August 2011 - picketlink-commits - Jboss List Archives

Picketlink SVN: r1174 - in product/trunk/picketlink-core/src: main/java/org/picketlink/identity/federation/api/saml/v2/response and 27 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 23:13:45 -0400 (Wed, 10 Aug 2011) New Revision: 1174 Added: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java product/trunk/picketlink-core/src/test/java/org/picketlink/ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java Log: Merging r1159 through r1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132,1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1158 /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1155-1158 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1158 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1144-1154,1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1158 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1144-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -53,6 +53,7 @@ import org.apache.catalina.Session; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.util.LifecycleSupport; import org.apache.catalina.valves.ValveBase; @@ -122,6 +123,7 @@ import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder; import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil; import org.picketlink.identity.federation.web.util.RedirectBindingUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -166,6 +168,11 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; /** + * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider} + */ + protected SAMLConfigurationProvider configProvider = null; + + /** * If the user wants to set a particular {@link IdentityParticipantStack} */ protected String identityParticipantStack = null; @@ -185,6 +192,23 @@ } } + public void setConfigProvider(String cp) + { + if (cp == null) + throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp); + Class<?> clazz = SecurityActions.loadClass(getClass(), cp); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp); + try + { + configProvider = (SAMLConfigurationProvider) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage()); + } + } + public Boolean getIgnoreIncomingSignatures() { return ignoreIncomingSignatures; @@ -961,6 +985,7 @@ if (StringUtil.isNullOrEmpty(samlHandlerChainClass)) chain = SAML2HandlerChainFactory.createChain(); else + { try { chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass); @@ -969,16 +994,44 @@ { throw new LifecycleException(e1); } + } + //Work on the IDP Configuration + if (configProvider != null) + { + try + { + idpConfiguration = configProvider.getIDPConfiguration(); + } + catch (ProcessingException e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION + e.getLocalizedMessage()); + } + } + String configFile = GeneralConstants.CONFIG_FILE_LOCATION; context = (Context) getContainer(); - InputStream is = context.getServletContext().getResourceAsStream(configFile); - if (is == null) - throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile); + if (idpConfiguration == null) + { + + InputStream is = context.getServletContext().getResourceAsStream(configFile); + if (is == null) + throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile); + + try + { + idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); + } + catch (ParsingException e) + { + if (trace) + log.trace(e); + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } try { - idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); this.identityURL = idpConfiguration.getIdentityURL(); if (trace) log.trace("Identity Provider URL=" + this.identityURL); @@ -1001,7 +1054,7 @@ } catch (Exception e) { - throw new RuntimeException(e); + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); } //Ensure that the Core STS has the SAML20 Token Provider @@ -1097,18 +1150,10 @@ identityServer.setStack((IdentityParticipantStack) clazz.newInstance()); } - catch (ClassNotFoundException e) + catch (Exception e) { log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); } - catch (InstantiationException e) - { - log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } - catch (IllegalAccessException e) - { - log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } } } } @@ -1159,6 +1204,24 @@ response.recycle(); } + protected String determineLoginType(boolean isSecure) + { + String result = JBossSAMLURIConstants.AC_PASSWORD.get(); + LoginConfig loginConfig = context.getLoginConfig(); + if (loginConfig != null) + { + String auth = loginConfig.getAuthMethod(); + if (StringUtil.isNotNull(auth)) + { + if ("CLIENT-CERT".equals(auth)) + result = JBossSAMLURIConstants.AC_TLS_CLIENT.get(); + else if (isSecure) + result = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get(); + } + } + return result; + } + /** * Given a set of roles, create an attribute statement * @param roles @@ -1175,4 +1238,4 @@ } return attrStatement; } -} \ No newline at end of file +} Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1158 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1138-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -75,6 +75,7 @@ import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.util.ConfigurationUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -123,6 +124,11 @@ protected final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; /** + * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider} + */ + protected SAMLConfigurationProvider configProvider = null; + + /** * Servlet3 related changes forced Tomcat to change the authenticate method * signature in the FormAuthenticator. For now, we use reflection for forward * compatibility. This has to be changed in future. @@ -166,6 +172,23 @@ this.saveRestoreRequest = saveRestoreRequest; } + public void setConfigProvider(String cp) + { + if (cp == null) + throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp); + Class<?> clazz = SecurityActions.loadClass(getClass(), cp); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp); + try + { + configProvider = (SAMLConfigurationProvider) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage()); + } + } + /** * Set a separate issuer id * @param issuerID @@ -365,7 +388,14 @@ throw new RuntimeException(ErrorCodes.SERVICE_PROVIDER_CONF_FILE_MISSING + configFile); try { - spConfiguration = ConfigurationUtil.getSPConfiguration(is); + if (configProvider != null) + { + spConfiguration = configProvider.getSPConfiguration(); + } + else + { + spConfiguration = ConfigurationUtil.getSPConfiguration(is); + } if (StringUtil.isNotNull(spConfiguration.getIdpMetadataFile())) { Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -37,6 +37,8 @@ import org.picketlink.identity.federation.core.interfaces.TrustKeyManager; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.util.CoreConfigUtil; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor; import org.w3c.dom.Document; /** @@ -51,26 +53,17 @@ private final boolean trace = log.isTraceEnabled(); + protected String idpAddress = null; + /** - * Flag to indicate whether we want to sign the assertions + * If the request.getRemoteAddr is not exactly the IDP address that you have keyed + * in your deployment descriptor for keystore alias, you can set it here explicitly */ - protected boolean signAssertions = false; - - public SPPostSignatureFormAuthenticator() + public void setIdpAddress(String idpAddress) { - this.validateSignature = true; + this.idpAddress = idpAddress; } - public boolean isSignAssertions() - { - return