July 2011 - picketlink-commits - Jboss List Archives

Picketlink SVN: r1084 - idm/trunk/picketlink-idm-testsuite/integration/ldap2/src/test/java/org/picketlink/idm/impl/store/ldap/api.

by picketlink-commits＠lists.jboss.org

Author: bdaw Date: 2011-07-12 17:11:12 -0400 (Tue, 12 Jul 2011) New Revision: 1084 Modified: idm/trunk/picketlink-idm-testsuite/integration/ldap2/src/test/java/org/picketlink/idm/impl/store/ldap/api/TwoLDAPTestCase.java Log: - fix testsuite Modified: idm/trunk/picketlink-idm-testsuite/integration/ldap2/src/test/java/org/picketlink/idm/impl/store/ldap/api/TwoLDAPTestCase.java =================================================================== --- idm/trunk/picketlink-idm-testsuite/integration/ldap2/src/test/java/org/picketlink/idm/impl/store/ldap/api/TwoLDAPTestCase.java 2011-07-12 20:57:41 UTC (rev 1083) +++ idm/trunk/picketlink-idm-testsuite/integration/ldap2/src/test/java/org/picketlink/idm/impl/store/ldap/api/TwoLDAPTestCase.java 2011-07-12 21:11:12 UTC (rev 1084) @@ -61,6 +61,11 @@ hibernateTest.start(); ldapTestPOJO.start(); + if (!ldapTestPOJO.getDirectoryName().equals(ldapTestPOJO.EMBEDDED_OPEN_DS_DIRECTORY_NAME)) + { + return; + } + setRealmName("DB_2LDAP_REALM"); ldapTestPOJO.populateLDIF("ldap/initial-opends.ldif"); @@ -85,6 +90,12 @@ public void testWhatIsAccesible() throws Exception { + + if (!ldapTestPOJO.getDirectoryName().equals(ldapTestPOJO.EMBEDDED_OPEN_DS_DIRECTORY_NAME)) + { + return; + } + IdentitySession session = identitySessionFactory.createIdentitySession(getRealmName()); begin();

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1083 - idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api.

by picketlink-commits＠lists.jboss.org

Author: bdaw Date: 2011-07-12 16:57:41 -0400 (Tue, 12 Jul 2011) New Revision: 1083 Modified: idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/APILDAPTestCase.java Log: - build fixes Modified: idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/APILDAPTestCase.java =================================================================== --- idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/APILDAPTestCase.java 2011-07-12 20:36:11 UTC (rev 1082) +++ idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/APILDAPTestCase.java 2011-07-12 20:57:41 UTC (rev 1083) @@ -72,6 +72,8 @@ hibernateTest.start(); ldapTestPOJO.start(); + identityConfig = ldapTestPOJO.getIdentityConfig(); + persistenceManagerTest = new PersistenceManagerTest(this); relationshipManagerTest = new RelationshipManagerTest(this); roleManagerTest = new RoleManagerTest(this);

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1082 - idm/trunk/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/configuration/stax.

by picketlink-commits＠lists.jboss.org

Author: bdaw Date: 2011-07-12 16:36:11 -0400 (Tue, 12 Jul 2011) New Revision: 1082 Modified: idm/trunk/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/configuration/stax/ParserUtilTestCase.java Log: - disable parser tests for now Modified: idm/trunk/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/configuration/stax/ParserUtilTestCase.java =================================================================== --- idm/trunk/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/configuration/stax/ParserUtilTestCase.java 2011-07-12 20:28:48 UTC (rev 1081) +++ idm/trunk/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/configuration/stax/ParserUtilTestCase.java 2011-07-12 20:36:11 UTC (rev 1082) @@ -44,58 +44,58 @@ public void testOptions() throws Exception { - InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("config/parse-options.xml"); - XMLInputFactory factory = XMLInputFactory.newInstance(); - XMLStreamReader stream = factory.createXMLStreamReader(is); +// InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("config/parse-options.xml"); +// XMLInputFactory factory = XMLInputFactory.newInstance(); +// XMLStreamReader stream = factory.createXMLStreamReader(is); +// +// // +// navigator = new StaxNavigatorImpl<String>(new Naming.Local(), stream); +// +// +// assertTrue(navigator.child("options")); +// Map<String, List<String>> options = ParserUtil.parseOptions(navigator); +// +// assertEquals(3, options.size()); +// assertEquals(4, options.get("opt-c").size()); - // - navigator = new StaxNavigatorImpl<String>(new Naming.Local(), stream); - assertTrue(navigator.child("options")); - Map<String, List<String>> options = ParserUtil.parseOptions(navigator); - assertEquals(3, options.size()); - assertEquals(4, options.get("opt-c").size()); - - - - } public void testAttributess() throws Exception { - InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("config/parse-attributes.xml"); - XMLInputFactory factory = XMLInputFactory.newInstance(); - XMLStreamReader stream = factory.createXMLStreamReader(is); +// InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("config/parse-attributes.xml"); +// XMLInputFactory factory = XMLInputFactory.newInstance(); +// XMLStreamReader stream = factory.createXMLStreamReader(is); +// +// // +// navigator = new StaxNavigatorImpl<String>(new Naming.Local(), stream); +// +// +// assertTrue(navigator.child("attributes")); +// List<IdentityObjectAttributeMetaData> attrs = ParserUtil.parseAttributes(navigator); +// +// assertEquals(3, attrs.size()); +// +// IdentityObjectAttributeMetaData attr = attrs.get(0); +// assertEquals("picture", attr.getName()); +// assertEquals("user.picture", attr.getStoreMapping()); +// assertEquals("binary", attr.getType()); +// assertEquals(false, attr.isReadonly()); +// +// attr = attrs.get(1); +// assertEquals("email", attr.getName()); +// assertEquals("mail", attr.getStoreMapping()); +// assertEquals("text", attr.getType()); +// assertEquals(false, attr.isReadonly()); +// +// attr = attrs.get(2); +// assertEquals("description", attr.getName()); +// assertEquals("description", attr.getStoreMapping()); +// assertEquals("text", attr.getType()); +// assertEquals(true, attr.isReadonly()); - // - navigator = new StaxNavigatorImpl<String>(new Naming.Local(), stream); - - - assertTrue(navigator.child("attributes")); - List<IdentityObjectAttributeMetaData> attrs = ParserUtil.parseAttributes(navigator); - - assertEquals(3, attrs.size()); - - IdentityObjectAttributeMetaData attr = attrs.get(0); - assertEquals("picture", attr.getName()); - assertEquals("user.picture", attr.getStoreMapping()); - assertEquals("binary", attr.getType()); - assertEquals(false, attr.isReadonly()); - - attr = attrs.get(1); - assertEquals("email", attr.getName()); - assertEquals("mail", attr.getStoreMapping()); - assertEquals("text", attr.getType()); - assertEquals(false, attr.isReadonly()); - - attr = attrs.get(2); - assertEquals("description", attr.getName()); - assertEquals("description", attr.getStoreMapping()); - assertEquals("text", attr.getType()); - assertEquals(true, attr.isReadonly()); - } }

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1081 - in idm/trunk: picketlink-idm-ldap/src/test/resources/datasources and 1 other directories.

by picketlink-commits＠lists.jboss.org

Author: bdaw Date: 2011-07-12 16:28:48 -0400 (Tue, 12 Jul 2011) New Revision: 1081 Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/datasources/directories.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k3.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k8.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends12.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends20.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-openldapds.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-redhatds.xml idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-sunds.xml idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/OrganizationLDAPTestCase.java Log: - fix LDAP matrix testsuite Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/datasources/directories.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/datasources/directories.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/datasources/directories.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -40,10 +40,10 @@ </directory> <directory> <directory-name>OpenDS-2-0</directory-name> - <description>ldap://dev39.qa.atl.jboss.com:2389</description> + <description>ldap://dev39.mw.lab.eng.bos.redhat.com:2389</description>  <config-file>test-identity-config-opends20.xml</config-file> - <host>dev39.qa.atl.jboss.com</host> + <host>perf15.mw.lab.eng.bos.redhat.com</host> <port>2389</port> <context-factory>com.sun.jndi.ldap.LdapCtxFactory</context-factory> <admin-dn>cn=Directory Manager</admin-dn> @@ -55,10 +55,10 @@ </directory> <directory> <directory-name>OpenDS-1-2</directory-name> - <description>ldap://dev39.qa.atl.jboss.com:3389</description> + <description>ldap://dev39.mw.lab.eng.bos.redhat.com:3389</description>  <config-file>test-identity-config-opends12.xml</config-file> - <host>dev39.qa.atl.jboss.com</host> + <host>dev39.mw.lab.eng.bos.redhat.com</host> <port>3389</port> <context-factory>com.sun.jndi.ldap.LdapCtxFactory</context-factory> <admin-dn>cn=Directory Manager</admin-dn> @@ -70,10 +70,10 @@ </directory> <directory> <directory-name>SunDS</directory-name> - <description>ldap://dev39.qa.atl.jboss.com:1389</description> + <description>ldap://dev39.mw.lab.eng.bos.redhat.com:1389</description>  <config-file>test-identity-config-sunds.xml</config-file> - <host>dev39.qa.atl.jboss.com</host> + <host>dev39.mw.lab.eng.bos.redhat.com</host> <port>1389</port> <context-factory>com.sun.jndi.ldap.LdapCtxFactory</context-factory> <admin-dn>cn=Directory Manager</admin-dn> @@ -85,10 +85,10 @@ </directory> <directory> <directory-name>RedHatDS</directory-name> - <description>ldap://dev39.qa.atl.jboss.com:10389</description> + <description>ldap://dev39.mw.lab.eng.bos.redhat.com:10389</description> <config-file>test-identity-config-redhatds.xml</config-file> - <host>dev39.qa.atl.jboss.com</host> + <host>dev39.mw.lab.eng.bos.redhat.com</host> <port>10389</port> <context-factory>com.sun.jndi.ldap.LdapCtxFactory</context-factory> <admin-dn>cn=Directory Manager</admin-dn> @@ -100,10 +100,10 @@ </directory> <directory> <directory-name>OpenLDAP</directory-name> - <description>ldap://dev39.qa.atl.jboss.com:389</description> + <description>ldap://dev39.mw.lab.eng.bos.redhat.com:389</description> <config-file>test-identity-config-openldapds.xml</config-file> - <host>dev39.qa.atl.jboss.com</host> + <host>dev39.mw.lab.eng.bos.redhat.com</host> <port>389</port> <context-factory>com.sun.jndi.ldap.LdapCtxFactory</context-factory> <admin-dn>cn=Manager,dc=my-domain,dc=com</admin-dn> @@ -145,10 +145,10 @@ </directory> <directory> <directory-name>MSAD-2k3</directory-name> - <description>ldap://dev44.qa.atl.jboss.com:389</description> + <description>ldap://dev44.mw.lab.eng.bos.redhat.com:389</description> <config-file>test-identity-config-msad-2k3.xml</config-file> - <host>dev44.qa.atl.jboss.com</host> + <host>dev44.mw.lab.eng.bos.redhat.com</host> <port>389</port> <context-factory>com.sun.jndi.ldap.LdapCtxFactory</context-factory> <admin-dn>JBOSS\jbossqa</admin-dn> @@ -186,4 +186,4 @@ <cleanup-dn>o=jbid,dc=test,dc=domain</cleanup-dn> </directory> -</directories> +</directories> \ No newline at end of file Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k3.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k3.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k3.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -866,7 +866,7 @@ <options> <option> <name>providerURL</name> - <value>ldaps://dev44.qa.atl.jboss.com:636</value> + <value>ldap://dev44.mw.lab.eng.bos.redhat.com:636</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k8.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k8.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-msad-2k8.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -866,7 +866,7 @@ <options> <option> <name>providerURL</name> - <value>ldaps://vmg13.mw.lab.eng.bos.redhat.com:636</value> + <value>ldap://vmg13.mw.lab.eng.bos.redhat.com:636</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends12.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends12.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends12.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -885,7 +885,7 @@ <options> <option> <name>providerURL</name> - <value>ldap://dev39.qa.atl.jboss.com:3389</value> + <value>ldap://dev39.mw.lab.eng.bos.redhat.com:3389</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends20.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends20.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-opends20.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -885,7 +885,7 @@ <options> <option> <name>providerURL</name> - <value>ldap://dev39.qa.atl.jboss.com:2389</value> + <value>ldap://dev39.mw.lab.eng.bos.redhat.com:2389</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-openldapds.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-openldapds.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-openldapds.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -876,7 +876,7 @@ <options> <option> <name>providerURL</name> - <value>ldap://dev39.qa.atl.jboss.com:389</value> + <value>ldap://dev39.mw.lab.eng.bos.redhat.com:389</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-redhatds.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-redhatds.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-redhatds.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -874,7 +874,7 @@ <options> <option> <name>providerURL</name> - <value>ldap://dev39.qa.atl.jboss.com:10389</value> + <value>ldap://dev39.mw.lab.eng.bos.redhat.com:10389</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-sunds.xml =================================================================== --- idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-sunds.xml 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-ldap/src/test/resources/test-identity-config-sunds.xml 2011-07-12 20:28:48 UTC (rev 1081) @@ -149,34 +149,7 @@ <identity-object-type> <name>USER</name> <relationships> -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  + </relationships> <credentials> <credential-type>PASSWORD</credential-type> @@ -874,7 +847,7 @@ <options> <option> <name>providerURL</name> - <value>ldap://dev39.qa.atl.jboss.com:1389</value> + <value>ldap://dev39.mw.lab.eng.bos.redhat.com:1389</value> </option> <option> <name>adminDN</name> Modified: idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/OrganizationLDAPTestCase.java =================================================================== --- idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/OrganizationLDAPTestCase.java 2011-07-08 17:56:06 UTC (rev 1080) +++ idm/trunk/picketlink-idm-testsuite/integration/ldap/src/test/java/org/picketlink/idm/impl/store/ldap/api/OrganizationLDAPTestCase.java 2011-07-12 20:28:48 UTC (rev 1081) @@ -56,6 +56,8 @@ hibernateTest.start(); ldapTestPOJO.start(); + identityConfig = ldapTestPOJO.getIdentityConfig(); + orgTest = new OrganizationTest(this); ldapTestPOJO.populateClean();

