null ) + { + serverManager.setEndPoint( openIDProtoCtx.getEndpoint() ); + } + + OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList(); + OpenIDMessage responsem = serverManager.verify( requestp ); + openIDProtoCtx.setResponseMessage( responsem ); + } + + protected void check() + { + SecurityManager sm = System.getSecurityManager(); + if( sm != null ) + sm.checkPermission( PicketLinkCoreSTS.rte ); + + if( serverManager == null ) + { + + serverManager = new OpenIDProviderManager(); + serverManager.initialize( new OpenIDTokenRegistryStore(), new OpenIDTokenRegistryStore()); + } + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,50 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers; + +import javax.xml.namespace.QName; + +/** + * A {@code SecurityTokenProvider} implementation for Open ID v2 + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDVersion2TokenProvider extends OpenIDTokenProvider +{ + @Override + public boolean supports(String namespace) + { + return OPENID_2_0_NS.equals( namespace ); + } + + @Override + public String tokenType() + { + return OPENID_2_0_NS; + } + + @Override + public QName getSupportedQName() + { + return new QName( OPENID_2_0_NS ); + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,47 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import java.util.Map; + +import org.openid4java.message.ParameterList; + +/** + * Parameter List passed in the messages + * @author Anil.Saldhana(a)redhat.com + * @since Jul 15, 2009 + */ +public class OpenIDParameterList extends ParameterList +{ + private static final long serialVersionUID = 1L; + + public OpenIDParameterList() + { + super(); + } + + @SuppressWarnings({ "rawtypes"}) + public OpenIDParameterList(Map parameterMap) + { + super(parameterMap); + } +} Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,273 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import javax.xml.namespace.QName; + +import org.picketlink.identity.federation.core.interfaces.ProtocolContext; +import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider; +import org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage; + +/** + * {@code ProtocolContext} for the OpenID Layer + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDProtocolContext implements ProtocolContext +{ + /** + * The response message generated by the STS + */ + protected OpenIDMessage responseMessage; + + /** + * The list of request parameters for use by the STS + */ + protected OpenIDParameterList requestParameterList; + + /** + * The Server Manager needs an endpoint + */ + protected String endpoint; + + /** + * Should the STS issue an error? + */ + protected Boolean issueError = Boolean.FALSE; + + /** + * What is the text the STS should use for the error? + */ + protected String errorText = null; + + /** + * The OpenID mode + */ + protected MODE mode; + + /** + * STS uses the AUTH_HOLDER information for processing authentication requests + */ + protected AUTH_HOLDER authenticationHolder; + + /** + * An Enum indicating the OpenID mode + */ + public enum MODE { ASSOCIATE, CHECK_ID_SETUP, CHECK_ID_IMMEDIATE, CHECK_AUTHENTICATION }; + + /** + * Class to hold the information for authentication requests + */ + public static class AUTH_HOLDER + { + private String userSelectedId, userSelectedClaimedId; + private boolean authenticatedAndApproved; + + public AUTH_HOLDER(String userSelectedId, String userSelectedClaimedId, boolean authenticatedAndApproved) + { + this.userSelectedId = userSelectedId; + this.userSelectedClaimedId = userSelectedClaimedId; + this.authenticatedAndApproved = authenticatedAndApproved; + } + + @Override + public String toString() + { + return "AUTH_HOLDER [userSelectedId=" + userSelectedId + ", userSelectedClaimedId=" + userSelectedClaimedId + + ", authenticatedAndApproved=" + authenticatedAndApproved + "]"; + } + + public String getUserSelectedId() + { + return userSelectedId; + } + + public String getUserSelectedClaimedId() + { + return userSelectedClaimedId; + } + + public boolean isAuthenticatedAndApproved() + { + return authenticatedAndApproved; + } + } + + /** + * Get the holder of authentication information + * @return + */ + public AUTH_HOLDER getAuthenticationHolder() + { + return authenticationHolder; + } + + /** + * Set an authentication holder + * @param authenticationHolder + */ + public void setAuthenticationHolder(AUTH_HOLDER authenticationHolder) + { + this.authenticationHolder = authenticationHolder; + } + + /** + * Get the Open ID mode + * @return + */ + public MODE getMode() + { + return this.mode; + } + + /** + * Set the OpenID mode + * @param theMode + */ + public void setMode( MODE theMode ) + { + this.mode = theMode; + } + + /** + * Get the error text (Null by default) + * @return + */ + public String getErrorText() + { + return errorText; + } + + /** + * Set the error text + * @param errorText + */ + public void setErrorText(String errorText) + { + this.errorText = errorText; + } + + /** + * Should the STS issue an error response token + * @return + */ + public Boolean getIssueError() + { + return issueError; + } + + /** + * Set the error response token for the STS + * @param issueError + */ + public void setIssueError(Boolean issueError) + { + this.issueError = issueError; + } + + /** + * Get the endpoint address + * @return + */ + public String getEndpoint() + { + return endpoint; + } + + /** + * Set the endpoint address + * @param endpoint + */ + public void setEndpoint(String endpoint) + { + this.endpoint = endpoint; + } + + /** + * Get the request parameter list + * @return an instanceof {@code OpenIDParameterList} + */ + public OpenIDParameterList getRequestParameterList() + { + return requestParameterList; + } + + /** + * Set the request parameter list + * @param requestParameterList an instanceof {@code OpenIDParameterList} + */ + public void setRequestParameterList(OpenIDParameterList requestParameterList) + { + this.requestParameterList = requestParameterList; + } + + /** + * Get the {@code OpenIDMessage} response message that the STS has generated + * @return + */ + public OpenIDMessage getResponseMessage() + { + return responseMessage; + } + + /** + * Set the {@code OpenIDMessage} response message + * @param responseMessage + */ + public void setResponseMessage(OpenIDMessage responseMessage) + { + this.responseMessage = responseMessage; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#serviceName() + */ + public String serviceName() + { + return null; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#tokenType() + */ + public String tokenType() + { + return OpenIDTokenProvider.OPENID_1_0_NS; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#getQName() + */ + public QName getQName() + { + return new QName( OpenIDTokenProvider.OPENID_1_0_NS ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#family() + */ + public String family() + { + return SecurityTokenProvider.FAMILY_TYPE.OPENID.name(); + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,168 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import org.openid4java.message.AuthSuccess; +import org.openid4java.message.DirectError; +import org.openid4java.message.Message; +import org.openid4java.message.ParameterList; +import org.openid4java.server.InMemoryServerAssociationStore; +import org.openid4java.server.ServerAssociationStore; +import org.openid4java.server.ServerManager; + +/** + * Manages a OpenID Provider + * @author Anil.Saldhana(a)redhat.com + * @since Jul 15, 2009 + */ +public class OpenIDProviderManager +{ + /** + * Internal server manager for processing + */ + private ServerManager serverManager = new ServerManager(); + + /** + * Initialize internal data structures + */ + public void initialize() + { + serverManager.setSharedAssociations(new InMemoryServerAssociationStore()); + serverManager.setPrivateAssociations(new InMemoryServerAssociationStore()); + } + + /** + * Initialize the Shared Association and Private Association stores + * @param sharedAssociationStore