signAssertions; - } - - public void setSignAssertions(boolean signAssertions) - { - this.signAssertions = signAssertions; - } - @Override public void start() throws LifecycleException { @@ -95,6 +88,16 @@ List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); keyManager.setAuthProperties(authProperties); keyManager.setValidatingAlias(keyProvider.getValidatingAlias()); + + /** + * Since the user has explicitly configured the idp address, we need + * to add an option on the keymanager such that users of keymanager + * can choose the proper idp key for validation + */ + if (StringUtil.isNotNull(idpAddress)) + { + keyManager.addAdditionalOption(ServiceProviderBaseProcessor.IDP_KEY, this.idpAddress); + } } catch (Exception e) { Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -22,7 +22,6 @@ package org.picketlink.identity.federation.bindings.tomcat.sp; import java.security.Principal; -import java.util.ArrayList; import java.util.List; import org.apache.catalina.Context; @@ -32,20 +31,7 @@ import org.picketlink.identity.federation.core.ErrorCodes; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; -import org.picketlink.identity.federation.core.saml.v2.common.StatementLocal; -import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; -import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; -import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; -import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType; -import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; -import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; -import org.picketlink.identity.federation.saml.v2.protocol.StatusType; /** * Common code useful for a SP @@ -73,62 +59,6 @@ return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL); } - /** - * Handle the SAMLResponse from the IDP - * @param request entire request from IDP - * @param responseType ResponseType that has been generated - * @param serverEnvironment tomcat,jboss etc - * @return - * @throws AssertionExpiredException - */ - public Principal handleSAMLResponse(Request request, ResponseType responseType) throws ConfigurationException, - AssertionExpiredException - { - if (request == null) - throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "request"); - if (responseType == null) - throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "response type"); - - StatusType statusType = responseType.getStatus(); - if (statusType == null) - throw new IllegalArgumentException(ErrorCodes.NULL_VALUE + "Status Type from the IDP"); - - String statusValue = statusType.getStatusCode().getValue().toASCIIString(); - if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) - throw new SecurityException(ErrorCodes.IDP_AUTH_FAILED); - - List<RTChoiceType> assertions = responseType.getAssertions(); - if (assertions.size() == 0) - throw new IllegalStateException(ErrorCodes.NULL_VALUE + "No assertions in reply from IDP"); - - AssertionType assertion = assertions.get(0).getAssertion(); - //Check for validity of assertion - boolean expiredAssertion = AssertionUtil.hasExpired(assertion); - if (expiredAssertion) - throw new AssertionExpiredException(); - - SubjectType subject = assertion.getSubject(); - - //JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0); - NameIDType nameID = (NameIDType) subject.getSubType().getBaseID(); - String userName = nameID.getValue(); - List<String> roles = new ArrayList<String>(); - - //Set it on a thread local for JBID integrators - StatementLocal.statements.set(assertion.getStatements()); - - //Let us get the roles - AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next(); - List<ASTChoiceType> attList = attributeStatement.getAttributes(); - for (ASTChoiceType obj : attList) - { - AttributeType attr = obj.getAttribute(); - String roleName = (String) attr.getAttributeValue().get(0); - roles.add(roleName); - } - return this.createGenericPrincipal(request, userName, roles); - } - public Principal createGenericPrincipal(Request request, String username, List<String> roles) { Context ctx = request.getContext(); Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -21,6 +21,9 @@ */ package org.picketlink.identity.federation.core.config; +import java.util.HashMap; +import java.util.Map; + import javax.xml.crypto.dsig.CanonicalizationMethod; /** @@ -60,7 +63,6 @@ */ public class ProviderType { - protected String identityURL; protected TrustType trust; @@ -73,6 +75,8 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; + protected Map<String, Object> additionalOptions = new HashMap<String, Object>(); + /** * Gets the value of the identityURL property. * @@ -236,4 +240,32 @@ this.canonicalizationMethod = canonicalizationMethod; } + /** + * Add an option + * @param key + * @param value + */ + public void addAdditionalOption(String key, Object value) + { + additionalOptions.put(key, value); + } + + /** + * Remove an option + * @param key + */ + public void removeAdditionalOption(String key) + { + additionalOptions.remove(key); + } + + /** + * Get option + * @param key + * @return + */ + public Object getAdditionalOption(String key) + { + return additionalOptions.get(key); + } } \ No newline at end of file Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1095-1096,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1095-1096,1098-1134,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1133-1137,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1098-1134,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1144-1145,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1144-1147,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -34,6 +34,8 @@ //Define some constants String ASSERTION_CONSUMER_URL = "ASSERTION_CONSUMER_URL"; + String CLOCK_SKEW_MILIS = "CLOCK_SKEW_MILIS"; + String DISABLE_AUTHN_STATEMENT = "DISABLE_AUTHN_STATEMENT"; String DISABLE_SENDING_ROLES = "DISABLE_SENDING_ROLES"; Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1098-1110,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/util:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -285,6 +285,44 @@ } /** + * Verify whether the assertion has expired. + * You can add in a clock skew to adapt to conditions where in the IDP + * and SP are out of sync. + * + * @param assertion + * @param clockSkewInMilis in miliseconds + * @return + * @throws ConfigurationException + */ + public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException + { + boolean expiry = false; + + //Check for validity of assertion + ConditionsType conditionsType = assertion.getConditions(); + if (conditionsType != null) + { + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); + XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); + XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); + XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); + + if (trace) + log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + + notOnOrAfter); + expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); + if (expiry) + { + log.info("Assertion has expired with id=" + assertion.getID()); + } + } + + //TODO: if conditions do not exist, assume the assertion to be everlasting? + return expiry; + } + + /** * Check whether the assertion has expired * @param assertion * @return @@ -316,6 +354,44 @@ } /** + * Verify whether the assertion has expired. + * You can add in a clock skew to adapt to conditions where in the IDP + * and SP are out of sync. + * + * @param assertion + * @param clockSkewInMilis in miliseconds + * @return + * @throws ConfigurationException + */ + public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException + { + boolean expiry = false; + + //Check for validity of assertion + SAML11ConditionsType conditionsType = assertion.getConditions(); + if (conditionsType != null) + { + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); + XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); + XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); + XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); + + if (trace) + log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + + notOnOrAfter); + expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); + if (expiry) + { + log.info("Assertion has expired with id=" + assertion.getID()); + } + } + + //TODO: if conditions do not exist, assume the assertion to be everlasting? + return expiry; + } + + /** * Extract the expiration time from an {@link AssertionType} * @param assertion * @return Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1133-1137,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1095-1109,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1095-1096,1098-1134,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLMetadataWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1098-1109,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1098-1109,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util:1098-1111,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util:1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -44,6 +44,8 @@ { protected static Logger log = Logger.getLogger(IDFedLSInputResolver.class); + protected static boolean trace = log.isTraceEnabled(); + private static Map<String, LSInput> lsmap = new HashMap<String, LSInput>(); private static Map<String, String> schemaLocationMap = new LinkedHashMap<String, String>(); @@ -116,104 +118,137 @@ public LSInput resolveResource(String type, String namespaceURI, final String publicId, final String systemId, final String baseURI) { + LSInput lsi = null; if (systemId == null) throw new RuntimeException(ErrorCodes.NULL_VALUE + "systemid"); - LSInput lsi = lsmap.get(systemId); + if (StringUtil.isNotNull(systemId) && systemId.endsWith("dtd") && StringUtil.isNotNull(baseURI)) + { + lsi = lsmap.get(baseURI); + } if (lsi == null) + lsi = lsmap.get(systemId); + if (lsi == null) { final String loc = schemaLocationMap.get(systemId); if (loc == null) return null; - lsi = new LSInput() - { - public String getBaseURI() - { - return baseURI; - } + lsi = new PicketLinkLSInput(baseURI, loc, publicId, systemId); - public InputStream getByteStream() - { - URL url = SecurityActions.loadResource(getClass(), loc); - InputStream is; - try - { - is = url.openStream(); - } - catch (IOException e) - { - throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + loc); - } - if (is == null) - throw new RuntimeException(ErrorCodes.NULL_VALUE + "inputstream is null for " + loc); - return is; - } + if (trace) + log.trace("Loaded:" + lsi); + lsmap.put(systemId, lsi); + } + return lsi; + } - public boolean getCertifiedText() - { - return false; - } + public static class PicketLinkLSInput implements LSInput + { + private final String baseURI; - public Reader getCharacterStream() - { - return null; - } + private final String loc; - public String getEncoding() - { - return null; - } + private final String publicId; - public String getPublicId() - { - return publicId; - } + private final String systemId; - public String getStringData() - { - return null; - } + public PicketLinkLSInput(String baseURI, String loc, String publicID, String systemID) + { + this.baseURI = baseURI; + this.loc = loc; + this.publicId = publicID; + this.systemId = systemID; + } - public String getSystemId() - { - return systemId; - } + public String getBaseURI() + { + return baseURI; + } - public void setBaseURI(String baseURI) - { - } + public InputStream getByteStream() + { + URL url = SecurityActions.loadResource(getClass(), loc); + InputStream is; + try + { + is = url.openStream(); + } + catch (IOException e) + { + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + loc); + } + if (is == null) + throw new RuntimeException(ErrorCodes.NULL_VALUE + "inputstream is null for " + loc); + return is; + } - public void setByteStream(InputStream byteStream) - { - } + public boolean getCertifiedText() + { + return false; + } - public void setCertifiedText(boolean certifiedText) - { - } + public Reader getCharacterStream() + { + return null; + } - public void setCharacterStream(Reader characterStream) - { - } + public String getEncoding() + { + return null; + } - public void setEncoding(String encoding) - { - } + public String getPublicId() + { + return publicId; + } - public void setPublicId(String publicId) - { - } + public String getStringData() + { + return null; + } - public void setStringData(String stringData) - { - } + public String getSystemId() + { + return systemId; + } - public void setSystemId(String systemId) - { - } - }; + public void setBaseURI(String baseURI) + { + } - lsmap.put(systemId, lsi); + public void setByteStream(InputStream byteStream) + { } - return lsi; + + public void setCertifiedText(boolean certifiedText) + { + } + + public void setCharacterStream(Reader characterStream) + { + } + + public void setEncoding(String encoding) + { + } + + public void setPublicId(String publicId) + { + } + + public void setStringData(String stringData) + { + } + + public void setSystemId(String systemId) + { + } + + @Override + public String toString() + { + return "PicketLinkLSInput [baseURI=" + baseURI + ", loc=" + loc + ", publicId=" + publicId + ", systemId=" + + systemId + "]"; + } } } \ No newline at end of file Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -132,7 +132,7 @@ { URL url = SecurityActions.loadResource(JAXPValidationUtil.class, schema); if (url == null) - throw new RuntimeException(ErrorCodes.NULL_VALUE + "schema url"); + throw new RuntimeException(ErrorCodes.NULL_VALUE + "schema url:" + schema); sourceArr[i++] = new StreamSource(url.openStream()); } return sourceArr; @@ -166,7 +166,10 @@ if (trace) { - builder.append("[").append(sax.getLineNumber()).append(",").append(sax.getColumnNumber()).append("]"); + builder.append("[line:").append(sax.getLineNumber()).append(",").append("::col=") + .append(sax.getColumnNumber()).append("]"); + builder.append("[publicID:").append(sax.getPublicId()).append(",systemId=").append(sax.getSystemId()) + .append("]"); builder.append(":").append(sax.getLocalizedMessage()); log.trace(builder.toString()); } Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1098-1111,1133-1137,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1098-1110,1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1098-1134,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/EntityDescriptorType.