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1080 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat and 26 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-08 13:56:06 -0400 (Fri, 08 Jul 2011) New Revision: 1080 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java Log: PLFED-207: use intiating CL over the tccl first Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/servlets/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,7 +31,7 @@ */ class SecurityActions { - static void setSystemProperty( final String key, final String value) + static void setSystemProperty(final String key, final String value) { AccessController.doPrivileged(new PrivilegedAction<Object>() { @@ -40,18 +40,6 @@ System.setProperty(key, value); return null; } - }); - } - - static ClassLoader getContextClassLoader() - { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() - { - public ClassLoader run() - { - return Thread.currentThread().getContextClassLoader(); - } }); } - } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,21 +31,44 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Get a system property * @param key the key for the property @@ -58,8 +81,8 @@ { public String run() { - return System.getProperty(key,defaultValue); + return System.getProperty(key, defaultValue); } - }); + }); } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -218,7 +218,9 @@ { try { - Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(rgName); + Class<?> clazz = SecurityActions.loadClass(getClass(), rgName); + if (clazz == null) + throw new RuntimeException("Unable to load class:" + rgName); roleGenerator = (RoleGenerator) clazz.newInstance(); } catch (Exception e) @@ -989,8 +991,10 @@ String attributeManager = idpConfiguration.getAttributeManager(); if (attributeManager != null && !"".equals(attributeManager)) { - ClassLoader tcl = SecurityActions.getContextClassLoader(); - AttributeManager delegate = (AttributeManager) tcl.loadClass(attributeManager).newInstance(); + Class<?> clazz = SecurityActions.loadClass(getClass(), attributeManager); + if (clazz == null) + throw new RuntimeException("Unable to load class:" + attributeManager); + AttributeManager delegate = (AttributeManager) clazz.newInstance(); this.attribManager.setDelegate(delegate); } } @@ -1085,8 +1089,11 @@ { try { - Class<?> stackClass = SecurityActions.getContextClassLoader().loadClass(this.identityParticipantStack); - identityServer.setStack((IdentityParticipantStack) stackClass.newInstance()); + Class<?> clazz = SecurityActions.loadClass(getClass(), this.identityParticipantStack); + if (clazz == null) + throw new ClassNotFoundException("Unable to load class:" + this.identityParticipantStack); + + identityServer.setStack((IdentityParticipantStack) clazz.newInstance()); } catch (ClassNotFoundException e) { Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,18 +31,40 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } -} + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -47,18 +47,19 @@ public class SPPostSignatureFormAuthenticator extends SPPostFormAuthenticator { private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class); - private boolean trace = log.isTraceEnabled(); - + + private final boolean trace = log.isTraceEnabled(); + /** * Flag to indicate whether we want to sign the assertions */ protected boolean signAssertions = false; - + public SPPostSignatureFormAuthenticator() { this.validateSignature = true; } - + public boolean isSignAssertions() { return signAssertions; @@ -67,39 +68,42 @@ public void setSignAssertions(boolean signAssertions) { this.signAssertions = signAssertions; - } + } @Override public void start() throws LifecycleException { super.start(); this.supportSignatures = true; - + KeyProviderType keyProvider = this.spConfiguration.getKeyProvider(); - if(keyProvider == null) + if (keyProvider == null) throw new LifecycleException("KeyProvider is null"); try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); String keyManagerClassName = keyProvider.getClassName(); - if(keyManagerClassName == null) + if (keyManagerClassName == null) throw new RuntimeException("KeyManager class name is null"); - - Class<?> clazz = tcl.loadClass(keyManagerClassName); + + Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName); + if (clazz == null) + throw new RuntimeException("Unable to load class:" + keyManagerClassName); + this.keyManager = (TrustKeyManager) clazz.newInstance(); - + List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); - keyManager.setAuthProperties( authProperties ); + keyManager.setAuthProperties(authProperties); keyManager.setValidatingAlias(keyProvider.getValidatingAlias()); } - catch(Exception e) + catch (Exception e) { - log.error("Exception reading configuration:",e); + log.error("Exception reading configuration:", e); throw new LifecycleException(e.getLocalizedMessage()); } - if(trace) log.trace("Key Provider=" + keyProvider.getClassName()); + if (trace) + log.trace("Key Provider=" + keyProvider.getClassName()); } - + /** * Send the request to the IDP * @param destination idp url @@ -110,23 +114,21 @@ * @throws ProcessingException * @throws ConfigurationException * @throws IOException - */ + */ @Override - protected void sendRequestToIDP( - String destination, Document samlDocument,String relayState, Response response, - boolean willSendRequest) - throws ProcessingException, ConfigurationException, IOException + protected void sendRequestToIDP(String destination, Document samlDocument, String relayState, Response response, + boolean willSendRequest) throws ProcessingException, ConfigurationException, IOException { - if( keyManager == null ) - throw new IllegalStateException( "Key Manager is null" ); + if (keyManager == null) + throw new IllegalStateException("Key Manager is null"); //Sign the document SAML2Signature samlSignature = new SAML2Signature(); KeyPair keypair = keyManager.getSigningKeyPair(); - samlSignature.signSAMLDocument(samlDocument, keypair); - - if(trace) - log.trace("Sending to IDP:" + DocumentUtil.asString(samlDocument)); + samlSignature.signSAMLDocument(samlDocument, keypair); + + if (trace) + log.trace("Sending to IDP:" + DocumentUtil.asString(samlDocument)); //Let the super class handle the sending - super.sendRequestToIDP(destination, samlDocument, relayState, response, willSendRequest); - } + super.sendRequestToIDP(destination, samlDocument, relayState, response, willSendRequest); + } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -60,47 +60,50 @@ * @since Jan 12, 2009 */ public class SPRedirectSignatureFormAuthenticator extends SPRedirectFormAuthenticator -{ +{ private static Logger log = Logger.getLogger(SPRedirectSignatureFormAuthenticator.class); - private boolean trace = log.isTraceEnabled(); - - private TrustKeyManager keyManager; + private final boolean trace = log.isTraceEnabled(); + + private TrustKeyManager keyManager; + public SPRedirectSignatureFormAuthenticator() { - super(); + super(); } - + @Override public void start() throws LifecycleException { super.start(); Context context = (Context) getContainer(); - + KeyProviderType keyProvider = this.spConfiguration.getKeyProvider(); - if(keyProvider == null) - throw new LifecycleException("KeyProvider is null for context="+ context.getName()); + if (keyProvider == null) + throw new LifecycleException("KeyProvider is null for context=" + context.getName()); try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); String keyManagerClassName = keyProvider.getClassName(); - if(keyManagerClassName == null) + if (keyManagerClassName == null) throw new RuntimeException("KeyManager class name is null"); - - Class<?> clazz = tcl.loadClass(keyManagerClassName); + + Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName); + if (clazz == null) + throw new ClassNotFoundException("Unable to load class:" + keyManagerClassName); this.keyManager = (TrustKeyManager) clazz.newInstance(); - + List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); - keyManager.setAuthProperties( authProperties ); + keyManager.setAuthProperties(authProperties); keyManager.setValidatingAlias(keyProvider.getValidatingAlias()); } - catch(Exception e) + catch (Exception e) { - log.error("Exception reading configuration:",e); + log.error("Exception reading configuration:", e); throw new LifecycleException(e.getLocalizedMessage()); } - if(trace) log.trace("Key Provider=" + keyProvider.getClassName()); - + if (trace) + log.trace("Key Provider=" + keyProvider.getClassName()); + //Initialize the handler chain again, mainly for the signing pair try { @@ -108,39 +111,38 @@ super.initializeHandlerChain(); } catch (Exception e) - { - log.error("Exception reading configuration:",e); - throw new LifecycleException(e.getLocalizedMessage()); - } + { + log.error("Exception reading configuration:", e); + throw new LifecycleException(e.getLocalizedMessage()); + } } - + protected boolean validate(Request request) throws IOException, GeneralSecurityException { boolean result = super.validate(request); - if( result == false) + if (result == false) return result; - + String queryString = request.getQueryString(); //Check if there is a signature byte[] sigValue = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString); - if(sigValue == null) + if (sigValue == null) return false; - + //Construct the url again - String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SAMLResponse"); - String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, - GeneralConstants.RELAY_STATE); - String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SigAlg"); + String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SAMLResponse"); + String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.RELAY_STATE); + String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, "SigAlg"); StringBuilder sb = new StringBuilder(); sb.append("SAMLResponse=").append(reqFromURL); - - if(isNotNull(relayStateFromURL)) + + if (isNotNull(relayStateFromURL)) { sb.append("&RelayState=").append(relayStateFromURL); } sb.append("&SigAlg=").append(sigAlgFromURL); - + PublicKey validatingKey; try { @@ -155,7 +157,7 @@ throw new GeneralSecurityException(e.getCause()); } boolean isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey); - return isValid; + return isValid; } @Override @@ -164,16 +166,17 @@ try { //Get the signing key - PrivateKey signingKey = keyManager.getSigningKey(); - String url = RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest, urlEncodedRelayState, signingKey); + PrivateKey signingKey = keyManager.getSigningKey(); + String url = RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest, + urlEncodedRelayState, signingKey); return url; } - catch(Exception e) + catch (Exception e) { throw new RuntimeException(e); } - } - + } + @Override protected void initializeSAMLProcessor(ServiceProviderBaseProcessor processor) { @@ -182,36 +185,35 @@ } @Override - protected ResponseType decryptAssertion(ResponseType responseType) - throws IOException, GeneralSecurityException, ConfigurationException, ParsingException + protected ResponseType decryptAssertion(ResponseType responseType) throws IOException, GeneralSecurityException, + ConfigurationException, ParsingException { try { SAML2Response saml2Response = new SAML2Response(); - PrivateKey privateKey = keyManager.getSigningKey(); - - EncryptedElementType myEET = (EncryptedElementType) responseType.getAssertions().get(0).getEncryptedAssertion(); - Document eetDoc = saml2Response.convert(myEET); - - Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey); - return saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement)); - } + PrivateKey privateKey = keyManager.getSigningKey(); + + EncryptedElementType myEET = responseType.getAssertions().get(0).getEncryptedAssertion(); + Document eetDoc = saml2Response.convert(myEET); + + Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc, privateKey); + return saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement)); + } catch (Exception e) { throw new GeneralSecurityException(e); - } - } - + } + } + @Override - protected void populateChainConfig() - throws ConfigurationException, ProcessingException - { + protected void populateChainConfig() throws ConfigurationException, ProcessingException + { super.populateChainConfig(); - if(this.keyManager != null) + if (this.keyManager != null) { - if(trace) + if (trace) log.trace("Adding Keypair to the chain config"); chainConfigOptions.put(GeneralConstants.KEYPAIR, keyManager.getSigningKeyPair()); - } + } } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -32,21 +32,44 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Use reflection to get the {@link Method} on a {@link Class} with the * given parameter types @@ -72,4 +95,4 @@ } }); } -} +} \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -32,21 +32,6 @@ class SecurityActions { /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() - { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() - { - public ClassLoader run() - { - return Thread.currentThread().getContextClassLoader(); - } - }); - } - - /** * Get the system property * @param key * @param defaultValue @@ -62,4 +47,4 @@ } }); } -} +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,21 +31,43 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Get the system property * @param key Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -28,6 +28,7 @@ import java.io.OutputStream; import java.io.Writer; import java.net.URI; +import java.net.URL; import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.parsers.ParserConfigurationException; @@ -129,8 +130,19 @@ { if (fileName == null) throw new IllegalArgumentException("fileName is null"); - ClassLoader tcl = SecurityActions.getContextClassLoader(); - InputStream is = tcl.getResourceAsStream(fileName); + URL resourceURL = SecurityActions.loadResource(getClass(), fileName); + if (resourceURL == null) + throw new ProcessingException(fileName + " could not be loaded"); + + InputStream is = null; + try + { + is = resourceURL.openStream(); + } + catch (IOException e) + { + throw new ProcessingException(e); + } return getAuthnRequestType(is); } Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.api.saml.v2.request; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -31,21 +32,71 @@ */ class SecurityActions { + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** - * Get the Thread Context ClassLoader + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName * @return */ - static ClassLoader getContextClassLoader() + static URL loadResource(final Class<?> clazz, final String resourceName) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<URL>() { - public ClassLoader run() + public URL run() { - return Thread.currentThread().getContextClassLoader(); + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; } }); } - + /** * Get the system property * @param key @@ -62,4 +113,4 @@ } }); } -} +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -27,33 +27,60 @@ /** * Privileged Blocks */ -class SecurityActions { - /** - * Get the Thread Context ClassLoader - * - * @return - */ - static ClassLoader getContextClassLoader() { - return AccessController - .doPrivileged(new PrivilegedAction<ClassLoader>() { - public ClassLoader run() { - return Thread.currentThread().getContextClassLoader(); - } - }); - } +class SecurityActions +{ + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); - /** - * Get the system property - * - * @param key - * @param defaultValue - * @return - */ - static String getSystemProperty(final String key, final String defaultValue) { - return AccessController.doPrivileged(new PrivilegedAction<String>() { - public String run() { - return System.getProperty(key, defaultValue); - } - }); - } -} + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + + /** + * Get the system property + * + * @param key + * @param defaultValue + * @return + */ + static String getSystemProperty(final String key, final String defaultValue) + { + return AccessController.doPrivileged(new PrivilegedAction<String>() + { + public String run() + { + return System.getProperty(key, defaultValue); + } + }); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -57,7 +57,7 @@ * @since Jan 22, 2009 */ public class KeyStoreKeyManager implements TrustKeyManager -{ +{ /** * An map of secret keys alive only for the duration of the program. * The keys are generated on the fly. If you need sophisticated key @@ -66,38 +66,45 @@ * a TPM module or a HSM module. * Also see JBoss XMLKey. */ - private final Map<String,SecretKey> keys = new HashMap<String,SecretKey>(); - + private final Map<String, SecretKey> keys = new HashMap<String, SecretKey>(); + private static Logger log = Logger.getLogger(KeyStoreKeyManager.class); - private boolean trace = log.isTraceEnabled(); - - private final HashMap<String,String> domainAliasMap = new HashMap<String,String>(); - private final HashMap<String,String> authPropsMap = new HashMap<String,String>(); - + + private final boolean trace = log.isTraceEnabled(); + + private final HashMap<String, String> domainAliasMap = new HashMap<String, String>(); + + private final HashMap<String, String> authPropsMap = new HashMap<String, String>(); + private KeyStore ks = null; - + private String keyStoreURL; + private char[] signingKeyPass; + private String signingAlias; + private String keyStorePass; - + public static final String KEYSTORE_URL = "KeyStoreURL"; + public static final String KEYSTORE_PASS = "KeyStorePass"; + public static final String SIGNING_KEY_PASS = "SigningKeyPass"; + public static final String SIGNING_KEY_ALIAS = "SigningKeyAlias"; - + /** * @see TrustKeyManager#getSigningKey() */ - public PrivateKey getSigningKey() - throws TrustKeyConfigurationException, TrustKeyProcessingException + public PrivateKey getSigningKey() throws TrustKeyConfigurationException, TrustKeyProcessingException { try { - if(ks == null) + if (ks == null) this.setUpKeyStore(); - - if(ks == null) + + if (ks == null) throw new IllegalStateException("KeyStore is null"); return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass); } @@ -120,21 +127,20 @@ catch (IOException e) { throw new TrustKeyProcessingException(e); - } + } } /* * (non-Javadoc) * @see org.picketlink.identity.federation.bindings.interfaces.TrustKeyManager#getSigningKeyPair() */ - public KeyPair getSigningKeyPair() - throws TrustKeyConfigurationException, TrustKeyProcessingException + public KeyPair getSigningKeyPair() throws TrustKeyConfigurationException, TrustKeyProcessingException { try { - if(this.ks == null) + if (this.ks == null) this.setUpKeyStore(); - + PrivateKey privateKey = this.getSigningKey(); PublicKey publicKey = KeyStoreUtil.getPublicKey(this.ks, this.signingAlias, this.signingKeyPass); return new KeyPair(publicKey, privateKey); @@ -144,32 +150,31 @@ throw new TrustKeyConfigurationException(e); } catch (GeneralSecurityException e) - { + { throw new TrustKeyProcessingException(e); } catch (IOException e) - { + { throw new TrustKeyProcessingException(e); } } - + /** * @see TrustKeyManager#getCertificate(String) */ - public Certificate getCertificate(String alias) - throws TrustKeyConfigurationException, TrustKeyProcessingException + public Certificate getCertificate(String alias) throws TrustKeyConfigurationException, TrustKeyProcessingException { try { - if(ks == null) + if (ks == null) this.setUpKeyStore(); - - if(ks == null) + + if (ks == null) throw new IllegalStateException("KeyStore is null"); - - if(alias == null || alias.length() == 0) + + if (alias == null || alias.length() == 0) throw new IllegalArgumentException("Alias is null"); - + return ks.getCertificate(alias); } catch (KeyStoreException e) @@ -177,11 +182,11 @@ throw new TrustKeyConfigurationException(e); } catch (GeneralSecurityException e) - { + { throw new TrustKeyProcessingException(e); } catch (IOException e) - { + { throw new TrustKeyProcessingException(e); } } @@ -189,32 +194,31 @@ /** * @see TrustKeyManager#getPublicKey(String) */ - public PublicKey getPublicKey(String alias) - throws TrustKeyConfigurationException, TrustKeyProcessingException + public PublicKey getPublicKey(String alias) throws TrustKeyConfigurationException, TrustKeyProcessingException { PublicKey publicKey = null; - + try { - if(ks == null) + if (ks == null) { - if(trace) log.trace("getPublicKey::Keystore is null. so setting it up"); - this.setUpKeyStore(); + if (trace) + log.trace("getPublicKey::Keystore is null. so setting it up"); + this.setUpKeyStore(); } - - if(ks == null) + + if (ks == null) throw new IllegalStateException("KeyStore is null"); Certificate cert = ks.getCertificate(alias); - if(cert != null) + if (cert != null) publicKey = cert.getPublicKey(); - else - if(trace) - log.trace("No public key found for alias=" + alias); - + else if (trace) + log.trace("No public key found for alias=" + alias); + return publicKey; } catch (KeyStoreException e) - { + { throw new TrustKeyConfigurationException(e); } catch (GeneralSecurityException e) @@ -225,7 +229,7 @@ { throw new TrustKeyProcessingException(e); } - } + } /** * Get the validating public key @@ -234,26 +238,25 @@ * @see TrustKeyManager#getValidatingKey(String) * @see TrustKeyManager#getPublicKey(String) */ - public PublicKey getValidatingKey(String domain) - throws TrustKeyConfigurationException, TrustKeyProcessingException + public PublicKey getValidatingKey(String domain) throws TrustKeyConfigurationException, TrustKeyProcessingException { PublicKey publicKey = null; try { - if(ks == null) + if (ks == null) this.setUpKeyStore(); - - if(ks == null) + + if (ks == null) throw new IllegalStateException("KeyStore is null"); String domainAlias = this.domainAliasMap.get(domain); - if(domainAlias == null) - throw new IllegalStateException("Domain Alias missing for "+ domain); + if (domainAlias == null) + throw new IllegalStateException("Domain Alias missing for " + domain); publicKey = null; try { publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.keyStorePass.toCharArray()); } - catch(UnrecoverableKeyException urke) + catch (UnrecoverableKeyException urke) { //Try with the signing key pass publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.signingKeyPass); @@ -281,77 +284,76 @@ /** * @see TrustKeyManager#setAuthProperties(List) */ - public void setAuthProperties(List<AuthPropertyType> authList) - throws TrustKeyConfigurationException, TrustKeyProcessingException + public void setAuthProperties(List<AuthPropertyType> authList) throws TrustKeyConfigurationException, + TrustKeyProcessingException { - for(AuthPropertyType auth: authList) + for (AuthPropertyType auth : authList) { this.authPropsMap.put(auth.getKey(), auth.getValue()); } - + this.keyStoreURL = this.authPropsMap.get(KEYSTORE_URL); this.keyStorePass = this.authPropsMap.get(KEYSTORE_PASS); - this.signingAlias = this.authPropsMap.get(SIGNING_KEY_ALIAS); - + String keypass = this.authPropsMap.get(SIGNING_KEY_PASS); - if(keypass == null || keypass.length() == 0) + if (keypass == null || keypass.length() == 0) throw new RuntimeException("Signing Key Pass is null"); - this.signingKeyPass = keypass.toCharArray(); + this.signingKeyPass = keypass.toCharArray(); } /** * @see TrustKeyManager#setValidatingAlias(List) */ - public void setValidatingAlias(List<KeyValueType> aliases) - throws TrustKeyConfigurationException, TrustKeyProcessingException + public void setValidatingAlias(List<KeyValueType> aliases) throws TrustKeyConfigurationException, + TrustKeyProcessingException { - for(KeyValueType alias: aliases) + for (KeyValueType alias : aliases) { domainAliasMap.put(alias.getKey(), alias.getValue()); } } - + /** * @throws GeneralSecurityException * @see TrustKeyManager#getEncryptionKey(String) */ - public SecretKey getEncryptionKey(String domain,String encryptionAlgorithm, int keyLength) - throws TrustKeyConfigurationException, TrustKeyProcessingException + public SecretKey getEncryptionKey(String domain, String encryptionAlgorithm, int keyLength) + throws TrustKeyConfigurationException, TrustKeyProcessingException { SecretKey key = keys.get(domain); - if(key == null) + if (key == null) { try { key = EncryptionKeyUtil.getSecretKey(encryptionAlgorithm, keyLength); } catch (GeneralSecurityException e) - { + { throw new TrustKeyProcessingException(e); } keys.put(domain, key); - } + } return key; } - + private void setUpKeyStore() throws GeneralSecurityException, IOException { //Keystore URL/Pass can be either by configuration or on the HTTPS connector - if(this.keyStoreURL == null) + if (this.keyStoreURL == null) { this.keyStoreURL = SecurityActions.getProperty("javax.net.ssl.keyStore", null); } - if(this.keyStorePass == null) + if (this.keyStorePass == null) { this.keyStorePass = SecurityActions.getProperty("javax.net.ssl.keyStorePassword", null); } - + InputStream is = this.getKeyStoreInputStream(this.keyStoreURL); - ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray()); + ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray()); } - + /** * Seek the input stream to the KeyStore * @param keyStore @@ -360,32 +362,43 @@ private InputStream getKeyStoreInputStream(String keyStore) { InputStream is = null; - + try { //Try the file method - File file = new File(keyStore); + File file = new File(keyStore); is = new FileInputStream(file); } - catch(Exception e) + catch (Exception e) { + URL url = null; try { - URL url = new URL(keyStore); - is = url.openStream(); - } - catch(Exception ex) + url = new URL(keyStore); + is = url.openStream(); + } + catch (Exception ex) { - is = SecurityActions.getContextClassLoader().getResourceAsStream(keyStore); + url = SecurityActions.loadResource(getClass(), keyStore); + if (url != null) + { + try + { + is = url.openStream(); + } + catch (IOException e1) + { + } + } } } - - if(is == null) + + if (is == null) { //Try the user.home dir String userHome = SecurityActions.getSystemProperty("user.home", "") + "/jbid-keystore"; File ksDir = new File(userHome); - if(ksDir.exists()) + if (ksDir.exists()) { try { @@ -397,9 +410,8 @@ } } } - if(is == null) + if (is == null) throw new RuntimeException("Keystore not located:" + keyStore); return is; - } - + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/impl/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.core.impl; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -31,21 +32,72 @@ */ class SecurityActions { + + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** - * Get the Thread Context ClassLoader + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName * @return */ - static ClassLoader getContextClassLoader() + static URL loadResource(final Class<?