a set of 2 association stores {@code ServerAssociationStore} + * @throws {@code IllegalArgumentException} if the number of stores is not 2 + */ + public void initialize( ServerAssociationStore... sharedAssociationStore ) + { + if( sharedAssociationStore == null || sharedAssociationStore.length == 0 ) + { + initialize(); + return; + } + + if( sharedAssociationStore.length != 2 ) + throw new IllegalArgumentException( "Number of association stores not equal to 2" ); + serverManager.setSharedAssociations( sharedAssociationStore[0] ); + serverManager.setPrivateAssociations( sharedAssociationStore[1] ); + } + + /** + * Get the end point where the provider is active + * @return string an url + */ + public String getEndPoint() + { + return serverManager.getOPEndpointUrl(); + } + + /** + * Set the end point where the provider is active + * @param url + */ + public void setEndPoint(String url) + { + serverManager.setOPEndpointUrl(url); + } + + /** + * Process a request from the RP/Relying Party (or OpenID Consumer) + * for authenticating an user + * @param requestParams + * @param userSelId + * @param userSelClaimed + * @param authenticatedAndApproved + * @return + */ + public OpenIDMessage processAuthenticationRequest(ParameterList requestParams, + String userSelId, + String userSelClaimed, + boolean authenticatedAndApproved) + { + Message authMessage = serverManager.authResponse(requestParams, + userSelId, userSelClaimed, authenticatedAndApproved); + + return new OpenIDMessage(authMessage); + } + + /** + * Process a request for association from the RP + * @param requestParams + * @return + */ + public OpenIDMessage processAssociationRequest(ParameterList requestParams) + { + return new OpenIDMessage(serverManager.associationResponse(requestParams)); + } + + /** + * Process a verification request from RP for an already + * authenticated user + * @param requestParams + * @return + */ + public OpenIDMessage verify(ParameterList requestParams) + { + return new OpenIDMessage(serverManager.verify(requestParams)); + } + + /** + * Create an error message that needs to be passed to the RP + * @param msg + * @return + */ + public OpenIDMessage getDirectError(String msg) + { + return new OpenIDMessage(DirectError.createDirectError(msg)); + } + + /** + * Class to hold the open id message + */ + public static class OpenIDMessage + { + private Message message; + + OpenIDMessage(Message message) + { + this.message = message; + } + + public boolean isSuccessful() + { + return message instanceof AuthSuccess; + } + + public String getDestinationURL(boolean httpget) + { + return ((AuthSuccess) message).getDestinationUrl(httpget); + } + + public String getResponseText() + { + return message.keyValueFormEncoding(); + } + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,81 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import java.io.IOException; + +import org.openid4java.association.Association; +import org.openid4java.association.AssociationException; +import org.openid4java.server.InMemoryServerAssociationStore; +import org.openid4java.server.ServerAssociationStore; +import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry; +import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry; + +/** + * A {@code SecurityTokenRegistry} for OpenID that uses in memory registry + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDTokenRegistryStore extends DefaultTokenRegistry implements ServerAssociationStore, SecurityTokenRegistry +{ + protected InMemoryServerAssociationStore store = new InMemoryServerAssociationStore(); + + /** + * @see org.openid4java.server.ServerAssociationStore#generate(java.lang.String, int) + */ + public Association generate(String type, int expiryIn) throws AssociationException + { + Association association = store.generate(type, expiryIn); + try + { + addToken( association.getHandle(), association ); + } + catch (IOException e) + { + throw new AssociationException( e ); + } + return association; + } + + /** + * @see org.openid4java.server.ServerAssociationStore#load(java.lang.String) + */ + public Association load(String handle) + { + return (Association) getToken( handle ); + } + + /** + * @see org.openid4java.server.ServerAssociationStore#remove(java.lang.String) + */ + public void remove(String handle) + { + try + { + removeToken( handle ); + } + catch (IOException e) + { + throw new RuntimeException( e ); + } + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,57 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.web; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.picketlink.identity.federation.web.core.HTTPContext; + +/** + * HTTP Context for OpenID + * @author Anil.Saldhana(a)redhat.com + * @since Jul 6, 2009 + */ +public class HTTPOpenIDContext extends HTTPContext +{ + private String returnURL; + + public HTTPOpenIDContext(HttpServletRequest httpReq, HttpServletResponse httpResp, + ServletContext sctx) + { + super(httpReq, httpResp, sctx); + } + + public String getReturnURL() + { + return returnURL; + } + + //Setters + + public HTTPOpenIDContext setReturnURL(String url) + { + this.returnURL = url; + return this; + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,142 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.web; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.openid4java.message.AuthSuccess; +import org.openid4java.message.DirectError; +import org.openid4java.message.Message; +import org.openid4java.message.ParameterList; +import org.openid4java.server.InMemoryServerAssociationStore; +import org.openid4java.server.ServerManager; + +/** + * Common code at an OpenID Provider + * @author Anil.Saldhana(a)redhat.com + * @since Jul 7, 2009 + */ +public class HTTPOpenIDProvider +{ + public String process(HttpServletRequest request, HttpServletResponse response) + throws IOException + { + HttpSession session = request.getSession(); + + ServerManager manager=new ServerManager(); + manager.setSharedAssociations(new InMemoryServerAssociationStore()); + manager.setPrivateAssociations(new InMemoryServerAssociationStore()); + manager.setOPEndpointUrl(request.getScheme() + "://" + + request.getServerName() + ":" + + request.getServerPort() + "/simple-openid/provider.jsp"); + + ParameterList requestp; + + if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here + { + requestp=(ParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz sequence + } + else + { + requestp = new ParameterList(request.getParameterMap()); + } + + String mode = requestp.hasParameter("openid.mode") ? + requestp.getParameterValue("openid.mode") : null; + + Message responsem; + String responseText; + + if ("associate".equals(mode)) + { + // --- process an association request --- + responsem = manager.associationResponse(requestp); + responseText = responsem.keyValueFormEncoding(); + } + else if ("checkid_setup".equals(mode) + || "checkid_immediate".equals(mode)) + { + // interact with the user and obtain data needed to continue + //List userData = userInteraction(requestp); + String userSelectedId = null; + String userSelectedClaimedId = null; + Boolean authenticatedAndApproved = Boolean.FALSE; + + if ((session.getAttribute("authenticatedAndApproved") == null) || + (((Boolean)session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE) ) + { + session.setAttribute("parameterlist", requestp); + response.sendRedirect("provider_authorization.jsp"); + } + else + { + userSelectedId = (String) session.getAttribute("openid.claimed_id"); + userSelectedClaimedId = (String) session.getAttribute("openid.identity"); + authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved"); + // Remove the parameterlist so this provider can accept requests from elsewhere + session.removeAttribute("parameterlist"); + session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time + } + + // --- process an authentication request --- + responsem = manager.authResponse(requestp, + userSelectedId, + userSelectedClaimedId, + authenticatedAndApproved.booleanValue()); + + // caller