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1095-1096,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/ExtensionsType.java:1152-1173 Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1095-1096,1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/saml/v2/metadata/RoleDescriptorType.java:1152-1173 Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java (from rev 1173, federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java) =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java (rev 0) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -0,0 +1,104 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.config; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +import org.picketlink.identity.federation.core.ErrorCodes; +import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; +import org.picketlink.identity.federation.core.config.TrustType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; + +/** + * A properties file based {@link SAMLConfigurationProvider}. + * For the IDP configuration, a idp_config.properties is expected. + * For the SP configuration, a sp_config.properties is expected. + * + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public class PropertiesConfigurationProvider implements SAMLConfigurationProvider +{ + public static final String IDP_FILE = "idp_config.properties"; + + public static final String SP_FILE = "sp_config.properties"; + + public IDPType getIDPConfiguration() throws ProcessingException + { + InputStream is = SecurityActions.loadStream(getClass(), IDP_FILE); + if (is == null) + throw new IllegalStateException(ErrorCodes.NULL_VALUE + IDP_FILE); + Properties props = new Properties(); + try + { + props.load(is); + } + catch (IOException e) + { + throw new ProcessingException(e); + } + IDPType idp = new IDPType(); + idp.setIdentityURL(props.getProperty("idp.url")); + String domains = props.getProperty("domains"); + if (StringUtil.isNotNull(domains)) + { + TrustType trustType = new TrustType(); + trustType.setDomains(domains); + idp.setTrust(trustType); + } + + return idp; + } + + public SPType getSPConfiguration() throws ProcessingException + { + InputStream is = SecurityActions.loadStream(getClass(), SP_FILE); + if (is == null) + throw new IllegalStateException(ErrorCodes.NULL_VALUE + SP_FILE); + Properties props = new Properties(); + try + { + props.load(is); + } + catch (IOException e) + { + throw new ProcessingException(e); + } + SPType sp = new SPType(); + sp.setIdentityURL(props.getProperty("idp.url")); + sp.setServiceURL("service.url"); + String domains = props.getProperty("domains"); + if (StringUtil.isNotNull(domains)) + { + TrustType trustType = new TrustType(); + trustType.setDomains(domains); + sp.setTrust(trustType); + } + + return sp; + } +} \ No newline at end of file Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java (from rev 1173, federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java) =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java (rev 0) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -0,0 +1,88 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.config; + +import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * Privileged Blocks + * @author Anil.Saldhana(a)redhat.com + * @since Dec 9, 2008 + */ +class SecurityActions +{ + static InputStream loadStream(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<InputStream>() + { + public InputStream run() + { + ClassLoader classLoader = theClass.getClassLoader(); + InputStream is = classLoader.getResourceAsStream(fqn); + if (is == null) + { + is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fqn); + } + return is; + } + }); + } + + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } +} \ No newline at end of file Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -48,6 +48,8 @@ String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml"; + String CONFIG_PROVIDER = "CONFIG_PROVIDER"; + String LOCAL_LOGOUT = "LLO"; String GLOBAL_LOGOUT = "GLO"; @@ -70,13 +72,13 @@ String NAMEID_FORMAT = "NAMEID_FORMAT"; - String PRINCIPAL_ID = "jboss_identity.principal"; + String PRINCIPAL_ID = "picketlink.principal"; String RELAY_STATE = "RelayState"; String ROLES = "ROLES"; - String ROLES_ID = "jboss_identity.roles"; + String ROLES_ID = "picketlink.roles"; String ROLE_GENERATOR = "ROLE_GENERATOR"; Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java:1138-1141,1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -163,7 +163,7 @@ HttpSession session = request.getSession(); - Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);; + Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID); String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); @@ -358,9 +358,8 @@ } catch (Exception e) { - if (trace) - log.trace("Server Exception:", e); - throw new ServletException(ErrorCodes.SERVICE_PROVIDER_SERVER_EXCEPTION + "Server Exception"); + log.error("Server Exception:", e); + throw new ServletException(ErrorCodes.SERVICE_PROVIDER_SERVER_EXCEPTION); } } Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2 ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1158 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1158 + /federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173 /federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1159-1173 /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173 /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1173 /federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1152-1154,1159-1173 /federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2:1144-1147,1152-1173 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -87,12 +87,13 @@ * * * Configuration Options: + * @see SAML2Handler#CLOCK_SKEW_MILIS: a milisecond value sets a skew for checking the validity of assertion (SP Setting) * @see SAML2Handler#DISABLE_AUTHN_STATEMENT Setting a value will disable the generation of an AuthnStatement (IDP Setting) * @see SAML2Handler#DISABLE_SENDING_ROLES Setting any value will disable the generation and return of roles to SP (IDP Setting) * @see SAML2Handler#DISABLE_ROLE_PICKING Setting to true will disable picking IDP attribute statements (SP Setting) * @see SAML2Handler#ROLE_KEY a csv list of strings that represent the roles coming from IDP (SP Setting) * @see GeneralConstants#NAMEID_FORMAT Setting to a value will provide the nameid format to be sent to IDP (SP Setting) - * @see SAML2Handler#ASSERTION_CONSUMER_URL: the url to be used for assertionConsumerURL + * @see SAML2Handler#ASSERTION_CONSUMER_URL: the url to be used for assertionConsumerURL (SP Setting) * * * @author Anil.Saldhana(a)redhat.com @@ -460,7 +461,14 @@ boolean expiredAssertion; try { - expiredAssertion = AssertionUtil.hasExpired(assertion); + String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); + if (StringUtil.isNotNull(skew)) + { + long skewMilis = Long.parseLong(skew); + expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); + } + else + expiredAssertion = AssertionUtil.hasExpired(assertion); } catch (ConfigurationException e) { Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -91,6 +91,7 @@ import org.picketlink.identity.federation.web.util.IDPWebRequestUtil; import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder; import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -147,18 +148,44 @@ super.init(config); String configFile = GeneralConstants.CONFIG_FILE_LOCATION; + String configProviderStr = config.getInitParameter(GeneralConstants.CONFIG_PROVIDER); + if (StringUtil.isNotNull(configProviderStr)) + { + Class<?