> clazz, final String resourceName) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<URL>() { - public ClassLoader run() + public URL run() { - return Thread.currentThread().getContextClassLoader(); + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; } }); } - + /** * Get a system property * @param key the key for the property @@ -58,11 +110,11 @@ { public String run() { - return System.getProperty(key,defaultValue); + return System.getProperty(key, defaultValue); } - }); + }); } - + /** * Get the system property * @param key Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SOAPSAMLXACMLPDP.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -109,8 +109,7 @@ { SystemPropertiesUtil.ensure(); - ClassLoader tcl = SecurityActions.getContextClassLoader(); - URL url = tcl.getResource(policyConfigFileName); + URL url = SecurityActions.loadResource(getClass(), policyConfigFileName); if (url == null) throw new IllegalStateException(policyConfigFileName + " could not be located"); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/pdp/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.core.pdp; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -31,7 +32,7 @@ */ class SecurityActions { - static void setSystemProperty( final String key, final String value) + static void setSystemProperty(final String key, final String value) { AccessController.doPrivileged(new PrivilegedAction<Object>() { @@ -40,18 +41,71 @@ System.setProperty(key, value); return null; } - }); + }); } - - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + + /** + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName + * @return + */ + static URL loadResource(final Class<?> clazz, final String resourceName) + { + return AccessController.doPrivileged(new PrivilegedAction<URL>() + { + public URL run() + { + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; + } + }); + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,7 +31,7 @@ */ class SecurityActions { - static void setSystemProperty( final String key, final String value) + static void setSystemProperty(final String key, final String value) { AccessController.doPrivileged(new PrivilegedAction<Object>() { @@ -40,18 +40,43 @@ System.setProperty(key, value); return null; } - }); + }); } - - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SAML2HandlerChainFactory.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -34,22 +34,25 @@ { public static SAML2HandlerChain createChain() { - return new DefaultSAML2HandlerChain(); - } - + return new DefaultSAML2HandlerChain(); + } + public static SAML2HandlerChain createChain(String fqn) throws ProcessingException { - if(fqn == null) + if (fqn == null) throw new IllegalArgumentException("fqn is null"); - ClassLoader tcl = SecurityActions.getContextClassLoader(); - + + Class<?> clazz = SecurityActions.loadClass(SAML2HandlerChainFactory.class, fqn); + if (clazz == null) + throw new ProcessingException("Handler Chain could not be created"); + try { - return (SAML2HandlerChain) tcl.loadClass(fqn).newInstance(); + return (SAML2HandlerChain) clazz.newInstance(); } catch (Exception e) { - throw new ProcessingException("Cannot create chain:",e); - } + throw new ProcessingException("Cannot create chain:", e); + } } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/factories/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,21 +31,43 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Get the system property * @param key @@ -62,4 +84,4 @@ } }); } -} +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -37,12 +37,12 @@ { public String run() { - return System.getProperty(key); + return System.getProperty(key); } - }); + }); } - - static void setSystemProperty( final String key, final String value) + + static void setSystemProperty(final String key, final String value) { AccessController.doPrivileged(new PrivilegedAction<Object>() { @@ -51,18 +51,43 @@ System.setProperty(key, value); return null; } - }); + }); } - - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/HandlerUtil.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -44,42 +44,38 @@ { public static Set<SAML2Handler> getHandlers(Handlers handlers) throws ConfigurationException { - if(handlers == null) + if (handlers == null) throw new IllegalArgumentException("handlers is null"); List<Handler> handlerList = handlers.getHandler(); Set<SAML2Handler> handlerSet = new LinkedHashSet<SAML2Handler>(); - for(Handler handler : handlerList) + for (Handler handler : handlerList) { String clazzName = handler.getClazz(); - ClassLoader tcl = SecurityActions.getContextClassLoader(); Class<?> clazz; try { - clazz = tcl.loadClass(clazzName); - + clazz = SecurityActions.loadClass(HandlerUtil.class, clazzName); + if (clazz == null) + throw new RuntimeException(clazzName + " could not be loaded"); SAML2Handler samlhandler = (SAML2Handler) clazz.newInstance(); List<KeyValueType> options = handler.getOption(); Map<String, Object> mapOptions = new HashMap<String, Object>(); - for(KeyValueType kvtype : options) + for (KeyValueType kvtype : options) { mapOptions.put(kvtype.getKey(), kvtype.getValue()); } SAML2HandlerConfig handlerConfig = new DefaultSAML2HandlerConfig(); handlerConfig.set(mapOptions); - + samlhandler.initHandlerConfig(handlerConfig); handlerSet.add(samlhandler); } - catch (ClassNotFoundException e) - { - throw new ConfigurationException(e); - } catch (InstantiationException e) { throw new ConfigurationException(e); @@ -88,8 +84,7 @@ { throw new ConfigurationException(e); } - } - + } return handlerSet; - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,21 +31,43 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Set the system property * @param key @@ -63,7 +85,7 @@ } }); } - + /** * Get the system property * @param key Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/AbstractSecurityTokenProvider.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,7 +21,6 @@ */ package org.picketlink.identity.federation.core.sts; -import java.security.PrivilegedActionException; import java.util.Map; import org.apache.log4j.Logger; @@ -41,8 +40,8 @@ * @since Jan 4, 2011 */ public abstract class AbstractSecurityTokenProvider implements SecurityTokenProvider -{ - protected static Logger logger = Logger.getLogger( AbstractSecurityTokenProvider.class); +{ + protected static Logger logger = Logger.getLogger(AbstractSecurityTokenProvider.class); protected static final String TOKEN_REGISTRY = "TokenRegistry"; @@ -63,57 +62,61 @@ protected Map<String, String> properties; public void initialize(Map<String, String> properties) - { + { this.properties = properties; //Check for token registry - String tokenRegistryOption = this.properties.get( TOKEN_REGISTRY ); + String tokenRegistryOption = this.properties.get(TOKEN_REGISTRY); if (tokenRegistryOption == null) { if (logger.isDebugEnabled()) - logger.debug("Security Token registry option not specified: Issued Tokens will not be persisted!"); + logger.debug("Security Token registry option not specified: Issued Tokens will not be persisted!"); } else { // if a file is to be used as registry, check if the user has specified the file name. - if ("FILE".equalsIgnoreCase( tokenRegistryOption )) + if ("FILE".equalsIgnoreCase(tokenRegistryOption)) { - String tokenRegistryFile = this.properties.get( TOKEN_REGISTRY_FILE ); - if ( tokenRegistryFile != null) - this.tokenRegistry = new FileBasedTokenRegistry( tokenRegistryFile ); + String tokenRegistryFile = this.properties.get(TOKEN_REGISTRY_FILE); + if (tokenRegistryFile != null) + this.tokenRegistry = new FileBasedTokenRegistry(tokenRegistryFile); else this.tokenRegistry = new FileBasedTokenRegistry(); - } + } // the user has specified its own registry implementation class. else { try { - Object object = SecurityActions.instantiateClass( tokenRegistryOption ); - if (object instanceof RevocationRegistry) - this.tokenRegistry = ( SecurityTokenRegistry ) object; - else + Class<?> clazz = SecurityActions.loadClass(getClass(), tokenRegistryOption); + if (clazz != null) { - logger.warn( tokenRegistryOption + " is not an instance of SecurityTokenRegistry - using default registry"); + Object object = clazz.newInstance(); + if (object instanceof RevocationRegistry) + this.tokenRegistry = (SecurityTokenRegistry) object; + else + { + logger.warn(tokenRegistryOption + + " is not an instance of SecurityTokenRegistry - using default registry"); + } } } - catch (PrivilegedActionException pae ) + catch (Exception pae) { logger.warn("Error instantiating revocation registry class - using default registry"); - pae.printStackTrace(); + pae.printStackTrace(); } } - if( this.tokenRegistry == null ) + if (this.tokenRegistry == null) tokenRegistry = new DefaultTokenRegistry(); - // check if a revocation registry option has been set. String registryOption = this.properties.get(REVOCATION_REGISTRY); if (registryOption == null) { if (logger.isDebugEnabled()) - logger.debug("Revocation registry option not specified: cancelled ids will not be persisted!"); + logger.debug("Revocation registry option not specified: cancelled ids will not be persisted!"); } else { @@ -140,23 +143,28 @@ { try { - Object object = SecurityActions.instantiateClass(registryOption); - if (object instanceof RevocationRegistry) - this.revocationRegistry = (RevocationRegistry) object; - else + Class<?> clazz = SecurityActions.loadClass(getClass(), registryOption); + if (clazz != null) { - logger.warn(registryOption + " is not an instance of RevocationRegistry - using default registry"); + Object object = clazz.newInstance(); + if (object instanceof RevocationRegistry) + this.revocationRegistry = (RevocationRegistry) object; + else + { + logger.warn(registryOption + + " is not an instance of RevocationRegistry - using default registry"); + } } } - catch (PrivilegedActionException pae ) + catch (Exception pae) { logger.warn("Error instantiating revocation registry class - using default registry"); - pae.printStackTrace(); + pae.printStackTrace(); } } } - - if( this.revocationRegistry == null ) + + if (this.revocationRegistry == null) this.revocationRegistry = new DefaultRevocationRegistry(); } } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/PicketLinkCoreSTS.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -309,9 +309,8 @@ configurationFileURL = configurationFile.toURI().toURL(); else { - // if not configuration file was found in the user home, check the context classloader. - ClassLoader tccl = SecurityActions.getContextClassLoader(); - configurationFileURL = tccl.getResource(fileName); + // if not configuration file was found in the user home, check the context classloader. + configurationFileURL = SecurityActions.loadResource(getClass(), fileName); } // if no configuration file was found, log a warn message and use default configuration values. Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,10 +21,9 @@ */ package org.picketlink.identity.federation.core.sts; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; /** * <p> @@ -35,21 +34,39 @@ */ class SecurityActions { + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); - /** - * <p> - * Gets the thread context class loader using a privileged block. - * </p> - * - * @return a reference to the thread context {@code ClassLoader}. - */ - static ClassLoader getContextClassLoader() + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; } }); } @@ -66,54 +83,31 @@ } /** - * <p> - * Loads a class using the thread context class loader in a privileged block. - * </p> - * - * @param name the fully-qualified name of the class to be loaded. - * @return a reference to the loaded {@code Class}. - * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause - * of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName + * @return */ - static Class<?> loadClass(final String name) throws PrivilegedActionException + static URL loadResource(final Class<?> clazz, final String resourceName) { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + return AccessController.doPrivileged(new PrivilegedAction<URL>() { - public Class<?> run() throws PrivilegedActionException + public URL run() { - try + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) { - return getContextClassLoader().loadClass(name); + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); } - catch (Exception e) - { - throw new PrivilegedActionException(e); - } - } - }); - } - /** - * <p> - * Creates an instance of the specified class in a privileged block. The class must define a default constructor. - * </p> - * - * @param className the fully-qualified name of the class to be instantiated. - * @return a reference to the instantiated {@code Object}. - * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real - * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. - */ - static Object instantiateClass(final String className) throws PrivilegedActionException - { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - Class<?> objectClass = loadClass(className); - return objectClass.newInstance(); + return url; } }); } + } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/CoreConfigUtil.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -46,9 +46,9 @@ import org.picketlink.identity.federation.core.interfaces.TrustKeyManager; import org.picketlink.identity.federation.saml.v2.metadata.EndpointType; import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType; -import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType; import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTChoiceType; import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType; +import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType; /** * Utility for configuration @@ -82,12 +82,13 @@ TrustKeyManager trustKeyManager = null; try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); String keyManagerClassName = keyProvider.getClassName(); if (keyManagerClassName == null) throw new RuntimeException("KeyManager class name is null"); - Class<?> clazz = tcl.loadClass(keyManagerClassName); + Class<?> clazz = SecurityActions.loadClass(CoreConfigUtil.class, keyManagerClassName); + if (clazz == null) + throw new RuntimeException(keyManagerClassName + " could not be loaded"); trustKeyManager = (TrustKeyManager) clazz.newInstance(); } catch (Exception e) Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,8 +21,10 @@ */ package org.picketlink.identity.federation.core.util; +import java.io.IOException; import java.io.InputStream; import java.io.Reader; +import java.net.URL; import java.util.Collection; import java.util.HashMap; import java.util.LinkedHashMap; @@ -118,7 +120,6 @@ LSInput lsi = lsmap.get(systemId); if (lsi == null) { - final ClassLoader tcl = SecurityActions.getContextClassLoader(); final String loc = schemaLocationMap.get(systemId); if (loc == null) return null; @@ -132,7 +133,16 @@ public InputStream getByteStream() { - final InputStream is = tcl.getResourceAsStream(loc); + URL url = SecurityActions.loadResource(getClass(), loc); + InputStream is; + try + { + is = url.openStream(); + } + catch (IOException e) + { + throw new RuntimeException(loc + " could not be loaded"); + } if (is == null) throw new RuntimeException("inputstream is null for " + loc); return is; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXBUtil.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -47,18 +47,19 @@ public class JAXBUtil { private static Logger log = Logger.getLogger(JAXBUtil.class); + private static boolean trace = log.isTraceEnabled(); - + public static final String W3C_XML_SCHEMA_NS_URI = "http://www.w3.org/2001/XMLSchema"; - - private static HashMap<String,JAXBContext> jaxbContextHash = new HashMap<String, JAXBContext>(); - + + private static HashMap<String, JAXBContext> jaxbContextHash = new HashMap<String, JAXBContext>(); + static { //Useful on Sun VMs. Harmless on other VMs. SecurityActions.setSystemProperty("com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot", "true"); } - + /** * Get the JAXB Marshaller * @param pkgName The package name for the jaxb context @@ -67,15 +68,15 @@ * @throws JAXBException * @throws SAXException */ - public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation) - throws JAXBException, SAXException + public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation) throws JAXBException, + SAXException { - Marshaller marshaller = getMarshaller(pkgName); - + Marshaller marshaller = getMarshaller(pkgName); + //Validate against schema Schema schema = getJAXPSchemaInstance(schemaLocation); - marshaller.setSchema(schema); - + marshaller.setSchema(schema); + return marshaller; } @@ -85,11 +86,11 @@ * @return Marshaller * @throws JAXBException */ - public static Marshaller getMarshaller(String pkgName) throws JAXBException + public static Marshaller getMarshaller(String pkgName) throws JAXBException { - if(pkgName == null) + if (pkgName == null) throw new IllegalArgumentException("pkgName is null"); - + JAXBContext jc = getJAXBContext(pkgName); Marshaller marshaller = jc.createMarshaller(); marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8"); @@ -103,14 +104,14 @@ * @return unmarshaller * @throws JAXBException */ - public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException + public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException { - if(pkgName == null) + if (pkgName == null) throw new IllegalArgumentException("pkgName is null"); JAXBContext jc = getJAXBContext(pkgName); return jc.createUnmarshaller(); } - + /** * Get the JAXB Unmarshaller for a selected set * of package names @@ -118,14 +119,14 @@ * @return * @throws JAXBException */ - public static Unmarshaller getUnmarshaller(String... pkgNames) throws JAXBException + public static Unmarshaller getUnmarshaller(String... pkgNames) throws JAXBException { - if(pkgNames == null) + if (pkgNames == null) throw new IllegalArgumentException("pkgName is null"); int len = pkgNames.length; - if(len == 0) + if (len == 0) return getUnmarshaller(pkgNames[0]); - + JAXBContext jc = getJAXBContext(pkgNames); return jc.createUnmarshaller(); } @@ -138,60 +139,57 @@ * @throws JAXBException * @throws SAXException */ - public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation) - throws JAXBException, SAXException - { - Unmarshaller unmarshaller = getUnmarshaller(pkgName); + public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation) throws JAXBException, + SAXException + { + Unmarshaller unmarshaller = getUnmarshaller(pkgName); Schema schema = getJAXPSchemaInstance(schemaLocation); - unmarshaller.setSchema(schema); - + unmarshaller.setSchema(schema); + return unmarshaller; } - - public static Unmarshaller getValidatingUnmarshaller(String[] pkgNames, - String[] schemaLocations) throws JAXBException,SAXException, IOException + + public static Unmarshaller getValidatingUnmarshaller(String[] pkgNames, String[] schemaLocations) + throws JAXBException, SAXException, IOException { StringBuilder builder = new StringBuilder(); int len = pkgNames.length; - if(len == 0) + if (len == 0) throw new IllegalArgumentException("Packages are empty"); - - for(String pkg:pkgNames) + + for (String pkg : pkgNames) { - builder.append(pkg); - builder.append(":"); + builder.append(pkg); + builder.append(":"); } - - Unmarshaller unmarshaller = getUnmarshaller(builder.toString()); - + + Unmarshaller unmarshaller = getUnmarshaller(builder.toString()); + SchemaFactory schemaFactory = getSchemaFactory(); - + //Get the sources Source[] schemaSources = new Source[schemaLocations.length]; - - ClassLoader tcl = SecurityActions.getContextClassLoader(); - - int i=0; - for(String schemaLocation : schemaLocations) + + int i = 0; + for (String schemaLocation : schemaLocations) { - URL schemaURL = tcl.getResource(schemaLocation); - if(schemaURL == null) + URL schemaURL = SecurityActions.loadResource(JAXBUtil.class, schemaLocation); + if (schemaURL == null) throw new IllegalStateException("Schema URL is null:" + schemaLocation); - schemaSources[i++] = new StreamSource(schemaURL.openStream()); + schemaSources[i++] = new StreamSource(schemaURL.openStream()); } - + Schema schema = schemaFactory.newSchema(schemaSources); - unmarshaller.setSchema(schema); - + unmarshaller.setSchema(schema); + return unmarshaller; } private static Schema getJAXPSchemaInstance(String schemaLocation) throws SAXException - { - ClassLoader tcl = SecurityActions.getContextClassLoader(); - URL schemaURL = tcl.getResource(schemaLocation); - if(schemaURL == null) + { + URL schemaURL = SecurityActions.loadResource(JAXBUtil.class, schemaLocation); + if (schemaURL == null) throw new IllegalStateException("Schema URL is null:" + schemaLocation); SchemaFactory scFact = getSchemaFactory(); Schema schema = scFact.newSchema(schemaURL); @@ -201,11 +199,11 @@ private static SchemaFactory getSchemaFactory() { SchemaFactory scFact = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI); - + //Always install the resolver unless the system property is set - if(SecurityActions.getSystemProperty("org.picketlink.identity.federation.jaxb.ls", null) == null) - scFact.setResourceResolver( new IDFedLSInputResolver()); - + if (SecurityActions.getSystemProperty("org.picketlink.identity.federation.jaxb.ls", null) == null) + scFact.setResourceResolver(new IDFedLSInputResolver()); + scFact.setErrorHandler(new ErrorHandler() { public void error(SAXParseException exception) throws SAXException @@ -216,8 +214,9 @@ builder.append(" Public ID=").append(exception.getPublicId()); builder.append(" System ID=").append(exception.getSystemId()); builder.append(" exc=").append(exception.getLocalizedMessage()); - - if(trace) log.trace("SAX Error:" + builder.toString()); + + if (trace) + log.trace("SAX Error:" + builder.toString()); } public void fatalError(SAXParseException exception) throws SAXException @@ -228,7 +227,7 @@ builder.append(" Public ID=").append(exception.getPublicId()); builder.append(" System ID=").append(exception.getSystemId()); builder.append(" exc=").append(exception.getLocalizedMessage()); - + log.error("SAX Fatal Error:" + builder.toString()); } @@ -240,53 +239,54 @@ builder.append(" Public ID=").append(exception.getPublicId()); builder.append(" System ID=").append(exception.getSystemId()); builder.append(" exc=").append(exception.getLocalizedMessage()); - - if(trace) log.trace("SAX Warn:" + builder.toString()); + + if (trace) + log.trace("SAX Warn:" + builder.toString()); } }); return scFact; } - + public static JAXBContext getJAXBContext(String path) throws JAXBException { JAXBContext jx = jaxbContextHash.get(path); - if(jx == null) + if (jx == null) { jx = JAXBContext.newInstance(path); jaxbContextHash.put(path, jx); } return jx; } - + public static JAXBContext getJAXBContext(String... paths) throws JAXBException { int len = paths.length; if (len == 0) return getJAXBContext(paths[0]); - + StringBuilder builder = new StringBuilder(); - for(String path: paths) + for (String path : paths) { - builder.append(path).append(":"); + builder.append(path).append(":"); } - + String finalPath = builder.toString(); - + JAXBContext jx = jaxbContextHash.get(finalPath); - if(jx == null) + if (jx == null) { jx = JAXBContext.newInstance(finalPath); jaxbContextHash.put(finalPath, jx); } return jx; } - + public static JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException { String clazzName = clazz.getName(); - + JAXBContext jx = jaxbContextHash.get(clazzName); - if(jx == null) + if (jx == null) { jx = JAXBContext.newInstance(clazz); jaxbContextHash.put(clazzName, jx); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -32,21 +32,43 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Set the system property * @param key Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -355,7 +355,7 @@ configurationFileURL = configurationFile.toURI().toURL(); else // if not configuration file was found in the user home, check the context classloader. - configurationFileURL = SecurityActions.getContextClassLoader().getResource(STS_CONFIG_FILE); + configurationFileURL = SecurityActions.loadResource(getClass(), STS_CONFIG_FILE); // if no configuration file was found, log a warn message and use default configuration values. if (configurationFileURL == null) @@ -376,5 +376,4 @@ throw new ConfigurationException("Error parsing the configuration file:[" + configurationFileURL + "]", e); } } - } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -81,7 +81,7 @@ public PicketLinkSTSConfiguration() { this.delegate = new STSType(); - this.delegate.setRequestHandler( StandardRequestHandler.class.getCanonicalName() ); + this.delegate.setRequestHandler(StandardRequestHandler.class.getCanonicalName()); // TODO: add default token provider classes. } @@ -91,13 +91,13 @@ * </p> * * @param config a reference to the object that holds the configuration of the STS. - */ + */ public PicketLinkSTSConfiguration(STSType config) { this.delegate = config; // set the default request handler if one hasn't been specified. if (this.delegate.getRequestHandler() == null) - this.delegate.setRequestHandler( StandardRequestHandler.class.getCanonicalName() ); + this.delegate.setRequestHandler(StandardRequestHandler.class.getCanonicalName()); // build the token-provider maps. TokenProvidersType providers = this.delegate.getTokenProviders(); @@ -111,23 +111,23 @@ List<KeyValueType> providerPropertiesList; try { - providerPropertiesList = CoreConfigUtil.getProperties( provider ); + providerPropertiesList = CoreConfigUtil.getProperties(provider); } catch (GeneralSecurityException e) { - throw new RuntimeException( e ); + throw new RuntimeException(e); } - - for (KeyValueType propertyType : providerPropertiesList ) - properties.put(propertyType.getKey(), propertyType.getValue()); - + + for (KeyValueType propertyType : providerPropertiesList) + properties.put(propertyType.getKey(), propertyType.getValue()); + // create and initialize the token provider. SecurityTokenProvider tokenProvider = WSTrustServiceFactory.getInstance().createTokenProvider( provider.getProviderClass(), properties); // token providers can be keyed by the token type and by token element + namespace. this.tokenProviders.put(provider.getTokenType(), tokenProvider); - String tokenElementAndNS = - tokenProvider.family() + "$" + provider.getTokenElement() + "$" + provider.getTokenElementNS(); + String tokenElementAndNS = tokenProvider.family() + "$" + provider.getTokenElement() + "$" + + provider.getTokenElementNS(); this.tokenProviders.put(tokenElementAndNS, tokenProvider); } } @@ -143,14 +143,14 @@ List<KeyValueType> processorPropertiesList; try { - processorPropertiesList = CoreConfigUtil.getProperties( processor ); + processorPropertiesList = CoreConfigUtil.getProperties(processor); } catch (GeneralSecurityException e) { - throw new RuntimeException( e ); - } + throw new RuntimeException(e); + } - for (KeyValueType propertyType : processorPropertiesList ) + for (KeyValueType propertyType : processorPropertiesList) properties.put(propertyType.getKey(), propertyType.getValue()); // create and initialize the claims processor. @@ -177,10 +177,13 @@ try { //Decrypt/de-mask the passwords if any - List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProviderType); - - this.trustManager = (TrustKeyManager) SecurityActions.instantiateClass(keyManagerClassName); - this.trustManager.setAuthProperties( authProperties ); + List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProviderType); + + Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName); + if (clazz == null) + throw new RuntimeException(keyManagerClassName + " could not be loaded"); + this.trustManager = (TrustKeyManager) clazz.newInstance(); + this.trustManager.setAuthProperties(authProperties); this.trustManager.setValidatingAlias(keyProviderType.getValidatingAlias()); } catch (Exception e) @@ -188,7 +191,7 @@ throw new RuntimeException("Unable to construct the key manager:", e); } } - } + } /* * (non-Javadoc) @@ -251,9 +254,9 @@ */ public SecurityTokenProvider getProviderForService(String serviceName) { - if( serviceName == null ) - throw new IllegalArgumentException( "serviceName is null "); - + if (serviceName == null) + throw new IllegalArgumentException("serviceName is null "); + ServiceProviderType provider = this.spMetadata.get(serviceName); if (provider != null) { @@ -269,8 +272,8 @@ */ public SecurityTokenProvider getProviderForTokenType(String tokenType) { - if( tokenType == null ) - throw new IllegalArgumentException( "tokenType is null "); + if (tokenType == null) + throw new IllegalArgumentException("tokenType is null "); return this.tokenProviders.get(tokenType); } @@ -279,8 +282,7 @@ */ public SecurityTokenProvider getProviderForTokenElementNS(String family, QName tokenQName) { - return this.tokenProviders.get( family + "$" + - tokenQName.getLocalPart() + "$" + tokenQName.getNamespaceURI() ); + return this.tokenProviders.get(family + "$" + tokenQName.getLocalPart() + "$" + tokenQName.getNamespaceURI()); } /* @@ -383,7 +385,7 @@ * @see STSConfiguration#getXMLDSigCanonicalizationMethod() */ public String getXMLDSigCanonicalizationMethod() - { + { return delegate.getCanonicalizationMethod(); } @@ -391,20 +393,20 @@ * @see {@code STSCoreConfig#addTokenProvider(String, SecurityTokenProvider)} */ public void addTokenProvider(String key, SecurityTokenProvider provider) - { + { SecurityManager sm = System.getSecurityManager(); - if( sm != null ) - sm.checkPermission( PicketLinkCoreSTS.rte ); - - tokenProviders.put(key, provider); + if (sm != null) + sm.checkPermission(PicketLinkCoreSTS.rte); + tokenProviders.put(key, provider); + QName tokenQName = provider.getSupportedQName(); - if( tokenQName != null ) + if (tokenQName != null) { - String tokenElementAndNS = - provider.family() + "$" + tokenQName.getLocalPart() + "$" + tokenQName.getNamespaceURI() ; - - this.tokenProviders.put(tokenElementAndNS, provider ); + String tokenElementAndNS = provider.family() + "$" + tokenQName.getLocalPart() + "$" + + tokenQName.getNamespaceURI(); + + this.tokenProviders.put(tokenElementAndNS, provider); } } @@ -412,33 +414,33 @@ * @see {@code STSCoreConfig#removeTokenProvider(String)} */ public void removeTokenProvider(String key) - { + { SecurityManager sm = System.getSecurityManager(); - if( sm != null ) - sm.checkPermission( PicketLinkCoreSTS.rte ); - - tokenProviders.remove(key); + if (sm != null) + sm.checkPermission(PicketLinkCoreSTS.rte); + + tokenProviders.remove(key); } /** * @see org.picketlink.identity.federation.core.sts.STSCoreConfig#getTokenProviders() */ public List<SecurityTokenProvider> getTokenProviders() - { + { List<SecurityTokenProvider> list = new ArrayList<SecurityTokenProvider>(); - list.addAll( tokenProviders .values()); + list.addAll(tokenProviders.values()); return Collections.unmodifiableList(list); } /** * @see org.picketlink.identity.federation.core.sts.STSCoreConfig#getProvidersByFamily(java.lang.String) */ - public List<SecurityTokenProvider> getProvidersByFamily( String familyName ) - { + public List<SecurityTokenProvider> getProvidersByFamily(String familyName) + { List<SecurityTokenProvider> result = new ArrayList<SecurityTokenProvider>(); - for( SecurityTokenProvider provider: tokenProviders.values() ) + for (SecurityTokenProvider provider : tokenProviders.values()) { - if( provider.family().equals( familyName )) + if (provider.family().equals(familyName)) result.add(provider); } return result; @@ -449,14 +451,14 @@ */ public void copy(STSCoreConfig thatConfig) { - if( thatConfig instanceof PicketLinkSTSConfiguration ) + if (thatConfig instanceof PicketLinkSTSConfiguration) { PicketLinkSTSConfiguration pc = (PicketLinkSTSConfiguration) thatConfig; - this.tokenProviders.putAll( pc.tokenProviders ); - this.claimsProcessors.putAll( pc.claimsProcessors ); + this.tokenProviders.putAll(pc.tokenProviders); + this.claimsProcessors.putAll(pc.claimsProcessors); } - else - throw new RuntimeException( "Unknown config :" + thatConfig ); //TODO: Handle other configuration + else + throw new RuntimeException("Unknown config :" + thatConfig); //TODO: Handle other configuration } @Override Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClientConfig.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -24,6 +24,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.net.URL; import java.util.Properties; import org.apache.log4j.Logger; @@ -379,10 +380,10 @@ return new FileInputStream(file); } // Try it as a classpath resource ... - final ClassLoader threadClassLoader = SecurityActions.getContextClassLoader(); - if (threadClassLoader != null) + URL url = SecurityActions.loadResource(STSClientConfig.class, resource); + if (url != null) { - final InputStream is = threadClassLoader.getResourceAsStream(resource); + final InputStream is = url.openStream(); if (is != null) { return is; @@ -391,5 +392,4 @@ return null; } - -} +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,10 +21,9 @@ */ package org.picketlink.identity.federation.core.wstrust; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; /** * <p> @@ -35,73 +34,67 @@ */ class SecurityActions { - - /** - * <p> - * Gets the thread context class loader using a privileged block. - * </p> - * - * @return a reference to the thread context {@code ClassLoader}. - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - /** - * <p> - * Loads a class using the thread context class loader in a privileged block. - * </p> - * - * @param name the fully-qualified name of the class to be loaded. - * @return a reference to the loaded {@code Class}. - * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause - * of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. - */ - static Class<?> loadClass(final String name) throws PrivilegedActionException + static Class<?> loadClass(final ClassLoader cl, final String fqn) { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public Class<?> run() throws PrivilegedActionException + public Class<?> run() { try { - return getContextClassLoader().loadClass(name); + return cl.loadClass(fqn); } - catch (Exception e) + catch (ClassNotFoundException e) { - throw new PrivilegedActionException(e); } + return null; } }); } /** - * <p> - * Creates an instance of the specified class in a privileged block. The class must define a default constructor. - * </p> - * - * @param className the fully-qualified name of the class to be instantiated. - * @return a reference to the instantiated {@code Object}. - * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real - * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName + * @return */ - static Object instantiateClass(final String className) throws PrivilegedActionException + static URL loadResource(final Class<?> clazz, final String resourceName) { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() + return AccessController.doPrivileged(new PrivilegedAction<URL>() { - public Object run() throws Exception + public URL run() { - Class<?> objectClass = loadClass(className); - return objectClass.newInstance(); + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; } }); } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustServiceFactory.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,7 +21,6 @@ */ package org.picketlink.identity.federation.core.wstrust; -import java.security.PrivilegedActionException; import java.util.Map; import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider; @@ -72,7 +71,10 @@ { try { - WSTrustRequestHandler handler = (WSTrustRequestHandler) SecurityActions.instantiateClass(handlerClassName); + Class<?> clazz = SecurityActions.loadClass(getClass(), handlerClassName); + if (clazz == null) + throw new RuntimeException(handlerClassName + " could not be loaded"); + WSTrustRequestHandler handler = (WSTrustRequestHandler) clazz.newInstance(); handler.initialize(configuration); return handler; } @@ -96,16 +98,19 @@ { try { - SecurityTokenProvider tokenProvider = (SecurityTokenProvider) SecurityActions.instantiateClass(providerClass); + Class<?> clazz = SecurityActions.loadClass(getClass(), providerClass); + if (clazz == null) + throw new RuntimeException(providerClass + " could not be loaded"); + SecurityTokenProvider tokenProvider = (SecurityTokenProvider) clazz.newInstance(); tokenProvider.initialize(properties); return tokenProvider; } - catch (PrivilegedActionException pae) + catch (Exception pae) { throw new RuntimeException("Unable to instantiate token provider " + providerClass, pae); } } - + /** * <p> * Constructs and returns a {@code ClaimsProcessor} from the specified class name. The processor is initialized @@ -121,13 +126,16 @@ { try { - ClaimsProcessor claimsProcessor = (ClaimsProcessor) SecurityActions.instantiateClass(processorClass); + Class<?> clazz = SecurityActions.loadClass(getClass(), processorClass); + if (clazz == null) + throw new RuntimeException(processorClass + " could not be loaded"); + ClaimsProcessor claimsProcessor = (ClaimsProcessor) clazz.newInstance(); claimsProcessor.initialize(properties); return claimsProcessor; } - catch (PrivilegedActionException pae) + catch (Exception pae) { throw new RuntimeException("Unable to instantiate claims processor " + processorClass, pae); } } -} +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -18,7 +18,6 @@ package org.picketlink.identity.federation.core.wstrust.plugins.saml; import java.security.Principal; -import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -66,7 +65,7 @@ */ public class SAML20TokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider { - protected static Logger logger = Logger.getLogger(SAML20TokenProvider.class); + protected static Logger logger = Logger.getLogger(SAML20TokenProvider.class); private SAML20TokenAttributeProvider attributeProvider; @@ -77,8 +76,8 @@ */ public void initialize(Map<String, String> properties) { - super.initialize(properties); - + super.initialize(properties); + // Check if an attribute provider has been set. String attributeProviderClassName = this.properties.get(ATTRIBUTE_PROVIDER); if (attributeProviderClassName == null) @@ -90,7 +89,8 @@ { try { - Object object = SecurityActions.instantiateClass(attributeProviderClassName); + Class<?> clazz = SecurityActions.loadClass(getClass(), attributeProviderClassName); + Object object = clazz.newInstance(); if (object instanceof SAML20TokenAttributeProvider) { this.attributeProvider = (SAML20TokenAttributeProvider) object; @@ -100,7 +100,7 @@ logger.warn("Attribute provider not installed: " + attributeProviderClassName + "is not an instance of SAML20TokenAttributeProvider"); } - catch (PrivilegedActionException pae) + catch (Exception pae) { logger.warn("Error instantiating attribute provider: " + pae.getMessage()); pae.printStackTrace(); @@ -114,15 +114,15 @@ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# * cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) */ - public void cancelToken( ProtocolContext protoContext) throws ProcessingException + public void cancelToken(ProtocolContext protoContext) throws ProcessingException { - if(! (protoContext instanceof WSTrustRequestContext) ) + if (!(protoContext instanceof WSTrustRequestContext)) return; - + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; - + // get the assertion that must be canceled. - Element token = (Element) context.getRequestSecurityToken().getCancelTargetElement(); + Element token = context.getRequestSecurityToken().getCancelTargetElement(); if (token == null) throw new ProcessingException("Invalid cancel request: missing required CancelTarget"); Element assertionElement = (Element) token.getFirstChild(); @@ -140,12 +140,12 @@ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# * issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) */ - public void issueToken( ProtocolContext protoContext) throws ProcessingException + public void issueToken(ProtocolContext protoContext) throws ProcessingException { - if(! (protoContext instanceof WSTrustRequestContext) ) + if (!(protoContext instanceof WSTrustRequestContext)) return; - - WSTrustRequestContext context = (WSTrustRequestContext) protoContext; + + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; // generate an id for the new assertion. String assertionID = IDGenerator.create("ID_"); @@ -205,7 +205,7 @@ AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement(); if (attributeStatement != null) { - assertion.addStatement( attributeStatement ); + assertion.addStatement(attributeStatement); } } @@ -239,14 +239,14 @@ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# * renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) */ - public void renewToken( ProtocolContext protoContext ) throws ProcessingException + public void renewToken(ProtocolContext protoContext) throws ProcessingException { - if(! (protoContext instanceof WSTrustRequestContext) ) + if (!(protoContext instanceof WSTrustRequestContext)) return; - + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; // get the specified assertion that must be renewed. - Element token = (Element) context.getRequestSecurityToken().getRenewTargetElement(); + Element token = context.getRequestSecurityToken().getRenewTargetElement(); if (token == null) throw new ProcessingException("Invalid renew request: missing required RenewTarget"); Element oldAssertionElement = (Element) token.getFirstChild(); @@ -259,7 +259,7 @@ { oldAssertion = SAMLUtil.fromElement(oldAssertionElement); } - catch ( Exception je ) + catch (Exception je) { throw new ProcessingException("Error unmarshalling assertion", je); } @@ -276,14 +276,13 @@ // create a new unique ID for the renewed assertion. String assertionID = IDGenerator.create("ID_"); - + List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>(); - statements.addAll( oldAssertion.getStatements() ); + statements.addAll(oldAssertion.getStatements()); // create the new assertion. AssertionType newAssertion = SAMLAssertionFactory.createAssertion(assertionID, oldAssertion.getIssuer(), context - .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), - statements ); + .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), statements); // create a security token with the new assertion. Element assertionElement = null; @@ -313,11 +312,11 @@ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# * validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) */ - public void validateToken( ProtocolContext protoContext ) throws ProcessingException + public void validateToken(ProtocolContext protoContext) throws ProcessingException { - if(! (protoContext instanceof WSTrustRequestContext) ) + if (!(protoContext instanceof WSTrustRequestContext)) return; - + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; if (logger.isTraceEnabled()) logger.trace("SAML V2.0 token validation started"); @@ -343,7 +342,7 @@ { assertion = SAMLUtil.fromElement(assertionElement); } - catch ( Exception e ) + catch (Exception e) { throw new ProcessingException("Unmarshalling error:", e); } @@ -413,15 +412,15 @@ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName() */ public QName getSupportedQName() - { - return new QName( tokenType(), JBossSAMLConstants.ASSERTION.get() ); + { + return new QName(tokenType(), JBossSAMLConstants.ASSERTION.get()); } /** * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family() */ public String family() - { + { return SecurityTokenProvider.FAMILY_TYPE.WS_TRUST.toString(); - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -23,8 +23,6 @@ import java.security.AccessController; import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; /** * <p> @@ -36,73 +34,40 @@ class SecurityActions { - /** - * <p> - * Gets the thread context class loader using a privileged block. - * </p> - * - * @return a reference to the thread context {@code ClassLoader}. - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - /** - * <p> - * Loads a class using the thread context class loader in a privileged block. - * </p> - * - * @param name the fully-qualified name of the class to be loaded. - * @return a reference to the loaded {@code Class}. - * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause - * of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. - */ - static Class<?> loadClass(final String name) throws PrivilegedActionException + static Class<?> loadClass(final ClassLoader cl, final String fqn) { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public Class<?> run() throws PrivilegedActionException + public Class<?> run() { try { - return getContextClassLoader().loadClass(name); + return cl.loadClass(fqn); } - catch (Exception e) + catch (ClassNotFoundException e) { - throw new PrivilegedActionException(e); } + return null; } }); } - - /** - * <p> - * Creates an instance of the specified class in a privileged block. The class must define a default constructor. - * </p> - * - * @param className the fully-qualified name of the class to be instantiated. - * @return a reference to the instantiated {@code Object}. - * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real - * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. - */ - static Object instantiateClass(final String className) throws PrivilegedActionException - { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - Class<?> objectClass = loadClass(className); - return objectClass.newInstance(); - } - }); - } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,8 +21,6 @@ */ package org.picketlink.test.identity.federation.core.wstrust; -import java.security.PrivilegedActionException; - import java.util.HashMap; import junit.framework.TestCase; @@ -71,7 +69,7 @@ } catch (RuntimeException re) { - assertTrue(re.getCause() instanceof PrivilegedActionException); + assertTrue(re.getCause().getMessage().contains("could not be loaded")); } } @@ -103,8 +101,7 @@ } catch (RuntimeException re) { - assertTrue(re.getCause() instanceof PrivilegedActionException); + assertTrue(re.getCause().getMessage().contains("could not be loaded")); } - } } Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -96,10 +96,10 @@ import org.picketlink.identity.federation.saml.v2.SAML2Object; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType; import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType; import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; @@ -121,68 +121,71 @@ * @since Aug 21, 2009 */ public class SPFilter implements Filter -{ +{ private static Logger log = Logger.getLogger(SPFilter.class); - private boolean trace = log.isTraceEnabled(); + private final boolean trace = log.isTraceEnabled(); + protected SPType spConfiguration = null; + protected String configFile = GeneralConstants.CONFIG_FILE_LOCATION; protected String serviceURL = null; + protected String identityURL = null; private TrustKeyManager keyManager; - + private ServletContext context = null; + private transient SAML2HandlerChain chain = null; - + protected boolean ignoreSignatures = false; - + private IRoleValidator roleValidator = new DefaultRoleValidator(); - - private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; - + + private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; + protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; public void destroy() { } - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, - FilterChain filterChain) - throws IOException, ServletException + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) + throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; - + boolean postMethod = "POST".equalsIgnoreCase(request.getMethod()); HttpSession session = request.getSession(); - + Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);; - + String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); - String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); - + String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); + //Eagerly look for Global LogOut String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT); boolean logOutRequest = isNotNull(gloStr) && "true".equalsIgnoreCase(gloStr); - - if(!postMethod && !logOutRequest) + + if (!postMethod && !logOutRequest) { //Check if we are already authenticated - if(userPrincipal != null) + if (userPrincipal != null) { filterChain.doFilter(servletRequest, servletResponse); return; } - + //We need to send request to IDP - if(userPrincipal == null) + if (userPrincipal == null) { String relayState = null; try - { + { //TODO: use the handlers to generate the request AuthnRequestType authnRequest = createSAMLRequest(serviceURL, identityURL); sendRequestToIDP(authnRequest, relayState, response); @@ -190,81 +193,77 @@ catch (Exception e) { throw new ServletException(e); - } + } return; - } + } } else { - if(!isNotNull(samlRequest) && !isNotNull(samlResponse)) + if (!isNotNull(samlRequest) && !isNotNull(samlResponse)) { //Neither saml request nor response from IDP //So this is a user request - + //Ask the handler chain to generate the saml request Set<SAML2Handler> handlers = chain.handlers(); - + IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL); - ProtocolContext protocolContext = new HTTPContext(request,response, context); + ProtocolContext protocolContext = new HTTPContext(request, response, context); //Create the request/response - SAML2HandlerRequest saml2HandlerRequest = - new DefaultSAML2HandlerRequest(protocolContext, - holder.getIssuer(), null, - HANDLER_TYPE.SP); - - SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); - + SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext, + holder.getIssuer(), null, HANDLER_TYPE.SP); + + SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); + saml2HandlerResponse.setDestination(identityURL); - + //Reset the state try { - for(SAML2Handler handler: handlers) + for (SAML2Handler handler : handlers) { handler.reset(); - if(saml2HandlerResponse.isInError()) + if (saml2HandlerResponse.isInError()) { response.sendError(saml2HandlerResponse.getErrorCode()); break; - } - - if(logOutRequest) + } + + if (logOutRequest) saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT); - else + else saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH); handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse); - } + } } - catch(ProcessingException pe) + catch (ProcessingException pe) { throw new RuntimeException(pe); - } + } Document samlResponseDocument = saml2HandlerResponse.getResultingDocument(); String relayState = saml2HandlerResponse.getRelayState(); - + String destination = saml2HandlerResponse.getDestination(); - - - if(destination != null && - samlResponseDocument != null) + + if (destination != null && samlResponseDocument != null) { try { - this.sendToDestination(samlResponseDocument, relayState, destination, response, + this.sendToDestination(samlResponseDocument, relayState, destination, response, saml2HandlerResponse.getSendRequest()); } catch (Exception e) { - if(trace) - log.trace("Exception:",e); + if (trace) + log.trace("Exception:", e); throw new ServletException("Server Error"); - } + } return; } } - + //See if we got a response from IDP - if(isNotNull(samlResponse)) + if (isNotNull(samlResponse)) { boolean isValid = false; try @@ -275,51 +274,49 @@ { throw new ServletException(e); } - if(!isValid) + if (!isValid) throw new ServletException("Validity check failed"); - + //deal with SAML response from IDP byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse); InputStream is = new ByteArrayInputStream(base64DecodedResponse); //Are we going to send Request to IDP? boolean willSendRequest = true; - + try { SAML2Response saml2Response = new SAML2Response(); - + SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is); SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder(); - if(!ignoreSignatures) - { - if(!verifySignature(documentHolder)) - throw new ServletException("Cannot verify sender"); + if (!ignoreSignatures) + { + if (!verifySignature(documentHolder)) + throw new ServletException("Cannot verify sender"); } - + Set<SAML2Handler> handlers = chain.handlers(); IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL); - ProtocolContext protocolContext = new HTTPContext(request,response, context); + ProtocolContext protocolContext = new HTTPContext(request, response, context); //Create the request/response - SAML2HandlerRequest saml2HandlerRequest = - new DefaultSAML2HandlerRequest(protocolContext, - holder.getIssuer(), documentHolder, - HANDLER_TYPE.SP); - if( keyManager != null ) - saml2HandlerRequest.addOption( GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey() ); - - SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); - + SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext, + holder.getIssuer(), documentHolder, HANDLER_TYPE.SP); + if (keyManager != null) + saml2HandlerRequest.addOption(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey()); + + SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); + //Deal with handler chains - for(SAML2Handler handler : handlers) + for (SAML2Handler handler : handlers) { - if(saml2HandlerResponse.isInError()) + if (saml2HandlerResponse.isInError()) { response.sendError(saml2HandlerResponse.getErrorCode()); break; } - if(samlObject instanceof RequestAbstractType) + if (samlObject instanceof RequestAbstractType) { handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse); willSendRequest = false; @@ -332,27 +329,25 @@ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument(); String relayState = saml2HandlerResponse.getRelayState(); - + String destination = saml2HandlerResponse.getDestination(); - - - if(destination != null && - samlResponseDocument != null) + + if (destination != null && samlResponseDocument != null) { this.sendToDestination(samlResponseDocument, relayState, destination, response, willSendRequest); return; } - + //See if the session has been invalidated try { - session.isNew(); + session.isNew(); } - catch(IllegalStateException ise) + catch (IllegalStateException ise) { //we are invalidated. - RequestDispatcher dispatch = context.getRequestDispatcher(this.logOutPage); - if(dispatch == null) + RequestDispatcher dispatch = context.getRequestDispatcher(this.logOutPage); + if (dispatch == null) log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage); else dispatch.forward(request, response); @@ -362,58 +357,56 @@ } catch (Exception e) { - if(trace) + if (trace) log.trace("Server Exception:", e); throw new ServletException("Server Exception"); - } - + } + } - - if(isNotNull(samlRequest)) + + if (isNotNull(samlRequest)) { //we got a logout request - + //deal with SAML response from IDP byte[] base64DecodedRequest = PostBindingUtil.base64Decode(samlRequest); InputStream is = new ByteArrayInputStream(base64DecodedRequest); //Are we going to send Request to IDP? boolean willSendRequest = false; - + try { - SAML2Request saml2Request = new SAML2Request(); + SAML2Request saml2Request = new SAML2Request(); SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is); SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder(); - - if(!ignoreSignatures) - { - if(!verifySignature(documentHolder)) - throw new ServletException("Cannot verify sender"); + + if (!ignoreSignatures) + { + if (!verifySignature(documentHolder)) + throw new ServletException("Cannot verify sender"); } - + Set<SAML2Handler> handlers = chain.handlers(); IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL); - ProtocolContext protocolContext = new HTTPContext(request,response, context); + ProtocolContext protocolContext = new HTTPContext(request, response, context); //Create the request/response - SAML2HandlerRequest saml2HandlerRequest = - new DefaultSAML2HandlerRequest(protocolContext, - holder.getIssuer(), documentHolder, - HANDLER_TYPE.SP); - if( keyManager != null ) - saml2HandlerRequest.addOption( GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey() ); - - SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); - + SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext, + holder.getIssuer(), documentHolder, HANDLER_TYPE.SP); + if (keyManager != null) + saml2HandlerRequest.addOption(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey()); + + SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); + //Deal with handler chains - for(SAML2Handler handler : handlers) + for (SAML2Handler handler : handlers) { - if(saml2HandlerResponse.isInError()) + if (saml2HandlerResponse.isInError()) { response.sendError(saml2HandlerResponse.getErrorCode()); break; } - if(samlObject instanceof RequestAbstractType) + if (samlObject instanceof RequestAbstractType) { handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse); willSendRequest = false; @@ -426,32 +419,30 @@ Document samlResponseDocument = saml2HandlerResponse.getResultingDocument(); String relayState = saml2HandlerResponse.getRelayState(); - + String destination = saml2HandlerResponse.getDestination(); - - - if(destination != null && - samlResponseDocument != null) + + if (destination != null && samlResponseDocument != null) { this.sendToDestination(samlResponseDocument, relayState, destination, response, willSendRequest); return; - } + } } catch (Exception e) { - if(trace) + if (trace) log.trace("Server Exception:", e); throw new ServletException("Server Exception"); - } - } - } + } + } + } } public void init(FilterConfig filterConfig) throws ServletException { this.context = filterConfig.getServletContext(); InputStream is = context.getResourceAsStream(configFile); - if(is == null) + if (is == null) throw new RuntimeException(configFile + " missing"); try { @@ -460,118 +451,117 @@ this.serviceURL = spConfiguration.getServiceURL(); this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod(); - log.info( "SPFilter:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod ); + log.info("SPFilter:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod); XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod); - - log.trace("Identity Provider URL=" + this.identityURL); + + log.trace("Identity Provider URL=" + this.identityURL); } catch (Exception e) { throw new RuntimeException(e); } - + //Get the Role Validator if configured String roleValidatorName = filterConfig.getInitParameter(GeneralConstants.ROLE_VALIDATOR); - if(roleValidatorName != null && !"".equals(roleValidatorName)) + if (roleValidatorName != null && !"".equals(roleValidatorName)) { try { - Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(roleValidatorName); + Class<?> clazz = SecurityActions.loadClass(getClass(), roleValidatorName); this.roleValidator = (IRoleValidator) clazz.newInstance(); } catch (Exception e) { throw new RuntimeException(e); - } + } } - - Map<String,String> options = new HashMap<String, String>(); + + Map<String, String> options = new HashMap<String, String>(); String roles = filterConfig.getInitParameter(GeneralConstants.ROLES); - if(trace) - log.trace("Found Roles in SPFilter config="+roles); - if(roles != null) + if (trace) + log.trace("Found Roles in SPFilter config=" + roles); + if (roles != null) { options.put("ROLES", roles); } - this.roleValidator.intialize(options); - + this.roleValidator.intialize(options); + String samlHandlerChainClass = filterConfig.getInitParameter("SAML_HANDLER_CHAIN_CLASS"); //Get the chain from config - if(StringUtil.isNullOrEmpty(samlHandlerChainClass)) + if (StringUtil.isNullOrEmpty(samlHandlerChainClass)) chain = SAML2HandlerChainFactory.createChain(); - else - try - { - chain = SAML2HandlerChainFactory.createChain(samlHandlerChainClass); - } - catch (ProcessingException e1) - { - throw new ServletException(e1); - } + else + try + { + chain = SAML2HandlerChainFactory.createChain(samlHandlerChainClass); + } + catch (ProcessingException e1) + { + throw new ServletException(e1); + } try { //Get the handlers String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION; Handlers handlers = ConfigurationUtil.getHandlers(context.getResourceAsStream(handlerConfigFileName)); chain.addAll(HandlerUtil.getHandlers(handlers)); - + Map<String, Object> chainConfigOptions = new HashMap<String, Object>(); - chainConfigOptions.put(GeneralConstants.CONFIGURATION, spConfiguration); + chainConfigOptions.put(GeneralConstants.CONFIGURATION, spConfiguration); chainConfigOptions.put(GeneralConstants.ROLE_VALIDATOR, roleValidator); - chainConfigOptions.put( GeneralConstants.CANONICALIZATION_METHOD, canonicalizationMethod ); - + chainConfigOptions.put(GeneralConstants.CANONICALIZATION_METHOD, canonicalizationMethod); + SAML2HandlerChainConfig handlerChainConfig = new DefaultSAML2HandlerChainConfig(chainConfigOptions); Set<SAML2Handler> samlHandlers = chain.handlers(); - - for(SAML2Handler handler: samlHandlers) + + for (SAML2Handler handler : samlHandlers) { handler.initChainConfig(handlerChainConfig); } } - catch(Exception e) + catch (Exception e) { - throw new RuntimeException(e); + throw new RuntimeException(e); } - + String ignoreSigString = filterConfig.getInitParameter(GeneralConstants.IGNORE_SIGNATURES); - if(ignoreSigString != null && !"".equals(ignoreSigString)) + if (ignoreSigString != null && !"".equals(ignoreSigString)) { this.ignoreSignatures = Boolean.parseBoolean(ignoreSigString); } - - if(ignoreSignatures == false) - { + + if (ignoreSignatures == false) + { KeyProviderType keyProvider = this.spConfiguration.getKeyProvider(); - if(keyProvider == null) + if (keyProvider == null) throw new RuntimeException("KeyProvider is null"); try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); String keyManagerClassName = keyProvider.getClassName(); - if(keyManagerClassName == null) + if (keyManagerClassName == null) throw new RuntimeException("KeyManager class name is null"); - - Class<?> clazz = tcl.loadClass(keyManagerClassName); + + Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName); this.keyManager = (TrustKeyManager) clazz.newInstance(); List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); - keyManager.setAuthProperties( authProperties ); - + keyManager.setAuthProperties(authProperties); + keyManager.setValidatingAlias(keyProvider.getValidatingAlias()); } - catch(Exception e) + catch (Exception e) { - log.error("Exception reading configuration:",e); + log.error("Exception reading configuration:", e); throw new RuntimeException(e.getLocalizedMessage()); } - log.trace("Key Provider=" + keyProvider.getClassName()); + log.trace("Key Provider=" + keyProvider.getClassName()); } - + //see if a global logout page has been configured String gloPage = filterConfig.getInitParameter(GeneralConstants.LOGOUT_PAGE); - if(gloPage != null && !"".equals(gloPage)) - this.logOutPage = gloPage; + if (gloPage != null && !"".equals(gloPage)) + this.logOutPage = gloPage; } /** @@ -583,71 +573,65 @@ */ private AuthnRequestType createSAMLRequest(String serviceURL, String identityURL) throws ConfigurationException { - if(serviceURL == null) + if (serviceURL == null) throw new IllegalArgumentException("serviceURL is null"); - if(identityURL == null) + if (identityURL == null) throw new IllegalArgumentException("identityURL is null"); - + SAML2Request saml2Request = new SAML2Request(); String id = IDGenerator.create("ID_"); - return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL); + return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL); } - - protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, - HttpServletResponse response) - throws IOException, SAXException, GeneralSecurityException + + protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, HttpServletResponse response) + throws IOException, SAXException, GeneralSecurityException { SAML2Request saml2Request = new SAML2Request(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); saml2Request.marshall(authnRequest, baos); - - String samlMessage = PostBindingUtil.base64Encode(baos.toString()); + + String samlMessage = PostBindingUtil.base64Encode(baos.toString()); String destination = authnRequest.getDestination().toASCIIString(); - PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState), - response, true); + PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState), response, true); } - - protected void sendToDestination(Document samlDocument, String relayState, - String destination, - HttpServletResponse response, - boolean request) - throws IOException, SAXException, GeneralSecurityException + + protected void sendToDestination(Document samlDocument, String relayState, String destination, + HttpServletResponse response, boolean request) throws IOException, SAXException, GeneralSecurityException { - if(!ignoreSignatures) + if (!ignoreSignatures) { - SAML2Signature samlSignature = new SAML2Signature(); - + SAML2Signature samlSignature = new SAML2Signature(); + KeyPair keypair = keyManager.getSigningKeyPair(); samlSignature.signSAMLDocument(samlDocument, keypair); } - String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument)); - PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState), - response, request); + String samlMessage = PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument)); + PostBindingUtil.sendPost(new DestinationInfoHolder(destination, samlMessage, relayState), response, request); } - + protected boolean validate(HttpServletRequest request) throws IOException, GeneralSecurityException { - return request.getParameter("SAMLResponse") != null; + return request.getParameter("SAMLResponse") != null; } - + protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder) throws IssuerNotTrustedException - { + { Document samlResponse = samlDocumentHolder.getSamlDocument(); - SAML2Object samlObject = samlDocumentHolder.getSamlObject(); - + SAML2Object samlObject = samlDocumentHolder.getSamlObject(); + String issuerID = null; - if(samlObject instanceof StatusResponseType) + if (samlObject instanceof StatusResponseType) { - issuerID = ((StatusResponseType)samlObject).getIssuer().getValue(); + issuerID = ((StatusResponseType) samlObject).getIssuer().getValue(); } else { - issuerID = ((RequestAbstractType)samlObject).getIssuer().getValue(); + issuerID = ((RequestAbstractType) samlObject).getIssuer().getValue(); } - - if(issuerID == null) + + if (issuerID == null) throw new IssuerNotTrustedException("Issue missing"); - + URL issuerURL; try { @@ -657,59 +641,59 @@ { throw new IssuerNotTrustedException(e1); } - + try { PublicKey publicKey = keyManager.getValidatingKey(issuerURL.getHost()); - log.trace("Going to verify signature in the saml response from IDP"); - boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey); - log.trace("Signature verification="+sigResult); + log.trace("Going to verify signature in the saml response from IDP"); + boolean sigResult = XMLSignatureUtil.validate(samlResponse, publicKey); + log.trace("Signature verification=" + sigResult); return sigResult; } catch (TrustKeyConfigurationException e) { - log.error("Unable to verify signature",e); + log.error("Unable to verify signature", e); } catch (TrustKeyProcessingException e) { - log.error("Unable to verify signature",e); + log.error("Unable to verify signature", e); } catch (MarshalException e) { - log.error("Unable to verify signature",e); + log.error("Unable to verify signature", e); } catch (XMLSignatureException e) { - log.error("Unable to verify signature",e); + log.error("Unable to verify signature", e); } return false; - } - + } + protected void isTrusted(String issuer) throws IssuerNotTrustedException { try { URL url = new URL(issuer); - String issuerDomain = url.getHost(); - TrustType idpTrust = spConfiguration.getTrust(); - if(idpTrust != null) + String issuerDomain = url.getHost(); + TrustType idpTrust = spConfiguration.getTrust(); + if (idpTrust != null) { String domainsTrusted = idpTrust.getDomains(); - if(domainsTrusted.indexOf(issuerDomain) < 0) - throw new IssuerNotTrustedException(issuer); + if (domainsTrusted.indexOf(issuerDomain) < 0) + throw new IssuerNotTrustedException(issuer); } } catch (Exception e) { - throw new IssuerNotTrustedException(e.getLocalizedMessage(),e); + throw new IssuerNotTrustedException(e.getLocalizedMessage(), e); } } - + protected ResponseType decryptAssertion(ResponseType responseType) { throw new RuntimeException("This authenticator does not handle encryption"); } - + /** * Handle the SAMLResponse from the IDP * @param request entire request from IDP @@ -717,67 +701,68 @@ * @param serverEnvironment tomcat,jboss etc * @return * @throws AssertionExpiredException - */ - public Principal handleSAMLResponse(HttpServletRequest request, ResponseType responseType) - throws ConfigurationException, AssertionExpiredException + */ + public Principal handleSAMLResponse(HttpServletRequest request, ResponseType responseType) + throws ConfigurationException, AssertionExpiredException { - if(request == null) + if (request == null) throw new IllegalArgumentException("request is null"); - if(responseType == null) + if (responseType == null) throw new IllegalArgumentException("response type is null"); - + StatusType statusType = responseType.getStatus(); - if(statusType == null) + if (statusType == null) throw new IllegalArgumentException("Status Type from the IDP is null"); String statusValue = statusType.getStatusCode().getValue().toASCIIString(); - if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) + if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) throw new SecurityException("IDP forbid the user"); - List<org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType> assertions = responseType.getAssertions(); - if(assertions.size() == 0) - throw new IllegalStateException("No assertions in reply from IDP"); - + List<org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType> assertions = responseType + .getAssertions(); + if (assertions.size() == 0) + throw new IllegalStateException("No assertions in reply from IDP"); + AssertionType assertion = assertions.get(0).getAssertion(); //Check for validity of assertion boolean expiredAssertion = AssertionUtil.hasExpired(assertion); - if(expiredAssertion) + if (expiredAssertion) throw new AssertionExpiredException(); - - SubjectType subject = assertion.getSubject(); + + SubjectType subject = assertion.getSubject(); /*JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0); NameIDType nameID = jnameID.getValue();*/ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID(); - + final String userName = nameID.getValue(); List<String> roles = new ArrayList<String>(); //Let us get the roles AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next(); List<ASTChoiceType> attList = attributeStatement.getAttributes(); - for(ASTChoiceType obj:attList) + for (ASTChoiceType obj : attList) { AttributeType attr = obj.getAttribute(); String roleName = (String) attr.getAttributeValue().get(0); roles.add(roleName); } - + Principal principal = new Principal() { public String getName() { return userName; } - }; - + }; + //Validate the roles boolean validRole = roleValidator.userInRole(principal, roles); - if(!validRole) + if (!validRole) { - if(trace) + if (trace) log.trace("Invalid role:" + roles); principal = null; } return principal; - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,18 +31,40 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } -} + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/DefaultLoginHandler.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -22,7 +22,7 @@ package org.picketlink.identity.federation.web.handlers; import java.io.IOException; -import java.io.InputStream; +import java.net.URL; import java.util.Properties; import javax.security.auth.login.LoginException; @@ -40,16 +40,15 @@ public class DefaultLoginHandler implements ILoginHandler { private static Properties props = new Properties(); - + static { try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); - InputStream is = tcl.getResourceAsStream("users.properties"); - if(is == null) + URL url = SecurityActions.loadResource(DefaultLoginHandler.class, "users.properties"); + if (url == null) throw new RuntimeException("users.properties not found"); - props.load(is); + props.load(url.openStream()); } catch (IOException e) { @@ -59,18 +58,18 @@ public boolean authenticate(String username, Object credential) throws LoginException { - String pass= null; - if(credential instanceof byte[]) + String pass = null; + if (credential instanceof byte[]) { - pass = new String((byte[])credential); + pass = new String((byte[]) credential); } - else if(credential instanceof String) + else if (credential instanceof String) { pass = (String) credential; } else throw new RuntimeException("Unknown credential type:" + credential.getClass()); - + String storedPass = (String) props.get(username); return storedPass != null ? storedPass.equals(pass) : false; } Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.web.handlers; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -31,18 +32,69 @@ */ class SecurityActions { + + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** - * Get the Thread Context ClassLoader + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName * @return */ - static ClassLoader getContextClassLoader() + static URL loadResource(final Class<?> clazz, final String resourceName) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<URL>() { - public ClassLoader run() + public URL run() { - return Thread.currentThread().getContextClassLoader(); + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; } }); - } -} + } +} \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/RolesGenerationHandler.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -35,7 +35,7 @@ import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig; import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest; -import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse; +import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse; import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.HTTPContext; @@ -48,78 +48,76 @@ public class RolesGenerationHandler extends BaseSAML2Handler { private static Logger log = Logger.getLogger(RolesGenerationHandler.class); - private boolean trace = log.isTraceEnabled(); - - private transient RoleGenerator roleGenerator = new EmptyRoleGenerator(); + private final boolean trace = log.isTraceEnabled(); + + private transient RoleGenerator roleGenerator = new EmptyRoleGenerator(); + @Override public void initChainConfig(SAML2HandlerChainConfig handlerChainConfig) throws ConfigurationException - { + { super.initChainConfig(handlerChainConfig); Object config = this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION); - if(config instanceof IDPType) + if (config instanceof IDPType) { IDPType idpType = (IDPType) config; String roleGeneratorString = idpType.getRoleGenerator(); - this.insantiateRoleValidator(roleGeneratorString); - } - } - + this.insantiateRoleValidator(roleGeneratorString); + } + } + @Override public void initHandlerConfig(SAML2HandlerConfig handlerConfig) throws ConfigurationException { super.initHandlerConfig(handlerConfig); String roleGeneratorString = (String) this.handlerConfig.getParameter(GeneralConstants.ATTIBUTE_MANAGER); - this.insantiateRoleValidator(roleGeneratorString); + this.insantiateRoleValidator(roleGeneratorString); } - /** * @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest, SAML2HandlerResponse)} */ @SuppressWarnings("unchecked") - public void handleRequestType(SAML2HandlerRequest request, - SAML2HandlerResponse response) throws ProcessingException - { + public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException + { //Do not handle log out request interaction - if(request.getSAML2Object() instanceof LogoutRequestType) - return ; - + if (request.getSAML2Object() instanceof LogoutRequestType) + return; + //only handle IDP side - if(getType() == HANDLER_TYPE.SP) + if (getType() == HANDLER_TYPE.SP) return; - + HTTPContext httpContext = (HTTPContext) request.getContext(); HttpSession session = httpContext.getRequest().getSession(false); - + Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID); List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID); - - if(roles == null) + + if (roles == null) { roles = roleGenerator.generateRoles(userPrincipal); session.setAttribute(GeneralConstants.ROLES_ID, roles); } response.setRoles(roles); } - - private void insantiateRoleValidator(String attribStr) - throws ConfigurationException + + private void insantiateRoleValidator(String attribStr) throws ConfigurationException { - if(attribStr != null && !"".equals(attribStr)) + if (attribStr != null && !"".equals(attribStr)) { - ClassLoader tcl = SecurityActions.getContextClassLoader(); try { - roleGenerator = (RoleGenerator) tcl.loadClass(attribStr).newInstance(); - if(trace) + Class<?> clazz = SecurityActions.loadClass(getClass(), attribStr); + roleGenerator = (RoleGenerator) clazz.newInstance(); + if (trace) log.trace("RoleGenerator set to " + this.roleGenerator); } catch (Exception e) { - log.error("Exception initializing role generator:",e); - throw new ConfigurationException(); - } - } + log.error("Exception initializing role generator:", e); + throw new ConfigurationException(); + } + } } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AttributeHandler.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -43,9 +43,9 @@ import org.picketlink.identity.federation.core.util.StringUtil; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.core.HTTPContext; @@ -147,10 +147,9 @@ { if (attribStr != null && !"".equals(attribStr)) { - ClassLoader tcl = SecurityActions.getContextClassLoader(); try { - attribManager = (AttributeManager) tcl.loadClass(attribStr).newInstance(); + attribManager = (AttributeManager) SecurityActions.loadClass(getClass(), attribStr).newInstance(); if (trace) log.trace("AttributeManager set to " + this.attribManager); } Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,18 +31,40 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } -} + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/DefaultRoleGenerator.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -22,7 +22,7 @@ package org.picketlink.identity.federation.web.roles; import java.io.IOException; -import java.io.InputStream; +import java.net.URL; import java.security.Principal; import java.util.ArrayList; import java.util.List; @@ -47,11 +47,10 @@ { try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); - InputStream is = tcl.getResourceAsStream("roles.properties"); - if (is == null) + URL url = SecurityActions.loadResource(DefaultRoleGenerator.class, "roles.properties"); + if (url == null) throw new RuntimeException("roles.properties not found"); - props.load(is); + props.load(url.openStream()); } catch (IOException e) { Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/roles/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.web.roles; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -31,18 +32,68 @@ */ class SecurityActions { + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** - * Get the Thread Context ClassLoader + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName * @return */ - static ClassLoader getContextClassLoader() + static URL loadResource(final Class<?> clazz, final String resourceName) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<URL>() { - public ClassLoader run() + public URL run() { - return Thread.currentThread().getContextClassLoader(); + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; } }); - } -} + } +} \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPLoginServlet.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -46,41 +46,42 @@ public class IDPLoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; + private transient ServletContext context; + private transient ILoginHandler loginHandler = null; - + @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); - + //Check if we are already authenticated Principal principal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID); - if(principal != null) + if (principal != null) { this.saveRequest(request, session); - redirectToIDP(request,response); + redirectToIDP(request, response); return; } - + final String username = request.getParameter(GeneralConstants.USERNAME_FIELD); String passwd = request.getParameter(GeneralConstants.PASS_FIELD); - - if(username == null || passwd == null) + + if (username == null || passwd == null) { String samlMessage = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); - - if(samlMessage == null || "".equals(samlMessage)) + + if (samlMessage == null || "".equals(samlMessage)) response.sendError(HttpServletResponse.SC_BAD_REQUEST); - + log("No username or password found. Redirecting to login page"); this.saveRequest(request, session); - - if(response.isCommitted()) + + if (response.isCommitted()) throw new RuntimeException("Response is committed. Cannot forward to login page."); - - this.redirectToLoginPage(request, response); + + this.redirectToLoginPage(request, response); } else { @@ -88,12 +89,12 @@ try { boolean isValid = loginHandler.authenticate(username, passwd); - if(!isValid) + if (!isValid) { - response.sendError(HttpServletResponse.SC_FORBIDDEN); + response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } - + session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() { public String getName() @@ -101,8 +102,7 @@ return username; } }); - - + this.redirectToIDP(request, response); return; } @@ -112,7 +112,7 @@ //TODO: Send back invalid user SAML response.sendError(HttpServletResponse.SC_FORBIDDEN); } - } + } } @Override @@ -120,58 +120,56 @@ { super.init(config); this.context = config.getServletContext(); - + String loginClass = config.getInitParameter("loginClass"); - if(loginClass == null || loginClass.length() == 0) + if (loginClass == null || loginClass.length() == 0) loginClass = DefaultLoginHandler.class.getName(); //Lets set up the login class try { - Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(loginClass); + Class<?> clazz = SecurityActions.loadClass(getClass(), loginClass); loginHandler = (ILoginHandler) clazz.newInstance(); } catch (Exception e) { throw new ServletException(e); - } + } } - - public void testPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException - { + + public void testPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException + { this.doPost(request, response); } - + private void saveRequest(HttpServletRequest request, HttpSession session) { //Save the SAMLRequest and relayState - session.setAttribute(GeneralConstants.SAML_REQUEST_KEY, - request.getParameter(GeneralConstants.SAML_REQUEST_KEY)); - session.setAttribute(GeneralConstants.SAML_RESPONSE_KEY, - request.getParameter(GeneralConstants.SAML_RESPONSE_KEY)); - + session.setAttribute(GeneralConstants.SAML_REQUEST_KEY, request.getParameter(GeneralConstants.SAML_REQUEST_KEY)); + session + .setAttribute(GeneralConstants.SAML_RESPONSE_KEY, request.getParameter(GeneralConstants.SAML_RESPONSE_KEY)); + String relayState = request.getParameter(GeneralConstants.RELAY_STATE); - if(relayState != null && !"".equals(relayState)) - session.setAttribute(GeneralConstants.RELAY_STATE, relayState ); + if (relayState != null && !"".equals(relayState)) + session.setAttribute(GeneralConstants.RELAY_STATE, relayState); session.setAttribute("Referer", request.getHeader("Referer")); } - - private void redirectToIDP(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException + + private void redirectToIDP(HttpServletRequest request, HttpServletResponse response) throws ServletException, + IOException { - RequestDispatcher dispatch = context.getRequestDispatcher("/IDPServlet"); - if(dispatch == null) + RequestDispatcher dispatch = context.getRequestDispatcher("/IDPServlet"); + if (dispatch == null) log("Cannot dispatch to the IDP Servlet"); else dispatch.forward(request, response); return; } - - private void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException + + private void redirectToLoginPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, + IOException { - RequestDispatcher dispatch = context.getRequestDispatcher("/jsp/login.jsp"); - if(dispatch == null) + RequestDispatcher dispatch = context.getRequestDispatcher("/jsp/login.jsp"); + if (dispatch == null) log("Cannot find the login page"); else dispatch.forward(request, response); Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -171,8 +171,8 @@ String attributeManager = idpConfiguration.getAttributeManager(); if (attributeManager != null && !"".equals(attributeManager)) { - ClassLoader tcl = SecurityActions.getContextClassLoader(); - AttributeManager delegate = (AttributeManager) tcl.loadClass(attributeManager).newInstance(); + AttributeManager delegate = (AttributeManager) SecurityActions.loadClass(getClass(), attributeManager) + .newInstance(); this.attribManager.setDelegate(delegate); } @@ -212,12 +212,11 @@ try { - ClassLoader tcl = SecurityActions.getContextClassLoader(); String keyManagerClassName = keyProvider.getClassName(); if (keyManagerClassName == null) throw new RuntimeException("KeyManager class name is null"); - Class<?> clazz = tcl.loadClass(keyManagerClassName); + Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName); this.keyManager = (TrustKeyManager) clazz.newInstance(); List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); @@ -259,21 +258,13 @@ { try { - Class<?> stackClass = SecurityActions.getContextClassLoader().loadClass(theStackParam); + Class<?> stackClass = SecurityActions.loadClass(getClass(), theStackParam); identityServer.setStack((IdentityParticipantStack) stackClass.newInstance()); } - catch (ClassNotFoundException e) + catch (Exception e) { log("Unable to set the Identity Participant Stack Class. Will just use the default", e); } - catch (InstantiationException e) - { - log("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } - catch (IllegalAccessException e) - { - log("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } } } @@ -683,7 +674,7 @@ { try { - Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(rgName); + Class<?> clazz = SecurityActions.loadClass(getClass(), rgName); roleGenerator = (RoleGenerator) clazz.newInstance(); } catch (Exception e) Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,18 +31,41 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } } Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/CircleOfTrustServlet.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -48,126 +48,122 @@ public class CircleOfTrustServlet extends HttpServlet { private static final long serialVersionUID = 1L; - + private transient IMetadataConfigurationStore configProvider = new FileBasedMetadataConfigurationStore(); - + @Override public void init(ServletConfig config) throws ServletException { - super.init(config); - + super.init(config); + String cstr = config.getInitParameter("configProvider"); - if(isNotNull(cstr)) + if (isNotNull(cstr)) { - ClassLoader tcl; try { - tcl = SecurityActions.getContextClassLoader(); - configProvider = (IMetadataConfigurationStore) tcl.loadClass(cstr).newInstance(); + configProvider = (IMetadataConfigurationStore) SecurityActions.loadClass(getClass(), cstr).newInstance(); } catch (Exception e) { throw new ServletException(e); } - } + } } - - + @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException - { + { //Handle listing of providers for either idp or sp //Handle adding an IDP //Handle adding a SP String action = req.getParameter("action"); String type = req.getParameter("type"); - if(action == null) + if (action == null) throw new ServletException("action is null"); - if(type == null) + if (type == null) throw new ServletException("type is null"); //SP - if("sp".equalsIgnoreCase(type)) + if ("sp".equalsIgnoreCase(type)) { - if("add".equalsIgnoreCase(action)) + if ("add".equalsIgnoreCase(action)) { try { - addIDP(req,resp); + addIDP(req, resp); req.getRequestDispatcher("/addedIDP.jsp").forward(req, resp); } catch (Exception e) { throw new ServletException(e); - } - } - if("display_trusted_providers".equalsIgnoreCase(action)) + } + } + if ("display_trusted_providers".equalsIgnoreCase(action)) { try { - displayTrustedProvidersForSP(req,resp); + displayTrustedProvidersForSP(req, resp); req.getRequestDispatcher("/spTrustedProviders.jsp").forward(req, resp); } catch (Exception e) { throw new ServletException(e); - } + } } } else - //IDP - if("idp".equalsIgnoreCase(type)) + //IDP + if ("idp".equalsIgnoreCase(type)) + { + if ("add".equalsIgnoreCase(action)) { - if("add".equalsIgnoreCase(action)) + try { - try - { - addSP(req,resp); - req.getRequestDispatcher("/addedSP.jsp").forward(req, resp); - } - catch (Exception e) - { - throw new ServletException(e); - } - } - if("display_trusted_providers".equalsIgnoreCase(action)) + addSP(req, resp); + req.getRequestDispatcher("/addedSP.jsp").forward(req, resp); + } + catch (Exception e) { - try - { - displayTrustedProvidersForIDP(req,resp); - req.getRequestDispatcher("/idpTrustedProviders.jsp").forward(req, resp); - } - catch (Exception e) - { - throw new ServletException(e); - } + throw new ServletException(e); } } + if ("display_trusted_providers".equalsIgnoreCase(action)) + { + try + { + displayTrustedProvidersForIDP(req, resp); + req.getRequestDispatcher("/idpTrustedProviders.jsp").forward(req, resp); + } + catch (Exception e) + { + throw new ServletException(e); + } + } + } } - - private void addIDP(HttpServletRequest request, HttpServletResponse response) - throws IOException + + private void addIDP(HttpServletRequest request, HttpServletResponse response) throws IOException { String spName = request.getParameter("spname"); String idpName = request.getParameter("idpname"); String metadataURL = request.getParameter("metadataURL"); - + EntityDescriptorType edt = getMetaData(metadataURL); - + configProvider.persist(edt, idpName); - + HttpSession httpSession = request.getSession(); httpSession.setAttribute("idp", edt); - + //Let us add the trusted providers - Map<String,String> trustedProviders = new HashMap<String, String>(); + Map<String, String> trustedProviders = new HashMap<String, String>(); try { - trustedProviders = configProvider.loadTrustedProviders(spName); - } + trustedProviders = configProvider.loadTrustedProviders(spName); + } catch (ClassNotFoundException e) { - log("Error obtaining the trusted providers for "+spName); + log("Error obtaining the trusted providers for " + spName); throw new RuntimeException(e); } finally @@ -176,29 +172,28 @@ configProvider.persistTrustedProviders(spName, trustedProviders); } } - - private void addSP(HttpServletRequest request, HttpServletResponse response) - throws IOException + + private void addSP(HttpServletRequest request, HttpServletResponse response) throws IOException { String idpName = request.getParameter("idpname"); String spName = request.getParameter("spname"); - String metadataURL = request.getParameter("metadataURL"); + String metadataURL = request.getParameter("metadataURL"); EntityDescriptorType edt = getMetaData(metadataURL); configProvider.persist(edt, spName); - + HttpSession httpSession = request.getSession(); httpSession.setAttribute("sp", edt); - + //Let us add the trusted providers - Map<String,String> trustedProviders = new HashMap<String, String>(); + Map<String, String> trustedProviders = new HashMap<String, String>(); try { - trustedProviders = configProvider.loadTrustedProviders(spName); + trustedProviders = configProvider.loadTrustedProviders(spName); } - catch(Exception e) + catch (Exception e) { - log("Error obtaining the trusted providers for "+spName); + log("Error obtaining the trusted providers for " + spName); } finally { @@ -207,11 +202,10 @@ } } - private EntityDescriptorType getMetaData(String metadataURL) throws IOException { throw new RuntimeException(); - + /*InputStream is; URL md = new URL(metadataURL); HttpURLConnection http = (HttpURLConnection) md.openConnection(); @@ -226,28 +220,28 @@ EntityDescriptorType edt = (EntityDescriptorType) obj; return edt;*/ } - - private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response) - throws IOException, ClassNotFoundException + + private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response) + throws IOException, ClassNotFoundException { - String idpName = request.getParameter("name"); - - Map<String, String> trustedProviders = configProvider.loadTrustedProviders(idpName); - + String idpName = request.getParameter("name"); + + Map<String, String> trustedProviders = configProvider.loadTrustedProviders(idpName); + HttpSession httpSession = request.getSession(); httpSession.setAttribute("idpName", idpName); - httpSession.setAttribute("providers", trustedProviders); + httpSession.setAttribute("providers", trustedProviders); } - - private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response) - throws IOException, ClassNotFoundException + + private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response) + throws IOException, ClassNotFoundException { - String spName = request.getParameter("name"); - - Map<String, String> trustedProviders = configProvider.loadTrustedProviders(spName); - + String spName = request.getParameter("name"); + + Map<String, String> trustedProviders = configProvider.loadTrustedProviders(spName); + HttpSession httpSession = request.getSession(); httpSession.setAttribute("spName", spName); - httpSession.setAttribute("providers", trustedProviders); + httpSession.setAttribute("providers", trustedProviders); } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -56,9 +56,9 @@ import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.XMLEncryptionUtil; import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType; +import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType; import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType; import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType; -import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.util.ConfigurationUtil; import org.w3c.dom.Element; @@ -71,20 +71,25 @@ public class MetadataServlet extends HttpServlet { private static final long serialVersionUID = 1L; + private static Logger log = Logger.getLogger(MetadataServlet.class); - private boolean trace = log.isTraceEnabled(); - + + private final boolean trace = log.isTraceEnabled(); + private String configFileLocation = GeneralConstants.CONFIG_FILE_LOCATION; + private transient MetadataProviderType metadataProviderType = null; - + private transient IMetadataProvider<?> metadataProvider = null; - + private transient EntityDescriptorType metadata; - + private String signingAlias = null; + private String encryptingAlias = null; - private TrustKeyManager keyManager; - + + private TrustKeyManager keyManager; + @SuppressWarnings("rawtypes") @Override public void init(ServletConfig config) throws ServletException @@ -94,33 +99,32 @@ { ServletContext context = config.getServletContext(); String configL = config.getInitParameter("configFile"); - if(isNotNull(configL)) + if (isNotNull(configL)) configFileLocation = configL; - if(trace) - log.trace("Config File Location="+ configFileLocation); + if (trace) + log.trace("Config File Location=" + configFileLocation); InputStream is = context.getResourceAsStream(configFileLocation); - if(is == null) + if (is == null) throw new RuntimeException(configFileLocation + " missing"); - + //Look for signing alias signingAlias = config.getInitParameter("signingAlias"); encryptingAlias = config.getInitParameter("encryptingAlias"); - ProviderType providerType = ConfigurationUtil.getIDPConfiguration(is); - metadataProviderType = providerType.getMetaDataProvider(); + ProviderType providerType = ConfigurationUtil.getIDPConfiguration(is); + metadataProviderType = providerType.getMetaDataProvider(); String fqn = metadataProviderType.getClassName(); - ClassLoader tcl = SecurityActions.getContextClassLoader(); - Class<?> clazz = tcl.loadClass(fqn); + Class<?> clazz = SecurityActions.loadClass(getClass(), fqn); metadataProvider = (IMetadataProvider) clazz.newInstance(); List<KeyValueType> keyValues = metadataProviderType.getOption(); - Map<String,String> options = new HashMap<String,String>(); - if(keyValues != null) + Map<String, String> options = new HashMap<String, String>(); + if (keyValues != null) { - for(KeyValueType kvt: keyValues) + for (KeyValueType kvt : keyValues) options.put(kvt.getKey(), kvt.getValue()); } metadataProvider.init(options); - if(metadataProvider.isMultiple()) + if (metadataProvider.isMultiple()) throw new RuntimeException("Multiple Entities not currently supported"); /** @@ -128,10 +132,10 @@ * It may be difficult to get to the resource from the TCL. */ String fileInjectionStr = metadataProvider.requireFileInjection(); - if(isNotNull(fileInjectionStr)) + if (isNotNull(fileInjectionStr)) { metadataProvider.injectFileStream(context.getResourceAsStream(fileInjectionStr)); - } + } metadata = (EntityDescriptorType) metadataProvider.getMetaData(); @@ -139,61 +143,60 @@ KeyProviderType keyProvider = providerType.getKeyProvider(); signingAlias = keyProvider.getSigningAlias(); String keyManagerClassName = keyProvider.getClassName(); - if(keyManagerClassName == null) + if (keyManagerClassName == null) throw new RuntimeException("KeyManager class name is null"); - clazz = tcl.loadClass(keyManagerClassName); + clazz = SecurityActions.loadClass(getClass(), keyManagerClassName); this.keyManager = (TrustKeyManager) clazz.newInstance(); - + List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); - keyManager.setAuthProperties( authProperties ); + keyManager.setAuthProperties(authProperties); Certificate cert = keyManager.getCertificate(signingAlias); Element keyInfo = KeyUtil.getKeyInfo(cert); //TODO: Assume just signing key for now - KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, - null, 0, true, false); + KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, null, 0, true, + false); updateKeyDescriptor(metadata, keyDescriptor); //encryption - if(this.encryptingAlias != null) + if (this.encryptingAlias != null) { cert = keyManager.getCertificate(encryptingAlias); keyInfo = KeyUtil.getKeyInfo(cert); String certAlgo = cert.getPublicKey().getAlgorithm(); - keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, - XMLEncryptionUtil.getEncryptionURL(certAlgo), - XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true); + keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, + XMLEncryptionUtil.getEncryptionURL(certAlgo), XMLEncryptionUtil.getEncryptionKeySize(certAlgo), + false, true); updateKeyDescriptor(metadata, keyDescriptor); } - } catch(Exception e) + } + catch (Exception e) { - log.error("Exception in starting servlet:",e); + log.error("Exception in starting servlet:", e); throw new ServletException("Unable to start servlet"); } - + } - - + @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType(JBossSAMLConstants.METADATA_MIME.get()); OutputStream os = resp.getOutputStream(); - + try { - XMLStreamWriter streamWriter = StaxUtil.getXMLStreamWriter( os ); - SAMLMetadataWriter writer = new SAMLMetadataWriter( streamWriter ); + XMLStreamWriter streamWriter = StaxUtil.getXMLStreamWriter(os); + SAMLMetadataWriter writer = new SAMLMetadataWriter(streamWriter); writer.writeEntityDescriptor(metadata); } catch (ProcessingException e) { - throw new ServletException( e ); - } + throw new ServletException(e); + } /* JAXBElement<?> jaxbEl = MetaDataBuilder.getObjectFactory().createEntityDescriptor(metadata); try @@ -203,19 +206,19 @@ catch (Exception e) { throw new RuntimeException(e); - }*/ + }*/ } - + private void updateKeyDescriptor(EntityDescriptorType entityD, KeyDescriptorType keyD) { - List<EDTDescriptorChoiceType> objs = entityD.getChoiceType().get(0).getDescriptors(); - if(objs != null) - { - for(EDTDescriptorChoiceType roleD: objs) - { - RoleDescriptorType roleDescriptor = roleD.getRoleDescriptor(); - roleDescriptor.addKeyDescriptor( keyD ); - } - } + List<EDTDescriptorChoiceType> objs = entityD.getChoiceType().get(0).getDescriptors(); + if (objs != null) + { + for (EDTDescriptorChoiceType roleD : objs) + { + RoleDescriptorType roleDescriptor = roleD.getRoleDescriptor(); + roleDescriptor.addKeyDescriptor(keyD); + } + } } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SOAPSAMLXACMLServlet.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -26,7 +26,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.PrivilegedActionException; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -121,7 +120,7 @@ { pdp = this.getPDP(); } - catch (PrivilegedActionException e) + catch (IOException e) { log("Exception loading PDP::", e); throw new ServletException("Unable to load PDP"); @@ -275,11 +274,6 @@ returnSOAPMessage = SOAPUtil.create(); SOAPBody returnSOAPBody = returnSOAPMessage.getSOAPBody(); returnSOAPBody.addDocument(responseDocument); - - /*JAXBElement<?> jaxbResponse = JAXBElementMappingUtil.get(); - - //Create a SOAP Envelope to hold the SAML response - envelope = this.createEnvelope(jaxbResponse); */ } catch (Exception e) { @@ -293,7 +287,6 @@ catch (SOAPException e1) { } - //envelope = this.createEnvelope(this.createFault("Server Error. Reference::" + id)); } finally { @@ -304,11 +297,6 @@ if (returnSOAPMessage == null) throw new RuntimeException("SOAPMessage for return is null"); returnSOAPMessage.writeTo(os); - /*if(envelope == null) - throw new IllegalStateException("SOAPEnvelope is null"); - JAXBElement<?> jaxbEnvelope = JAXBElementMappingUtil.get(envelope); - Marshaller marshaller = JAXBUtil.getMarshaller(SOAPSAMLXACMLUtil.getPackage()); - marshaller.marshal(jaxbEnvelope, os); */ } catch (Exception e) { @@ -317,10 +305,9 @@ } } - private PolicyDecisionPoint getPDP() throws PrivilegedActionException + private PolicyDecisionPoint getPDP() throws IOException { - ClassLoader tcl = SecurityActions.getContextClassLoader(); - InputStream is = tcl.getResourceAsStream(this.policyConfigFileName); + InputStream is = SecurityActions.loadResource(getClass(), this.policyConfigFileName).openStream(); if (is == null) throw new IllegalStateException(policyConfigFileName + " could not be located"); return new JBossPDP(is); Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -21,6 +21,7 @@ */ package org.picketlink.identity.federation.web.servlets.saml; +import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; @@ -31,7 +32,7 @@ */ class SecurityActions { - static void setSystemProperty( final String key, final String value) + static void setSystemProperty(final String key, final String value) { AccessController.doPrivileged(new PrivilegedAction<Object>() { @@ -40,18 +41,71 @@ System.setProperty(key, value); return null; } - }); + }); } - - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + + /** + * Load a resource based on the passed {@link Class} classloader. + * Failing which try with the Thread Context CL + * @param clazz + * @param resourceName + * @return + */ + static URL loadResource(final Class<?> clazz, final String resourceName) + { + return AccessController.doPrivileged(new PrivilegedAction<URL>() + { + public URL run() + { + URL url = null; + ClassLoader clazzLoader = clazz.getClassLoader(); + url = clazzLoader.getResource(resourceName); + + if (url == null) + { + clazzLoader = Thread.currentThread().getContextClassLoader(); + url = clazzLoader.getResource(resourceName); + } + + return url; + } + }); + } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SecurityActions.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,21 +31,44 @@ */ class SecurityActions { - /** - * Get the Thread Context ClassLoader - * @return - */ - static ClassLoader getContextClassLoader() + + static Class<?> loadClass(final Class<?> theClass, final String fqn) { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { - public ClassLoader run() + public Class<?> run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; } }); } - + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } + /** * Get the system property * @param key Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/ServerDetector.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -30,11 +30,12 @@ public class ServerDetector { private boolean jboss = false; + private boolean tomcat = false; - + public ServerDetector() { - this.detectServer(); + this.detectServer(); } public boolean isJboss() @@ -46,39 +47,38 @@ { return tomcat; } - + private void detectServer() { - //Detect JBoss - ClassLoader tcl = SecurityActions.getContextClassLoader(); - + //Detect JBoss + try { - Class<?> clazz = tcl.loadClass("org.jboss.system.Service"); - if(clazz != null) + Class<?> clazz = SecurityActions.loadClass(getClass(), "org.jboss.system.Service"); + if (clazz != null) { jboss = true; return; } } - catch(Exception e) + catch (Exception e) { - //ignore + //ignore } - + //Tomcat try { - Class<?> clazz = tcl.loadClass("org.apache.cataline.Server"); - if(clazz != null) + Class<?> clazz = SecurityActions.loadClass(getClass(), "org.apache.cataline.Server"); + if (clazz != null) { tomcat = true; return; } } - catch(Exception e) + catch (Exception e) { - //ignore + //ignore } } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/mock/MockContextClassLoader.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -31,21 +31,21 @@ * @since Oct 7, 2009 */ public class MockContextClassLoader extends URLClassLoader -{ +{ private String profile; - + private ClassLoader delegate; public MockContextClassLoader(URL[] urls) { - super(urls); + super(urls); } public void setDelegate(ClassLoader tcl) { this.delegate = tcl; } - + public void setProfile(String profile) { this.profile = profile; @@ -54,11 +54,29 @@ @Override public InputStream getResourceAsStream(String name) { - if(profile == null) - throw new RuntimeException("null profile"); + if (profile == null) + throw new RuntimeException("null profile"); InputStream is = super.getResourceAsStream(name); - if( is == null ) + if (is == null) is = delegate.getResourceAsStream(profile + "/" + name); return is; } + + @Override + public URL getResource(String name) + { + if (profile == null) + throw new RuntimeException("null profile"); + URL url = null; + try + { + url = super.getResource(profile + "/" + name); + } + catch (Exception e) + { + } + if (url == null) + url = delegate.getResource(profile + "/" + name); + return url; + } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2011-07-08 14:28:32 UTC (rev 1079) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2011-07-08 17:56:06 UTC (rev 1080) @@ -156,6 +156,9 @@ MockContextClassLoader mclIDP = setupTCL(profile + "/idp"); Thread.currentThread().setContextClassLoader(mclIDP); + URL url = Thread.currentThread().getContextClassLoader().getResource("roles.properties"); + assertNotNull("roles.properties visible?", url); + ServletContext servletContext = new MockServletContext(); session.setServletContext(servletContext);