will need to decide which of the following to use: + // - GET HTTP-redirect to the return_to URL + // - HTML FORM Redirection + //responseText = response.wwwFormEncoding(); + if (responsem instanceof AuthSuccess) + { + response.sendRedirect(((AuthSuccess) responsem).getDestinationUrl(true)); + return ""; + } + else + { + responseText="<pre>"+responsem.keyValueFormEncoding()+"</pre>"; + } + } + else if ("check_authentication".equals(mode)) + { + // --- processing a verification request --- + responsem = manager.verify(requestp); + responseText = responsem.keyValueFormEncoding(); + } + else + { + // --- error response --- + responsem = DirectError.createDirectError("Unknown request"); + responseText = responsem.keyValueFormEncoding(); + } + + + + return responseText != null ? responseText.trim() : null; + } + +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,211 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.web; + +import java.io.IOException; +import java.util.Map; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.picketlink.identity.federation.api.openid.OpenIDAttributeMap; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycle; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent; +import org.picketlink.identity.federation.api.openid.OpenIDProtocolAdapter; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent.OP; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent.TYPE; +import org.picketlink.identity.federation.api.openid.exceptions.OpenIDLifeCycleException; +import org.picketlink.identity.federation.api.openid.exceptions.OpenIDProtocolException; + +/** + * Protocol adapter for HTTP + * @author Anil.Saldhana(a)redhat.com + * @since Jul 6, 2009 + */ +public class HTTPProtocolAdaptor implements OpenIDProtocolAdapter, OpenIDLifecycle +{ + private static Logger log = Logger.getLogger(HTTPProtocolAdaptor.class); + private boolean trace = log.isTraceEnabled(); + + private HttpServletRequest request; + private HttpServletResponse response; + private ServletContext servletContext; + private String returnURL; + + public HTTPProtocolAdaptor(HTTPOpenIDContext octx) + { + if(octx == null) + throw new IllegalArgumentException("http openid context is null"); + + this.request = octx.getRequest(); + this.response = octx.getResponse(); + this.returnURL = octx.getReturnURL(); + this.servletContext = octx.getServletContext(); + } + + public OpenIDAttributeMap getAttributeMap() + { + OpenIDAttributeMap map = new OpenIDAttributeMap(); + if ("1".equals(request.getParameter("nickname"))) + { + map.put("nickname", "1"); + } + if ("1".equals(request.getParameter("email"))) + { + map.put("email", "1"); + } + if ("1".equals(request.getParameter("fullname"))) + { + map.put("fullname", "1"); + } + if ("1".equals(request.getParameter("dob"))) + { + map.put("dob", "1"); + } + if ("1".equals(request.getParameter("gender"))) + { + map.put("gender", "1"); + } + if ("1".equals(request.getParameter("postcode"))) + { + map.put("postcode", "1"); + } + if ("1".equals(request.getParameter("country"))) + { + map.put("country", "1"); + } + if ("1".equals(request.getParameter("language"))) + { + map.put("language", "1"); + } + if ("1".equals(request.getParameter("timezone"))) + { + map.put("timezone", "1"); + } + + return map; + } + + public String getReturnURL() + { + return this.returnURL; + } + + /** + * @throws OpenIDLifeCycleException + * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent) + */ + public void handle(OpenIDLifecycleEvent event) throws OpenIDLifeCycleException + { + if(event == null) + throw new IllegalArgumentException("event is null"); + + if(event.getEventType() == TYPE.SESSION) + { + String attr = event.getAttributeName(); + Object attrVal = event.getAttributeValue(); + + if(event.getOperation() == OP.ADD) + { + request.getSession().setAttribute(attr, attrVal); + } + else if(event.getOperation() == OP.REMOVE) + { + request.getSession().removeAttribute(attr); + } + } + + if(event.getEventType() == TYPE.SUCCESS) + try + { + response.sendRedirect("."); + } + catch (IOException e) + { + throw new OpenIDLifeCycleException(e); + } + } + + /** + * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent[]) + */ + public void handle(OpenIDLifecycleEvent[] eventArr) throws OpenIDLifeCycleException + { + for(OpenIDLifecycleEvent ev: eventArr) + { + this.handle(ev); + } + } + + public void sendToProvider(int version, String destinationURL, + Map<String, String> paramMap) throws OpenIDProtocolException + { + if(trace) + log.trace("send to provider=" + version + "::destinationURL=" + destinationURL); + + if(version == 1) + { + try + { + response.sendRedirect(destinationURL); + return; + } + catch (IOException e) + { + throw new OpenIDProtocolException(e); + } + } + + //Version != 1 + + // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) + + RequestDispatcher dispatcher = + this.servletContext.getRequestDispatcher("/formredirection.jsp"); + request.setAttribute("parameterMap", paramMap); + request.setAttribute("destinationUrl", destinationURL); + try + { + dispatcher.forward(request, response); + } + catch(IOException io) + { + throw new OpenIDProtocolException(io); + } + catch (ServletException e) + { + throw new OpenIDProtocolException(e); + } + } + + /** + * @see OpenIDLifecycle#getAttributeValue(String) + */ + public Object getAttributeValue(String name) + { + return this.request.getSession().getAttribute(name); + } +} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r984 - in federation/trunk/picketlink-bindings-jboss/src: test/java/org/picketlink/test/identity/federation/bindings/jboss/auth and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-08 00:17:28 -0400 (Wed, 08 Jun 2011) New Revision: 984 Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java Log: use local testing option Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-06-08 01:28:14 UTC (rev 983) +++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-06-08 04:17:28 UTC (rev 984) @@ -134,7 +134,7 @@ protected String securityDomain = null; - protected String groupName = "Roles"; + protected String groupName = SecurityConstants.ROLES_IDENTIFIER; protected boolean localValidation = false; @@ -182,6 +182,9 @@ */ public static final String PASSWORD_KEY = "password"; + //A variable used by the unit test to pass local validation + private boolean localTestingOnly = false; + /* * (non-Javadoc) * @see org.jboss.security.auth.spi.AbstractServerLoginModule#initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map) @@ -225,6 +228,12 @@ if (localValidationSecurityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT) == false) localValidationSecurityDomain = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + localValidationSecurityDomain; + + String localTestingOnlyStr = (String) options.get("localTestingOnly"); + if (StringUtil.isNotNull(localTestingOnlyStr)) + { + localTestingOnly = Boolean.valueOf(localTestingOnlyStr); + } } } @@ -490,10 +499,10 @@ protected boolean localValidation(Element assertionElement) throws Exception { - if (StringUtil.isNotNull(SecurityActions.getSystemProperty("PL_TEST"))) //Local testing - { + //For unit tests + if (localTestingOnly) return true; - } + try { Context ctx = new InitialContext(); Modified: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java 2011-06-08 01:28:14 UTC (rev 983) +++ federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java 2011-06-08 04:17:28 UTC (rev 984) @@ -65,7 +65,6 @@ @Before public void setup() { - System.setProperty("PL_TEST", "true"); System.setProperty("java.security.debug", "true"); Configuration.setConfiguration(new Configuration() @@ -79,6 +78,7 @@ options.put("configFile", "sts-client.properties"); options.put("localValidation", "true"); options.put("localValidationSecurityDomain", "someSD"); + options.put("localTestingOnly", "true"); AppConfigurationEntry a2 = new AppConfigurationEntry(SAML2STSLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options);