> clazz = SecurityActions.loadClass(getClass(), configProviderStr); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + configProviderStr); + try + { + idpConfiguration = ((SAMLConfigurationProvider) clazz.newInstance()).getIDPConfiguration(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } context = config.getServletContext(); - InputStream is = context.getResourceAsStream(configFile); - if (is == null) - throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing"); + if (idpConfiguration == null) + { + InputStream is = context.getResourceAsStream(configFile); + if (is == null) + throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing"); + try + { + idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); + } + catch (ParsingException e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } + //Get the chain from config chain = new DefaultSAML2HandlerChain(); try { - idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); this.identityURL = idpConfiguration.getIdentityURL(); log.trace("Identity Provider URL=" + this.identityURL); this.assertionValidity = idpConfiguration.getAssertionValidity(); Copied: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java (from rev 1173, federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java) =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java (rev 0) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -0,0 +1,48 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.util; + +import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; + +/** + * Returns configuration for an IDP or SP + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public interface SAMLConfigurationProvider +{ + /** + * Get the {@link IDPType} configuration + * @return + * @throws ProcessingException + */ + IDPType getIDPConfiguration() throws ProcessingException; + + /** + * Get the {@l SPType} configuration + * @return + * @throws ProcessingException + */ + SPType getSPConfiguration() throws ProcessingException; +} \ No newline at end of file Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154 + /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink:1152-1154,1159-1173 Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154 + /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1137 /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1152-1154,1159-1173 Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml ___________________________________________________________________ Modified: svn:mergeinfo - /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154 + /federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml:1098-1110,1152-1154,1159-1173 Modified: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java =================================================================== --- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-08-11 02:49:53 UTC (rev 1173) +++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-08-11 03:13:45 UTC (rev 1174) @@ -22,6 +22,7 @@ package org.picketlink.test.identity.federation.core.saml.v2.util; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -91,6 +92,28 @@ } @Test + public void testExpiredAssertionWithClockSkew() throws Exception + { + NameIDType nameIdType = new NameIDType(); + nameIdType.setValue("somename"); + + AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant()); + assertion.setIssuer(nameIdType); + + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + + XMLGregorianCalendar sometimeAgo = XMLTimeUtil.subtract(now, 55555); + + ConditionsType conditions = new ConditionsType(); + conditions.setNotBefore(XMLTimeUtil.subtract(now, 55575)); + conditions.setNotOnOrAfter(sometimeAgo); + assertion.setConditions(conditions); + + assertFalse(AssertionUtil.hasExpired(assertion, 60000)); + assertTrue(AssertionUtil.hasExpired(assertion, 600)); + } + + @Test public void testRoleExtraction() throws Exception { String file = "parser/saml2/saml2-response-assertion-subject.xml";

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1173 - federation/trunk/parent.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 22:49:53 -0400 (Wed, 10 Aug 2011) New Revision: 1173 Modified: federation/trunk/parent/pom.xml Log: add javadoc plugin Modified: federation/trunk/parent/pom.xml =================================================================== --- federation/trunk/parent/pom.xml 2011-08-10 20:08:15 UTC (rev 1172) +++ federation/trunk/parent/pom.xml 2011-08-11 02:49:53 UTC (rev 1173) @@ -32,7 +32,7 @@ <plugin> <artifactId>maven-release-plugin</artifactId> <configuration> - <tagBase>https://svn.jboss.org/repos/jbossidentity/migration/picketlink/federation...</tagBase> + <tagBase>https://svn.jboss.org/repos/picketlink/federation/tags</tagBase> </configuration> </plugin> </plugins> @@ -58,6 +58,11 @@ <artifactId>maven-antrun-plugin</artifactId> <version>1.4</version> </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <version>2.8</version> + </plugin> </plugins> </pluginManagement> </build>

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1172 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 16:08:15 -0400 (Wed, 10 Aug 2011) New Revision: 1172 Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java Log: fix jdoc Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-10 16:56:04 UTC (rev 1171) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-10 20:08:15 UTC (rev 1172) @@ -93,7 +93,7 @@ * @see SAML2Handler#DISABLE_ROLE_PICKING Setting to true will disable picking IDP attribute statements (SP Setting) * @see SAML2Handler#ROLE_KEY a csv list of strings that represent the roles coming from IDP (SP Setting) * @see GeneralConstants#NAMEID_FORMAT Setting to a value will provide the nameid format to be sent to IDP (SP Setting) - * @see SAML2Handler#ASSERTION_CONSUMER_URL: the url to be used for assertionConsumerURL + * @see SAML2Handler#ASSERTION_CONSUMER_URL: the url to be used for assertionConsumerURL (SP Setting) * * * @author Anil.Saldhana(a)redhat.com

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1171 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 12:56:04 -0400 (Wed, 10 Aug 2011) New Revision: 1171 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java Log: PLFED-222: skew in expiration of assertions Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-08-10 16:43:53 UTC (rev 1170) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/interfaces/SAML2Handler.java 2011-08-10 16:56:04 UTC (rev 1171) @@ -34,6 +34,8 @@ //Define some constants String ASSERTION_CONSUMER_URL = "ASSERTION_CONSUMER_URL"; + String CLOCK_SKEW_MILIS = "CLOCK_SKEW_MILIS"; + String DISABLE_AUTHN_STATEMENT = "DISABLE_AUTHN_STATEMENT"; String DISABLE_SENDING_ROLES = "DISABLE_SENDING_ROLES"; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-08-10 16:43:53 UTC (rev 1170) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-08-10 16:56:04 UTC (rev 1171) @@ -285,6 +285,44 @@ } /** + * Verify whether the assertion has expired. + * You can add in a clock skew to adapt to conditions where in the IDP + * and SP are out of sync. + * + * @param assertion + * @param clockSkewInMilis in miliseconds + * @return + * @throws ConfigurationException + */ + public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException + { + boolean expiry = false; + + //Check for validity of assertion + ConditionsType conditionsType = assertion.getConditions(); + if (conditionsType != null) + { + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); + XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); + XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); + XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); + + if (trace) + log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + + notOnOrAfter); + expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); + if (expiry) + { + log.info("Assertion has expired with id=" + assertion.getID()); + } + } + + //TODO: if conditions do not exist, assume the assertion to be everlasting? + return expiry; + } + + /** * Check whether the assertion has expired * @param