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1079 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-08 10:28:32 -0400 (Fri, 08 Jul 2011) New Revision: 1079 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java Log: PLFED-186: set binary token Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2011-07-07 18:54:58 UTC (rev 1078) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/PicketLinkSTS.java 2011-07-08 14:28:32 UTC (rev 1079) @@ -98,11 +98,12 @@ public SOAPMessage invoke(SOAPMessage request) { String valueType = null; + Node binaryToken = null; //Check headers try { SOAPHeader soapHeader = request.getSOAPHeader(); - Node binaryToken = getBinaryToken(soapHeader); + binaryToken = getBinaryToken(soapHeader); if (binaryToken != null) { NamedNodeMap namedNodeMap = binaryToken.getAttributes(); @@ -149,6 +150,11 @@ throw new RuntimeException(e); } + if (binaryToken != null) + { + req.setBinaryToken(binaryToken); + } + if (valueType != null) { req.setBinaryValueType(URI.create(valueType));

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1078 - in integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration: saml11 and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-07 14:54:58 -0400 (Thu, 07 Jul 2011) New Revision: 1078 Added: integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml11/ integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml11/SAML11IDPFirstUnitTestCase.java Log: PLFED-206: saml 11 interaction Added: integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml11/SAML11IDPFirstUnitTestCase.java =================================================================== --- integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml11/SAML11IDPFirstUnitTestCase.java (rev 0) +++ integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml11/SAML11IDPFirstUnitTestCase.java 2011-07-07 18:54:58 UTC (rev 1078) @@ -0,0 +1,86 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.integration.saml11; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +import com.meterware.httpunit.GetMethodWebRequest; +import com.meterware.httpunit.SubmitButton; +import com.meterware.httpunit.WebConversation; +import com.meterware.httpunit.WebForm; +import com.meterware.httpunit.WebLink; +import com.meterware.httpunit.WebRequest; +import com.meterware.httpunit.WebResponse; + +/** + * <p> + * Unit test the PicketLink IDP application that + * supports the SAML v1.1 interaction. + * </p> + * <p> + * <b>Note:</b> This test expects that a set of endpoints that are configured + * for the test are available. You may have to start web containers offline + * for the endpoints to be live. + * </p> + * + * @author Anil.Saldhana(a)redhat.com + * @since Jul 7, 2011 + */ +public class SAML11IDPFirstUnitTestCase +{ + String IDP_URL = System.getProperty( "IDP_URL", "http://localhost:8080/idp/" ); + + @Test + public void testSAML11() throws Exception + { + System.out.println("Trying "+ IDP_URL); + WebRequest serviceRequest1 = new GetMethodWebRequest( IDP_URL ); + WebConversation webConversation = new WebConversation(); + + WebResponse webResponse = webConversation.getResponse( serviceRequest1 ); + WebForm loginForm = webResponse.getForms()[0]; + loginForm.setParameter("j_username", "tomcat" ); + loginForm.setParameter("j_password", "tomcat" ); + SubmitButton submitButton = loginForm.getSubmitButtons()[0]; + submitButton.click(); + + webResponse = webConversation.getCurrentPage(); + String responseText = webResponse.getText(); + System.out.println("Page=" + responseText); + assertTrue( " Reached the sales index page ", webResponse.getText().contains( "Sales" )); + WebLink[] links = webResponse.getLinks(); + boolean foundLink = false; + for(WebLink webLink: links) + { + if( webLink.getURLString().contains("sales-saml11")) + { + foundLink = true; + webResponse = webLink.click(); + assertTrue( " Reached the sales index page ", webResponse.getText().contains( "SalesTool" )); + break; + } + } + assertTrue("We found the SP link?", foundLink); + } +} \ No newline at end of file