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r983 - in federation/trunk/picketlink-bindings-jboss/src: test/java/org/picketlink/test/identity/federation/bindings/jboss/auth and 1 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-07 21:28:14 -0400 (Tue, 07 Jun 2011) New Revision: 983 Added: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java Log: fix role parsing into subject Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-06-08 01:27:04 UTC (rev 982) +++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSLoginModule.java 2011-06-08 01:28:14 UTC (rev 983) @@ -26,12 +26,11 @@ import java.security.PublicKey; import java.security.acl.Group; import java.security.cert.Certificate; +import java.util.ArrayList; import java.util.Date; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import javax.naming.Context; import javax.naming.InitialContext; @@ -46,6 +45,7 @@ import org.apache.log4j.Logger; import org.jboss.security.SecurityConstants; +import org.jboss.security.SimplePrincipal; import org.jboss.security.auth.callback.ObjectCallback; import org.jboss.security.auth.spi.AbstractServerLoginModule; import org.jboss.security.plugins.JaasSecurityDomain; @@ -63,12 +63,8 @@ import org.picketlink.identity.federation.core.wstrust.WSTrustException; import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.BaseIDAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; -import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; import org.w3c.dom.Element; @@ -419,56 +415,18 @@ } } - // check the assertion statements and look for role attributes. - AttributeStatementType attributeStatement = this.getAttributeStatement(this.assertion); - if (attributeStatement != null) - { - Set<Principal> roles = new HashSet<Principal>(); - List<ASTChoiceType> attributeList = attributeStatement.getAttributes(); - for (ASTChoiceType obj : attributeList) - { - AttributeType attribute = obj.getAttribute(); - if (attribute != null) - { - // if this is a role attribute, get its values and add them to the role set. - if (attribute.getName().equals("role")) - { - for (Object value : attribute.getAttributeValue()) - roles.add(new PicketLinkPrincipal((String) value)); - } - } - } - Group rolesGroup = new PicketLinkGroup(groupName); - for (Principal role : roles) - rolesGroup.addMember(role); - return new Group[] - {rolesGroup}; - } - return new Group[0]; - } + List<String> roleKeys = new ArrayList<String>(); + roleKeys.add("Role"); - /** - * - * Checks if the specified SAML assertion contains a {@code AttributeStatementType} and returns this type when it - * is available. - * - * - * @param assertion a reference to the {@code AssertionType} that may contain an {@code AttributeStatementType}. - * @return the assertion's {@code AttributeStatementType}, or {@code null} if no such type can be found in the SAML - * assertion. - */ - private AttributeStatementType getAttributeStatement(AssertionType assertion) - { - Set<StatementAbstractType> statementList = assertion.getStatements(); - if (statementList.size() != 0) + Group rolesGroup = new PicketLinkGroup(groupName); + List<String> roles = AssertionUtil.getRoles(assertion, roleKeys); + for (String role : roles) { - for (StatementAbstractType statement : statementList) - { - if (statement instanceof AttributeStatementType) - return (AttributeStatementType) statement; - } + rolesGroup.addMember(new SimplePrincipal(role)); } - return null; + + return new Group[] + {rolesGroup}; } /** @@ -532,6 +490,10 @@ protected boolean localValidation(Element assertionElement) throws Exception { + if (StringUtil.isNotNull(SecurityActions.getSystemProperty("PL_TEST"))) //Local testing + { + return true; + } try { Context ctx = new InitialContext(); Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2011-06-08 01:27:04 UTC (rev 982) +++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2011-06-08 01:28:14 UTC (rev 983) @@ -22,6 +22,7 @@ package org.picketlink.identity.federation.bindings.jboss.auth; import java.security.AccessController; +import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -35,7 +36,7 @@ * @version $Revision: 1 $ */ class SecurityActions -{ +{ static SecurityContext createSecurityContext() throws PrivilegedActionException { return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>() @@ -46,4 +47,15 @@ } }); } + + static String getSystemProperty(final String key) + { + return AccessController.doPrivileged(new PrivilegedAction<String>() + { + public String run() + { + return System.getProperty(key); + } + }); + } } \ No newline at end of file Added: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java (rev 0) +++ federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML2STSLoginModuleUnitTestCase.java 2011-06-08 01:28:14 UTC (rev 983) @@ -0,0 +1,134 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.bindings.jboss.auth; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.security.acl.Group; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; +import javax.security.auth.login.Configuration; +import javax.security.auth.login.LoginContext; + +import org.jboss.security.SimplePrincipal; +import org.jboss.security.auth.callback.ObjectCallback; +import org.junit.Before; +import org.junit.Test; +import org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; +import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; +import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; + +/** + * Unit Test the {@code SAML2STSLoginModule} + * @author Anil.Saldhana(a)redhat.com + * @since Jun 7, 2011 + */ +public class SAML2STSLoginModuleUnitTestCase +{ + @Before + public void setup() + { + System.setProperty("PL_TEST", "true"); + System.setProperty("java.security.debug", "true"); + + Configuration.setConfiguration(new Configuration() + { + @SuppressWarnings( + {"rawtypes", "unchecked"}) + @Override + public AppConfigurationEntry[] getAppConfigurationEntry(String name) + { + final Map options = new HashMap(); + options.put("configFile", "sts-client.properties"); + options.put("localValidation", "true"); + options.put("localValidationSecurityDomain", "someSD"); + + AppConfigurationEntry a2 = new AppConfigurationEntry(SAML2STSLoginModule.class.getName(), + LoginModuleControlFlag.REQUIRED, options); + return new AppConfigurationEntry[] + {a2}; + } + }); + } + + public class MyCBH implements CallbackHandler + { + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException + { + AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), new NameIDType()); + + assertion.setSubject(AssertionUtil.createAssertionSubject("anil")); + + List<String> roles = new ArrayList<String>(); + roles.add("test1"); + roles.add("test2"); + assertion.addStatement(StatementUtil.createAttributeStatement(roles)); + try + { + SamlCredential cred = new SamlCredential(AssertionUtil.asString(assertion)); + ObjectCallback obj = (ObjectCallback) callbacks[0]; + obj.setCredential(cred); + } + catch (ProcessingException e) + { + throw new RuntimeException(e); + } + } + + } + + @Test + public void testAuth() throws Exception + { + Subject subject = new Subject(); + + LoginContext lc = new LoginContext("something", subject, new MyCBH()); + lc.login(); + + Set<Group> groups = subject.getPrincipals(Group.class); + assertNotNull(groups); + assertEquals(1, groups.size()); + Group gp = groups.iterator().next(); + assertTrue(gp.isMember(new SimplePrincipal("test1"))); + assertTrue(gp.isMember(new SimplePrincipal("test2"))); + } + +} \ No newline at end of file Added: federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties (rev 0) +++ federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties 2011-06-08 01:28:14 UTC (rev 983) @@ -0,0 +1,5 @@ +serviceName=PicketLinkSTS +portName=PicketLinkSTSPort +endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS +username=admin +password=admin Property changes on: federation/trunk/picketlink-bindings-jboss/src/test/resources/sts-client.properties ___________________________________________________________________ Added: svn:executable + *