assertion * @return @@ -316,6 +354,44 @@ } /** + * Verify whether the assertion has expired. + * You can add in a clock skew to adapt to conditions where in the IDP + * and SP are out of sync. + * + * @param assertion + * @param clockSkewInMilis in miliseconds + * @return + * @throws ConfigurationException + */ + public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException + { + boolean expiry = false; + + //Check for validity of assertion + SAML11ConditionsType conditionsType = assertion.getConditions(); + if (conditionsType != null) + { + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); + XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); + XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); + XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); + + if (trace) + log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + + notOnOrAfter); + expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); + if (expiry) + { + log.info("Assertion has expired with id=" + assertion.getID()); + } + } + + //TODO: if conditions do not exist, assume the assertion to be everlasting? + return expiry; + } + + /** * Extract the expiration time from an {@link AssertionType} * @param assertion * @return Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-08-10 16:43:53 UTC (rev 1170) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-08-10 16:56:04 UTC (rev 1171) @@ -22,6 +22,7 @@ package org.picketlink.test.identity.federation.core.saml.v2.util; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -91,6 +92,28 @@ } @Test + public void testExpiredAssertionWithClockSkew() throws Exception + { + NameIDType nameIdType = new NameIDType(); + nameIdType.setValue("somename"); + + AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant()); + assertion.setIssuer(nameIdType); + + XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); + + XMLGregorianCalendar sometimeAgo = XMLTimeUtil.subtract(now, 55555); + + ConditionsType conditions = new ConditionsType(); + conditions.setNotBefore(XMLTimeUtil.subtract(now, 55575)); + conditions.setNotOnOrAfter(sometimeAgo); + assertion.setConditions(conditions); + + assertFalse(AssertionUtil.hasExpired(assertion, 60000)); + assertTrue(AssertionUtil.hasExpired(assertion, 600)); + } + + @Test public void testRoleExtraction() throws Exception { String file = "parser/saml2/saml2-response-assertion-subject.xml"; Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-10 16:43:53 UTC (rev 1170) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-08-10 16:56:04 UTC (rev 1171) @@ -87,6 +87,7 @@ * * * Configuration Options: + * @see SAML2Handler#CLOCK_SKEW_MILIS: a milisecond value sets a skew for checking the validity of assertion (SP Setting) * @see SAML2Handler#DISABLE_AUTHN_STATEMENT Setting a value will disable the generation of an AuthnStatement (IDP Setting) * @see SAML2Handler#DISABLE_SENDING_ROLES Setting any value will disable the generation and return of roles to SP (IDP Setting) * @see SAML2Handler#DISABLE_ROLE_PICKING Setting to true will disable picking IDP attribute statements (SP Setting) @@ -466,7 +467,14 @@ boolean expiredAssertion; try { - expiredAssertion = AssertionUtil.hasExpired(assertion); + String skew = (String) handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS); + if (StringUtil.isNotNull(skew)) + { + long skewMilis = Long.parseLong(skew); + expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis); + } + else + expiredAssertion = AssertionUtil.hasExpired(assertion); } catch (ConfigurationException e) {

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1170 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 12:43:53 -0400 (Wed, 10 Aug 2011) New Revision: 1170 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java Log: PLFED-220: Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-10 16:42:40 UTC (rev 1169) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2011-08-10 16:43:53 UTC (rev 1170) @@ -37,6 +37,8 @@ import org.picketlink.identity.federation.core.interfaces.TrustKeyManager; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.util.CoreConfigUtil; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor; import org.w3c.dom.Document; /** @@ -51,26 +53,17 @@ private final boolean trace = log.isTraceEnabled(); + protected String idpAddress = null; + /** - * Flag to indicate whether we want to sign the assertions + * If the request.getRemoteAddr is not exactly the IDP address that you have keyed + * in your deployment descriptor for keystore alias, you can set it here explicitly */ - protected boolean signAssertions = false; - - public SPPostSignatureFormAuthenticator() + public void setIdpAddress(String idpAddress) { - this.validateSignature = true; + this.idpAddress = idpAddress; } - public boolean isSignAssertions() - { - return signAssertions; - } - - public void setSignAssertions(boolean signAssertions) - { - this.signAssertions = signAssertions; - } - @Override public void start() throws LifecycleException { @@ -95,6 +88,16 @@ List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider); keyManager.setAuthProperties(authProperties); keyManager.setValidatingAlias(keyProvider.getValidatingAlias()); + + /** + * Since the user has explicitly configured the idp address, we need + * to add an option on the keymanager such that users of keymanager + * can choose the proper idp key for validation + */ + if (StringUtil.isNotNull(idpAddress)) + { + keyManager.addAdditionalOption(ServiceProviderBaseProcessor.IDP_KEY, this.idpAddress); + } } catch (Exception e) {

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1169 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 12:42:40 -0400 (Wed, 10 Aug 2011) New Revision: 1169 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java Log: remove redundant method Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2011-08-10 16:42:15 UTC (rev 1168) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPUtil.java 2011-08-10 16:42:40 UTC (rev 1169) @@ -22,7 +22,6 @@ package org.picketlink.identity.federation.bindings.tomcat.sp; import java.security.Principal; -import java.util.ArrayList; import java.util.List; import org.apache.catalina.Context; @@ -32,20 +31,7 @@ import org.picketlink.identity.federation.core.ErrorCodes; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; -import org.picketlink.identity.federation.core.saml.v2.common.StatementLocal; -import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; -import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; -import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; -import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType; -import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; -import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; -import org.picketlink.identity.federation.saml.v2.protocol.StatusType; /** * Common code useful for a SP @@ -73,62 +59,6 @@ return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL); } - /** - * Handle the SAMLResponse from the IDP - * @param request entire request from IDP - * @param responseType ResponseType that has been generated - * @param serverEnvironment tomcat,jboss etc - * @return - * @throws AssertionExpiredException - */ - public Principal handleSAMLResponse(Request request, ResponseType responseType) throws ConfigurationException, - AssertionExpiredException - { - if (request == null) - throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "request"); - if (responseType == null) - throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "response type"); - - StatusType statusType = responseType.getStatus(); - if (statusType == null) - throw new IllegalArgumentException(ErrorCodes.NULL_VALUE + "Status Type from the IDP"); - - String statusValue = statusType.getStatusCode().getValue().toASCIIString(); - if (JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false) - throw new SecurityException(ErrorCodes.IDP_AUTH_FAILED); - - List<RTChoiceType> assertions = responseType.getAssertions(); - if (assertions.size() == 0) - throw new IllegalStateException(ErrorCodes.NULL_VALUE + "No assertions in reply from IDP"); - - AssertionType assertion = assertions.get(0).getAssertion(); - //Check for validity of assertion - boolean expiredAssertion = AssertionUtil.hasExpired(assertion); - if (expiredAssertion) - throw new AssertionExpiredException(); - - SubjectType subject = assertion.getSubject(); - - //JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0); - NameIDType nameID = (NameIDType) subject.getSubType().getBaseID(); - String userName = nameID.getValue(); - List<String> roles = new ArrayList<String>(); - - //Set it on a thread local for JBID integrators - StatementLocal.statements.set(assertion.getStatements()); - - //Let us get the roles - AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next(); - List<ASTChoiceType> attList = attributeStatement.getAttributes(); - for (ASTChoiceType obj : attList) - { - AttributeType attr = obj.getAttribute(); - String roleName = (String) attr.getAttributeValue().get(0); - roles.add(roleName); - } - return this.createGenericPrincipal(request, userName, roles); - } - public Principal createGenericPrincipal(Request request, String username, List<String> roles) { Context ctx = request.getContext();

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1168 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-10 12:42:15 -0400 (Wed, 10 Aug 2011) New Revision: 1168 Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java Log: remove semi colon Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-08-09 21:40:00 UTC (rev 1167) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2011-08-10 16:42:15 UTC (rev 1168) @@ -163,7 +163,7 @@ HttpSession session = request.getSession(); - Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);; + Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID); String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1167 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-09 17:40:00 -0400 (Tue, 09 Aug 2011) New Revision: 1167 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java Log: add trace on LSInput Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-08-09 21:39:34 UTC (rev 1166) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/IDFedLSInputResolver.java 2011-08-09 21:40:00 UTC (rev 1167) @@ -44,6 +44,8 @@ { protected static Logger log = Logger.getLogger(IDFedLSInputResolver.class); + protected static boolean trace = log.isTraceEnabled(); + private static Map<String, LSInput> lsmap = new HashMap<String, LSInput>(); private static Map<String, String> schemaLocationMap = new LinkedHashMap<String, String>(); @@ -116,104 +118,137 @@ public LSInput resolveResource(String type, String namespaceURI, final String publicId, final String systemId, final String baseURI) { + LSInput lsi = null; if (systemId == null) throw new RuntimeException(ErrorCodes.NULL_VALUE + "systemid"); - LSInput lsi = lsmap.get(systemId); + if (StringUtil.isNotNull(systemId) && systemId.endsWith("dtd") && StringUtil.isNotNull(baseURI)) + { + lsi = lsmap.get(baseURI); + } if (lsi == null) + lsi = lsmap.get(systemId); + if (lsi == null) { final String loc = schemaLocationMap.get(systemId); if (loc == null) return null; - lsi = new LSInput() - { - public String getBaseURI() - { - return baseURI; - } + lsi = new PicketLinkLSInput(baseURI, loc, publicId, systemId); - public InputStream getByteStream() - { - URL url = SecurityActions.loadResource(getClass(), loc); - InputStream is; - try - { - is = url.openStream(); - } - catch (IOException e) - { - throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + loc); - } - if (is == null) - throw new RuntimeException(ErrorCodes.NULL_VALUE + "inputstream is null for " + loc); - return is; - } + if (trace) + log.trace("Loaded:" + lsi); + lsmap.put(systemId, lsi); + } + return lsi; + } - public boolean getCertifiedText() - { - return false; - } + public static class PicketLinkLSInput implements LSInput + { + private final String baseURI; - public Reader getCharacterStream() - { - return null; - } + private final String loc; - public String getEncoding() - { - return null; - } + private final String publicId; - public String getPublicId() - { - return publicId; - } + private final String systemId; - public String getStringData() - { - return null; - } + public PicketLinkLSInput(String baseURI, String loc, String publicID, String systemID) + { + this.baseURI = baseURI; + this.loc = loc; + this.publicId = publicID; + this.systemId = systemID; + } - public String getSystemId() - { - return systemId; - } + public String getBaseURI() + { + return baseURI; + } - public void setBaseURI(String baseURI) - { - } + public InputStream getByteStream() + { + URL url = SecurityActions.loadResource(getClass(), loc); + InputStream is; + try + { + is = url.openStream(); + } + catch (IOException e) + { + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + loc); + } + if (is == null) + throw new RuntimeException(ErrorCodes.NULL_VALUE + "inputstream is null for " + loc); + return is; + } - public void setByteStream(InputStream byteStream) - { - } + public boolean getCertifiedText() + { + return false; + } - public void setCertifiedText(boolean certifiedText) - { - } + public Reader getCharacterStream() + { + return null; + } - public void setCharacterStream(Reader characterStream) - { - } + public String getEncoding() + { + return null; + } - public void setEncoding(String encoding) - { - } + public String getPublicId() + { + return publicId; + } - public void setPublicId(String publicId) - { - } + public String getStringData() + { + return null; + } - public void setStringData(String stringData) - { - } + public String getSystemId() + { + return systemId; + } - public void setSystemId(String systemId) - { - } - }; + public void setBaseURI(String baseURI) + { + } - lsmap.put(systemId, lsi); + public void setByteStream(InputStream byteStream) + { } - return lsi; + + public void setCertifiedText(boolean certifiedText) + { + } + + public void setCharacterStream(Reader characterStream) + { + } + + public void setEncoding(String encoding) + { + } + + public void setPublicId(String publicId) + { + } + + public void setStringData(String stringData) + { + } + + public void setSystemId(String systemId) + { + } + + @Override + public String toString() + { + return "PicketLinkLSInput [baseURI=" + baseURI + ", loc=" + loc + ", publicId=" + publicId + ", systemId=" + + systemId + "]"; + } } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-08-09 21:39:34 UTC (rev 1166) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-08-09 21:40:00 UTC (rev 1167) @@ -132,7 +132,7 @@ { URL url = SecurityActions.loadResource(JAXPValidationUtil.class, schema); if (url == null) - throw new RuntimeException(ErrorCodes.NULL_VALUE + "schema url"); + throw new RuntimeException(ErrorCodes.NULL_VALUE + "schema url:" + schema); sourceArr[i++] = new StreamSource(url.openStream()); } return sourceArr; @@ -166,7 +166,10 @@ if (trace) { - builder.append("[").append(sax.getLineNumber()).append(",").append(sax.getColumnNumber()).append("]"); + builder.append("[line:").append(sax.getLineNumber()).append(",").append("::col=") + .append(sax.getColumnNumber()).append("]"); + builder.append("[publicID:").append(sax.getPublicId()).append(",systemId=").append(sax.getSystemId()) + .append("]"); builder.append(":").append(sax.getLocalizedMessage()); log.trace(builder.toString()); }