13 years, 5 months

1
0
0 / 0

Picketlink SVN: r1077 - in federation/trunk/picketlink-webapps/sales-saml11: src and 6 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-07 10:45:12 -0400 (Thu, 07 Jul 2011) New Revision: 1077 Modified: federation/trunk/picketlink-webapps/sales-saml11/ federation/trunk/picketlink-webapps/sales-saml11/src/ federation/trunk/picketlink-webapps/sales-saml11/src/main/ federation/trunk/picketlink-webapps/sales-saml11/src/main/resources/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/lib/ Log: svn ig Property changes on: federation/trunk/picketlink-webapps/sales-saml11 ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/resources ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/lib ___________________________________________________________________ Added: svn:ignore + .settings target target-eclipse eclipse-target .project .classpath .settings .metadata

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1076 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp and 9 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-07 10:42:13 -0400 (Thu, 07 Jul 2011) New Revision: 1076 Added: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SAML11SPRedirectFormAuthenticator.java federation/trunk/picketlink-webapps/sales-saml11/ federation/trunk/picketlink-webapps/sales-saml11/pom.xml federation/trunk/picketlink-webapps/sales-saml11/src/ federation/trunk/picketlink-webapps/sales-saml11/src/main/ federation/trunk/picketlink-webapps/sales-saml11/src/main/resources/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/context.xml federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/context.xml federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/jboss-web.xml federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/lib/ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-handlers.xml federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-idfed.xml federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/web.xml federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/error.jsp federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/index.jsp federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/login.jsp federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/logout.jsp federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/piechart.gif Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java federation/trunk/picketlink-webapps/assembly/bin.xml federation/trunk/picketlink-webapps/pom.xml Log: PLFED-200: SAML 1.1 support for IDP and SP Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-07 13:45:41 UTC (rev 1075) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-07 14:42:13 UTC (rev 1076) @@ -28,6 +28,7 @@ import java.io.File; import java.io.IOException; import java.io.InputStream; +import java.net.URI; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.PublicKey; @@ -52,6 +53,7 @@ import org.apache.catalina.Session; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.util.LifecycleSupport; import org.apache.catalina.valves.ValveBase; import org.apache.log4j.Logger; @@ -100,6 +102,8 @@ import org.picketlink.identity.federation.core.util.SystemPropertiesUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; @@ -416,6 +420,11 @@ session.setNote("SAML11", saml11Assertion); } } + GenericPrincipal genericPrincipal = (GenericPrincipal) userPrincipal; + String[] roles = genericPrincipal.getRoles(); + SAML11AttributeStatementType attributeStatement = this.createAttributeStatement(Arrays.asList(roles)); + saml11Assertion.add(attributeStatement); + //Send it as SAMLResponse String id = IDGenerator.create("ID_"); SAML11ResponseType saml11Response = new SAML11ResponseType(id, XMLTimeUtil.getIssueInstant()); @@ -1140,4 +1149,21 @@ */ response.recycle(); } + + /** + * Given a set of roles, create an attribute statement + * @param roles + * @return + */ + private SAML11AttributeStatementType createAttributeStatement(List<String> roles) + { + SAML11AttributeStatementType attrStatement = new SAML11AttributeStatementType(); + for (String role : roles) + { + SAML11AttributeType attr = new SAML11AttributeType("Role", URI.create("urn:picketlink:role")); + attr.add(role); + attrStatement.add(attr); + } + return attrStatement; + } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-07 13:45:41 UTC (rev 1075) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-07 14:42:13 UTC (rev 1076) @@ -78,9 +78,9 @@ */ public abstract class BaseFormAuthenticator extends FormAuthenticator { - private static Logger log = Logger.getLogger(BaseFormAuthenticator.class); + protected static Logger log = Logger.getLogger(BaseFormAuthenticator.class); - private final boolean trace = log.isTraceEnabled(); + protected final boolean trace = log.isTraceEnabled(); protected SPType spConfiguration = null; Added: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SAML11SPRedirectFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SAML11SPRedirectFormAuthenticator.java (rev 0) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SAML11SPRedirectFormAuthenticator.java 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,155 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.bindings.tomcat.sp; + +import static org.picketlink.identity.federation.core.util.StringUtil.isNotNull; + +import java.io.IOException; +import java.io.InputStream; +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; + +import org.apache.catalina.Session; +import org.apache.catalina.authenticator.Constants; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.deploy.LoginConfig; +import org.picketlink.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType; +import org.picketlink.identity.federation.web.constants.GeneralConstants; +import org.picketlink.identity.federation.web.util.RedirectBindingUtil; +import org.picketlink.identity.federation.web.util.ServerDetector; + +/** + * Authenticator for SAML 1.1 processing at the Service Provider + * @author Anil.Saldhana(a)redhat.com + * @since Jul 7, 2011 + */ +public class SAML11SPRedirectFormAuthenticator extends SPRedirectFormAuthenticator +{ + @Override + public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException + { + String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); + + Principal principal = request.getUserPrincipal(); + + //If we have already authenticated the user and there is no request from IDP or logout from user + if (principal != null) + return true; + + Session session = request.getSessionInternal(true); + + //See if we got a response from IDP + if (isNotNull(samlResponse)) + { + boolean isValid = false; + try + { + isValid = this.validate(request); + } + catch (Exception e) + { + log.error("Exception:", e); + throw new IOException(); + } + if (!isValid) + throw new IOException("Validity check failed"); + + try + { + InputStream base64DecodedResponse = RedirectBindingUtil.base64DeflateDecode(samlResponse); + SAMLParser parser = new SAMLParser(); + SAML11ResponseType saml11Response = (SAML11ResponseType) parser.parse(base64DecodedResponse); + + List<SAML11AssertionType> assertions = saml11Response.get(); + if (assertions.size() > 1) + { + if (trace) + log.trace("More than one assertion from IDP. Considering the first one."); + } + String username = null; + List<String> roles = new ArrayList<String>(); + SAML11AssertionType assertion = assertions.get(0); + if (assertion != null) + { + //Get the subject + List<SAML11StatementAbstractType> statements = assertion.getStatements(); + for (SAML11StatementAbstractType statement : statements) + { + if (statement instanceof SAML11AuthenticationStatementType) + { + SAML11AuthenticationStatementType subStat = (SAML11AuthenticationStatementType) statement; + SAML11SubjectType subject = subStat.getSubject(); + username = subject.getChoice().getNameID().getValue(); + } + } + roles = AssertionUtil.getRoles(assertion, null); + } + + String password = ServiceProviderSAMLContext.EMPTY_PASSWORD; + + //Map to JBoss specific principal + if ((new ServerDetector()).isJboss() || jbossEnv) + { + //Push a context + ServiceProviderSAMLContext.push(username, roles); + principal = context.getRealm().authenticate(username, password); + ServiceProviderSAMLContext.clear(); + } + else + { + //tomcat env + SPUtil spUtil = new SPUtil(); + principal = spUtil.createGenericPrincipal(request, username, roles); + } + + session.setNote(Constants.SESS_USERNAME_NOTE, username); + session.setNote(Constants.SESS_PASSWORD_NOTE, password); + request.setUserPrincipal(principal); + + if (saveRestoreRequest) + { + this.restoreRequest(request, session); + } + register(request, response, principal, Constants.FORM_METHOD, username, password); + + return true; + } + catch (Exception e) + { + log.error("Processing Exception:", e); + } + } + + log.error("Falling back on local Form Authentication if available"); + //fallback + return super.authenticate(request, response, loginConfig); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2011-07-07 13:45:41 UTC (rev 1075) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2011-07-07 14:42:13 UTC (rev 1076) @@ -77,12 +77,10 @@ */ public class SPRedirectFormAuthenticator extends BaseFormAuthenticator { - private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class); + protected static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class); - private final boolean trace = log.isTraceEnabled(); + protected boolean jbossEnv = false; - private boolean jbossEnv = false; - private final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; public SPRedirectFormAuthenticator() Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-07-07 13:45:41 UTC (rev 1075) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-07-07 14:42:13 UTC (rev 1076) @@ -37,7 +37,10 @@ import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; @@ -375,4 +378,51 @@ } return roles; } + + /** + * Given an assertion, return the list of roles it may have + * @param assertion The {@link SAML11AssertionType} + * @param roleKeys a list of string values representing the role keys. The list can be null. + * @return + */ + public static List<String> getRoles(SAML11AssertionType assertion, List<String> roleKeys) + { + List<String> roles = new ArrayList<String>(); + List<SAML11StatementAbstractType> statements = assertion.getStatements(); + for (SAML11StatementAbstractType statement : statements) + { + if (statement instanceof SAML11AttributeStatementType) + { + SAML11AttributeStatementType attributeStatement = (SAML11AttributeStatementType) statement; + List<SAML11AttributeType> attributes = attributeStatement.get(); + for (SAML11AttributeType attr : attributes) + { + if (roleKeys != null && roleKeys.size() > 0) + { + if (!roleKeys.contains(attr.getAttributeName())) + continue; + } + List<Object> attributeValues = attr.get(); + if (attributeValues != null) + { + for (Object attrValue : attributeValues) + { + if (attrValue instanceof String) + { + roles.add((String) attrValue); + } + else if (attrValue instanceof Node) + { + Node roleNode = (Node) attrValue; + roles.add(roleNode.getFirstChild().getNodeValue()); + } + else + throw new RuntimeException("Unknown role object type : " + attrValue); + } + } + } + } + } + return roles; + } } \ No newline at end of file Modified: federation/trunk/picketlink-webapps/assembly/bin.xml =================================================================== --- federation/trunk/picketlink-webapps/assembly/bin.xml 2011-07-07 13:45:41 UTC (rev 1075) +++ federation/trunk/picketlink-webapps/assembly/bin.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -40,6 +40,11 @@ <fileMode>0444</fileMode> </file> <file> + <source>${basedir}/../sales-saml11/target/sales-saml11.war</source> + <outputDirectory>picketlink</outputDirectory> + <fileMode>0444</fileMode> + </file> + <file> <source>${basedir}/../employee-post-sig/target/employee-post-sig.war</source> <outputDirectory>picketlink</outputDirectory> <fileMode>0444</fileMode> Modified: federation/trunk/picketlink-webapps/pom.xml =================================================================== --- federation/trunk/picketlink-webapps/pom.xml 2011-07-07 13:45:41 UTC (rev 1075) +++ federation/trunk/picketlink-webapps/pom.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -32,6 +32,7 @@ <module>sales-post-sig</module> <module>employee-post-sig</module> <module>sales-standalone</module> + <module>sales-saml11</module> <module>employee-standalone</module> <module>circleoftrust</module> <module>idp</module> Added: federation/trunk/picketlink-webapps/sales-saml11/pom.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/pom.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/pom.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,38 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <groupId>org.picketlink</groupId> + <artifactId>picketlink-federation-webapps</artifactId> + <version>2.0.0-SNAPSHOT</version> + <relativePath>../</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <artifactId>sales-saml11</artifactId> + <packaging>war</packaging> + <name>PicketLink Federation Sales</name> + <url>http://labs.jboss.org/portal/picketlink/</url> + <description>PicketLink Samples contains the samples for Federated Identity Needs.</description> + <licenses> + <license> + <name>lgpl</name> + <url>http://repository.jboss.com/licenses/lgpl.txt</url> + </license> + </licenses> + <organization> + <name>JBoss Inc.</name> + <url>http://www.jboss.org</url> + </organization> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-war-plugin</artifactId> + <version>2.0.2</version> + <configuration> + <warName>sales-saml11</warName> + <warSourceExcludes>WEB-INF/lib/*.jar</warSourceExcludes> + </configuration> + </plugin> + </plugins> + </build> +</project> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/pom.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/context.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/context.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/context.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,3 @@ +<Context> + <Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.SAML11SPRedirectFormAuthenticator" /> +</Context> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/META-INF/context.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/context.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/context.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/context.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,5 @@ +<Context> +  + <Valve className="org.apache.catalina.valves.RequestDumperValve" /> + <Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.SAML11SPRedirectFormAuthenticator" /> +</Context> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/context.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/jboss-web.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/jboss-web.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/jboss-web.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="UTF-8"?> +<jboss-web> + <security-domain>sp</security-domain> +</jboss-web> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/jboss-web.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-handlers.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-handlers.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-handlers.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,4 @@ +<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0"> + <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/> + <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/> +</Handlers> \ No newline at end of file Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-handlers.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-idfed.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-idfed.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-idfed.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,4 @@ +<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0" ServerEnvironment="tomcat"> + <IdentityURL>${idp.url::http://localhost:8080/idp/}</IdentityURL> + <ServiceURL>${sales.url::http://localhost:8080/sales/}</ServiceURL> +</PicketLinkSP> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/picketlink-idfed.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/web.xml =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/web.xml (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/web.xml 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<web-app xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" + version="2.5"> + + <display-name>Fedbridge Test SALES Application</display-name> + <description> + Just a Test SP for Fedbridge Project + </description> + +  + <security-constraint> + <web-resource-collection> + <web-resource-name>SALES Application</web-resource-name> + <url-pattern>/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>manager</role-name> + </auth-constraint> + </security-constraint> + +  + <security-constraint> + <web-resource-collection> + <web-resource-name>freezone</web-resource-name> + <url-pattern>/freezone/*</url-pattern> + </web-resource-collection> + </security-constraint> + +  + <login-config> + <auth-method>FORM</auth-method> + <realm-name>Tomcat SALES Application</realm-name> + <form-login-config> + <form-login-page>/jsp/login.jsp</form-login-page> + <form-error-page>/jsp/loginerror.jsp</form-error-page> + </form-login-config> + </login-config> + +  + <security-role> + <description> + The role that is required to log in to the Manager Application + </description> + <role-name>manager</role-name> + </security-role> +</web-app> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/WEB-INF/web.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/error.jsp =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/error.jsp (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/error.jsp 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,12 @@ +<html> <head> <title>Error!</title></head> +<body> + +<font size='4' color='red'> + The username and password you supplied are not valid. +</p> +Click <a href='<%= response.encodeURL("login.jsp") %>'>here</a> +to retry login + +</body> +</form> +</html> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/error.jsp ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/index.jsp =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/index.jsp (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/index.jsp 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,13 @@ +<div align="center"> +<h1>SalesTool</h1> +<br/> +Welcome to the Sales Tool, <%=request.getUserPrincipal().getName()%> + +<br/> +Here is your sales chart: +<br/> +<img src="piechart.gif"/> + +<br/> + +</div> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/index.jsp ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/login.jsp =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/login.jsp (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/login.jsp 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1,16 @@ +<html><head><title>Login Page</title></head> +<body> +<font size='5' color='blue'>Please Login</font><hr> + +<form action='j_security_check' method='post'> +<table> + <tr><td>Name:</td> + <td><input type='text' name='j_username'></td></tr> + <tr><td>Password:</td> + <td><input type='password' name='j_password' size='8'></td> + </tr> +</table> +<br> + <input type='submit' value='login'> +</form></body> + </html> Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/login.jsp ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/logout.jsp =================================================================== --- federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/logout.jsp (rev 0) +++ federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/logout.jsp 2011-07-07 14:42:13 UTC (rev 1076) @@ -0,0 +1 @@ +You are logged out. Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/logout.jsp ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/piechart.gif =================================================================== (Binary files differ) Property changes on: federation/trunk/picketlink-webapps/sales-saml11/src/main/webapp/piechart.gif ___________________________________________________________________ Added: svn:executable + * Added: svn:mime-type + application/octet-stream

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1075 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-07-07 09:45:41 -0400 (Thu, 07 Jul 2011) New Revision: 1075 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java Log: remove commented code Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-07 01:04:03 UTC (rev 1074) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-07 13:45:41 UTC (rev 1075) @@ -357,7 +357,6 @@ } else { - //TODO: PLFED-193 String target = request.getParameter(SAML11Constants.TARGET); if (isNotNull(target)) { @@ -380,19 +379,6 @@ dispatch.forward(request.getRequest(), response); } } - /*log.error("No SAML Request or Response Message"); - if (trace) - log.trace("Referer=" + referer); - - try - { - sendErrorResponseToSP(referer, response, relayState, webRequestUtil); - } - catch (ConfigurationException e) - { - if (trace) - log.trace(e); - }*/ } } }

13 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits July 2011