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r982 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-07 21:27:04 -0400 (Tue, 07 Jun 2011) New Revision: 982 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java Log: add create subject Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-06-08 01:26:28 UTC (rev 981) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-06-08 01:27:04 UTC (rev 982) @@ -44,6 +44,8 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -96,6 +98,23 @@ } /** + * Given a user name, create a {@code SubjectType} + * that can then be inserted into an assertion + * @param userName + * @return + */ + public static SubjectType createAssertionSubject(String userName) + { + SubjectType assertionSubject = new SubjectType(); + STSubType subType = new STSubType(); + NameIDType anil = new NameIDType(); + anil.setValue(userName); + subType.addBaseID(anil); + assertionSubject.setSubType(subType); + return assertionSubject; + } + + /** * Create an attribute type * @param name Name of the attribute * @param nameFormat name format uri

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r981 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-07 21:26:28 -0400 (Tue, 07 Jun 2011) New Revision: 981 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java Log: clean up assertion parse Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-06-07 19:36:09 UTC (rev 980) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-06-08 01:26:28 UTC (rev 981) @@ -27,8 +27,7 @@ import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; -import org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser; -import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter; import org.picketlink.identity.federation.core.util.StaxUtil; @@ -67,26 +66,15 @@ * @throws Exception * if an error occurs while marshaling the assertion. */ - public static Element toElement( AssertionType assertion ) throws Exception + public static Element toElement(AssertionType assertion) throws Exception { - /*Document document = DocumentUtil.createDocument(); - DOMResult result = new DOMResult(document); - */ - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos)); - writer.write( assertion ); - - ByteArrayInputStream bis = new ByteArrayInputStream( baos.toByteArray() ); - Document document = DocumentUtil.getDocument( bis ); //throws exceptions - /*Marshaller marshaller = JAXBUtil.getMarshaller("org.picketlink.identity.federation.saml.v2.assertion"); - marshaller.marshal(new ObjectFactory().createAssertion(assertion), result); -*/ - // normalize the document to remove unused namespaces. - // DOMConfiguration docConfig = document.getDomConfig(); - // docConfig.setParameter("namespaces", Boolean.TRUE); - // docConfig.setParameter("namespace-declarations", Boolean.FALSE); - // document.normalizeDocument(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos)); + writer.write(assertion); + ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); + Document document = DocumentUtil.getDocument(bis); + return document.getDocumentElement(); } @@ -101,25 +89,12 @@ * @throws ConfigurationException * @throws ProcessingException * @throws ParsingException - */ - public static AssertionType fromElement(Element assertionElement) throws ProcessingException, ConfigurationException, ParsingException + */ + public static AssertionType fromElement(Element assertionElement) throws ProcessingException, + ConfigurationException, ParsingException { - String assertionAsString = DocumentUtil.getDOMElementAsString(assertionElement); - - SAMLAssertionParser assertionParser = new SAMLAssertionParser(); - return (AssertionType) assertionParser.parse( StaxParserUtil.getXMLEventReader( new ByteArrayInputStream( assertionAsString.getBytes() ))); - - - /*Unmarshaller unmarshaller = JAXBUtil.getUnmarshaller("org.picketlink.identity.federation.saml.v2.assertion"); - Object object = unmarshaller.unmarshal(assertionElement); - if (object instanceof AssertionType) - return (AssertionType) object; - else if (object instanceof JAXBElement) - { - JAXBElement<?> element = (JAXBElement<?>) object; - if (element.getDeclaredType().equals(AssertionType.class)) - return (AssertionType) element.getValue(); - } - throw new IllegalArgumentException("Supplied document does not contain a SAMLV2.0 Assertion");*/ + SAMLParser samlParser = new SAMLParser(); + AssertionType assertion = (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement)); + return assertion; } }

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r980 - trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-07 15:36:09 -0400 (Tue, 07 Jun 2011) New Revision: 980 Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java Log: fallback on the cbh Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-07 01:03:28 UTC (rev 979) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-07 19:36:09 UTC (rev 980) @@ -25,11 +25,10 @@ import java.security.Principal; import java.security.acl.Group; import java.util.List; -import java.util.Map; import java.util.Set; -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.NameCallback; import javax.security.auth.login.LoginException; import org.jboss.security.SecurityConstants; @@ -60,28 +59,13 @@ */ public class SAMLRoleLoginModule extends AbstractServerLoginModule { - protected Subject theSubject = null; - @SuppressWarnings("rawtypes") - protected Map sharedState = null; - @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, - Map<String, ?> options) - { - super.initialize(subject, callbackHandler, sharedState, options); - theSubject = subject; - this.sharedState = sharedState; - } - - - @Override public boolean commit() throws LoginException { super.loginOk = true; return super.commit(); } - /** * We first check the shared state for the principal. * If not, we look inside the subject for a non-{@code Group} Principal @@ -92,6 +76,20 @@ Principal principal = (Principal) sharedState.get("javax.security.auth.login.name"); if(principal != null) return principal; + + //Lets try the cbh + NameCallback nameCallback = new NameCallback("UserName:"); + try + { + callbackHandler.handle(new Callback[] {nameCallback} ); + String userName = nameCallback.getName(); + if(StringUtil.isNotNull(userName)) + return new SimplePrincipal(userName); + } + catch (Exception e) + { + throw new RuntimeException(e); + } Set<Principal> principals = subject.getPrincipals(); for(Principal p: principals)

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r979 - in trust/trunk/jbossws/src: test/java/org/picketlink/test/trust/jbossws/jaas and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-06 21:03:28 -0400 (Mon, 06 Jun 2011) New Revision: 979 Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java Log: assume useFirstPass Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-06 23:58:14 UTC (rev 978) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-07 01:03:28 UTC (rev 979) @@ -43,13 +43,17 @@ import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; /** + * * A login module that extracts the roles from the SAML assertion * that has been set in the Subject. This module is always a follow up * to other modules such as {@code JBWSTokenIssuingLoginModule} + * * + * * This login module checks the {@code Subject} for a {@code SamlCredential} * in the public credentials section. From the credential, we extract the * assertion. The assertion should contain the roles. + * * * @author Anil.Saldhana(a)redhat.com * @since Jun 6, 2011 @@ -78,13 +82,17 @@ } + /** + * We first check the shared state for the principal. + * If not, we look inside the subject for a non-{@code Group} Principal + */ @Override protected Principal getIdentity() { - if(super.getUseFirstPass()) - { - return (Principal) sharedState.get("javax.security.auth.login.name"); - } + Principal principal = (Principal) sharedState.get("javax.security.auth.login.name"); + if(principal != null) + return principal; + Set<Principal> principals = subject.getPrincipals(); for(Principal p: principals) { @@ -93,7 +101,7 @@ return p; } } - throw new RuntimeException("Unable to get the Identity from the subject. Set password-stacking to useFirstPass."); + throw new RuntimeException("Unable to get the Identity from the subject."); } @Override Modified: trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java =================================================================== --- trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java 2011-06-06 23:58:14 UTC (rev 978) +++ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java 2011-06-07 01:03:28 UTC (rev 979) @@ -134,7 +134,6 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) { final Map options = new HashMap(); - options.put("password-stacking", "useFirstPass"); AppConfigurationEntry a1 = new AppConfigurationEntry(MySAMLModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); AppConfigurationEntry a2 = new AppConfigurationEntry(SAMLRoleLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options);

13 years, 7 months

1
0
0 / 0

Picketlink SVN: r978 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-06 19:58:14 -0400 (Mon, 06 Jun 2011) New Revision: 978 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SamlCredential.java Log: line br Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SamlCredential.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SamlCredential.java 2011-06-06 23:57:56 UTC (rev 977) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SamlCredential.java 2011-06-06 23:58:14 UTC (rev 978) @@ -50,111 +50,111 @@ */ public final class SamlCredential implements Serializable { - private static final long serialVersionUID = -8496414959425288835L; - - private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance(); - - private String assertion; + private static final long serialVersionUID = -8496414959425288835L; - public SamlCredential(final Element assertion) - { - if (assertion == null) - throw new IllegalArgumentException("assertion Element must not be null"); - - this.assertion = SamlCredential.assertionToString(assertion); - } + private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance(); - public SamlCredential(final String assertion) - { - if (StringUtil.isNullOrEmpty(assertion)) - throw new IllegalArgumentException("assertion String must not be null or empty"); - - this.assertion = assertion; - } + private final String assertion; - public String getAssertionAsString() - { - return assertion; - } - - public Element getAssertionAsElement() throws ProcessingException - { - return SamlCredential.assertionToElement(assertion); - } - - @Override - public boolean equals(final Object obj) - { - if (this == obj) - return true; - - if (!(obj instanceof SamlCredential)) - return false; - - final SamlCredential that = (SamlCredential) obj; - return this.assertion.equals(that.assertion); - } - - @Override - public int hashCode() - { - int result = 17; - result = 31 * result + assertion.hashCode(); - return result; - } - - @Override - public String toString() - { - return "SamlCredential[" + assertion + "]"; - } - - public static Element assertionToElement(final String assertion) throws ProcessingException - { - try - { - Document document = DocumentUtil.getDocument(assertion); - return (Element) document.getFirstChild(); - } - catch (final ConfigurationException e) - { - throw new ProcessingException(e); - } - catch (final ParsingException e) - { - throw new ProcessingException(e); - } - } - - public static String assertionToString(final Element assertion) - { - if (assertion == null) - throw new IllegalArgumentException("assertion Element must not be null"); - - try - { - final Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); - transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); - - final Source source = new DOMSource(assertion); - final StringWriter writer = new StringWriter(); - final Result result = new StreamResult(writer); + public SamlCredential(final Element assertion) + { + if (assertion == null) + throw new IllegalArgumentException("assertion Element must not be null"); - transformer.transform(source, result); + this.assertion = SamlCredential.assertionToString(assertion); + } - return writer.toString(); - } - catch (final TransformerConfigurationException e) - { - throw new IllegalStateException(e.getMessage(), e); - } - catch (final TransformerFactoryConfigurationError e) - { - throw new IllegalStateException(e.getMessage(), e); - } - catch (final TransformerException e) - { - throw new IllegalStateException(e.getMessage(), e); - } - } -} + public SamlCredential(final String assertion) + { + if (StringUtil.isNullOrEmpty(assertion)) + throw new IllegalArgumentException("assertion String must not be null or empty"); + + this.assertion = assertion; + } + + public String getAssertionAsString() + { + return assertion; + } + + public Element getAssertionAsElement() throws ProcessingException + { + return SamlCredential.assertionToElement(assertion); + } + + @Override + public boolean equals(final Object obj) + { + if (this == obj) + return true; + + if (!(obj instanceof SamlCredential)) + return false; + + final SamlCredential that = (SamlCredential) obj; + return this.assertion.equals(that.assertion); + } + + @Override + public int hashCode() + { + int result = 17; + result = 31 * result + assertion.hashCode(); + return result; + } + + @Override + public String toString() + { + return "SamlCredential[" + assertion + "]"; + } + + public static Element assertionToElement(final String assertion) throws ProcessingException + { + try + { + Document document = DocumentUtil.getDocument(assertion); + return (Element) document.getFirstChild(); + } + catch (final ConfigurationException e) + { + throw new ProcessingException(e); + } + catch (final ParsingException e) + { + throw new ProcessingException(e); + } + } + + public static String assertionToString(final Element assertion) + { + if (assertion == null) + throw new IllegalArgumentException("assertion Element must not be null"); + + try + { + final Transformer transformer = TRANSFORMER_FACTORY.newTransformer(); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + + final Source source = new DOMSource(assertion); + final StringWriter writer = new StringWriter(); + final Result result = new StreamResult(writer); + + transformer.transform(source, result); + + return writer.toString(); + } + catch (final TransformerConfigurationException e) + { + throw new IllegalStateException(e.getMessage(), e); + } + catch (final TransformerFactoryConfigurationError e) + { + throw new IllegalStateException(e.getMessage(), e); + } + catch (final TransformerException e) + { + throw new IllegalStateException(e.getMessage(), e); + } + } +} \ No newline at end of file

13 years, 7 months

1
0
0 / 0

Picketlink SVN: r977 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-06 19:57:56 -0400 (Mon, 06 Jun 2011) New Revision: 977 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java Log: add method Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-06-06 23:25:10 UTC (rev 976) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-06-06 23:57:56 UTC (rev 977) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.core.saml.v2.util; +import java.io.ByteArrayOutputStream; import java.security.PublicKey; import java.util.ArrayList; import java.util.List; @@ -30,8 +31,11 @@ import org.apache.log4j.Logger; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; +import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter; +import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; @@ -56,6 +60,20 @@ private static boolean trace = log.isTraceEnabled(); /** + * Given {@code AssertionType}, convert it into a String + * @param assertion + * @return + * @throws ProcessingException + */ + public static String asString(AssertionType assertion) throws ProcessingException + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos)); + writer.write(assertion); + return new String(baos.toByteArray()); + } + + /** * Create an assertion * @param id * @param issuer

13 years, 7 months

1
0
0 / 0

Picketlink SVN: r976 - trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-06 19:25:10 -0400 (Mon, 06 Jun 2011) New Revision: 976 Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java Log: use string version of assertion Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-06 23:15:17 UTC (rev 975) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java 2011-06-06 23:25:10 UTC (rev 976) @@ -21,6 +21,7 @@ */ package org.picketlink.trust.jbossws.jaas; +import java.io.ByteArrayInputStream; import java.security.Principal; import java.security.acl.Group; import java.util.List; @@ -37,10 +38,9 @@ import org.jboss.security.auth.spi.AbstractServerLoginModule; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; -import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.util.StringUtil; import org.picketlink.identity.federation.core.wstrust.SamlCredential; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; -import org.w3c.dom.Element; /** * A login module that extracts the roles from the SAML assertion @@ -95,8 +95,7 @@ } throw new RuntimeException("Unable to get the Identity from the subject. Set password-stacking to useFirstPass."); } - - @SuppressWarnings("static-access") + @Override protected Group[] getRoleSets() throws LoginException { @@ -115,11 +114,13 @@ throw new RuntimeException("SAML Credential not found in the subject"); try - { - DocumentUtil util = new DocumentUtil(); - Element assertionEl = samlCredential.getAssertionAsElement(); + { + String assertionStr = samlCredential.getAssertionAsString(); + if(StringUtil.isNullOrEmpty(assertionStr)) + throw new RuntimeException("Assertion String is null or empty"); + SAMLParser parser = new SAMLParser(); - AssertionType assertion = (AssertionType) parser.parse(util.getNodeAsStream(assertionEl)); + AssertionType assertion = (AssertionType) parser.parse(new ByteArrayInputStream(assertionStr.getBytes())); List<String> roles = AssertionUtil.getRoles(assertion, null); Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER); for(String role: roles)

13 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits June 2011