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1166 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp and 5 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-09 17:39:34 -0400 (Tue, 09 Aug 2011) New Revision: 1166 Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java Log: PLFED-203: SAMLConfigurationProvider is an injectable interface into the IDP/SP Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -123,6 +123,7 @@ import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder; import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil; import org.picketlink.identity.federation.web.util.RedirectBindingUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -167,6 +168,11 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; /** + * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider} + */ + protected SAMLConfigurationProvider configProvider = null; + + /** * If the user wants to set a particular {@link IdentityParticipantStack} */ protected String identityParticipantStack = null; @@ -186,6 +192,23 @@ } } + public void setConfigProvider(String cp) + { + if (cp == null) + throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp); + Class<?> clazz = SecurityActions.loadClass(getClass(), cp); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp); + try + { + configProvider = (SAMLConfigurationProvider) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage()); + } + } + public Boolean getIgnoreIncomingSignatures() { return ignoreIncomingSignatures; @@ -970,6 +993,7 @@ if (StringUtil.isNullOrEmpty(samlHandlerChainClass)) chain = SAML2HandlerChainFactory.createChain(); else + { try { chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass); @@ -978,17 +1002,45 @@ { throw new LifecycleException(e1); } + } + //Work on the IDP Configuration + if (configProvider != null) + { + try + { + idpConfiguration = configProvider.getIDPConfiguration(); + } + catch (ProcessingException e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION + e.getLocalizedMessage()); + } + } + String configFile = GeneralConstants.CONFIG_FILE_LOCATION; context = (Context) getContainer(); - InputStream is = context.getServletContext().getResourceAsStream(configFile); - if (is == null) - throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile); + if (idpConfiguration == null) + { + + InputStream is = context.getServletContext().getResourceAsStream(configFile); + if (is == null) + throw new RuntimeException(ErrorCodes.IDP_WEBBROWSER_VALVE_CONF_FILE_MISSING + configFile); + + try + { + idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); + } + catch (ParsingException e) + { + if (trace) + log.trace(e); + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } try { - idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); this.identityURL = idpConfiguration.getIdentityURL(); if (trace) log.trace("Identity Provider URL=" + this.identityURL); @@ -1011,7 +1063,7 @@ } catch (Exception e) { - throw new RuntimeException(e); + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); } //Ensure that the Core STS has the SAML20 Token Provider @@ -1107,18 +1159,10 @@ identityServer.setStack((IdentityParticipantStack) clazz.newInstance()); } - catch (ClassNotFoundException e) + catch (Exception e) { log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); } - catch (InstantiationException e) - { - log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } - catch (IllegalAccessException e) - { - log.error("Unable to set the Identity Participant Stack Class. Will just use the default", e); - } } } } @@ -1184,7 +1228,6 @@ result = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get(); } } - return result; } Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -75,6 +75,7 @@ import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.util.ConfigurationUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -123,6 +124,11 @@ protected final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; /** + * The user can inject a fully qualified name of a {@link SAMLConfigurationProvider} + */ + protected SAMLConfigurationProvider configProvider = null; + + /** * Servlet3 related changes forced Tomcat to change the authenticate method * signature in the FormAuthenticator. For now, we use reflection for forward * compatibility. This has to be changed in future. @@ -166,6 +172,23 @@ this.saveRestoreRequest = saveRestoreRequest; } + public void setConfigProvider(String cp) + { + if (cp == null) + throw new IllegalStateException(ErrorCodes.NULL_ARGUMENT + cp); + Class<?> clazz = SecurityActions.loadClass(getClass(), cp); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + cp); + try + { + configProvider = (SAMLConfigurationProvider) clazz.newInstance(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.CANNOT_CREATE_INSTANCE + cp + ":" + e.getMessage()); + } + } + /** * Set a separate issuer id * @param issuerID @@ -365,7 +388,14 @@ throw new RuntimeException(ErrorCodes.SERVICE_PROVIDER_CONF_FILE_MISSING + configFile); try { - spConfiguration = ConfigurationUtil.getSPConfiguration(is); + if (configProvider != null) + { + spConfiguration = configProvider.getSPConfiguration(); + } + else + { + spConfiguration = ConfigurationUtil.getSPConfiguration(is); + } if (StringUtil.isNotNull(spConfiguration.getIdpMetadataFile())) { Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/config/ProviderType.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -21,6 +21,9 @@ */ package org.picketlink.identity.federation.core.config; +import java.util.HashMap; +import java.util.Map; + import javax.xml.crypto.dsig.CanonicalizationMethod; /** @@ -60,7 +63,6 @@ */ public class ProviderType { - protected String identityURL; protected TrustType trust; @@ -73,6 +75,8 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; + protected Map<String, Object> additionalOptions = new HashMap<String, Object>(); + /** * Gets the value of the identityURL property. * @@ -236,4 +240,32 @@ this.canonicalizationMethod = canonicalizationMethod; } + /** + * Add an option + * @param key + * @param value + */ + public void addAdditionalOption(String key, Object value) + { + additionalOptions.put(key, value); + } + + /** + * Remove an option + * @param key + */ + public void removeAdditionalOption(String key) + { + additionalOptions.remove(key); + } + + /** + * Get option + * @param key + * @return + */ + public Object getAdditionalOption(String key) + { + return additionalOptions.get(key); + } } \ No newline at end of file Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java (rev 0) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/PropertiesConfigurationProvider.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -0,0 +1,104 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.config; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +import org.picketlink.identity.federation.core.ErrorCodes; +import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; +import org.picketlink.identity.federation.core.config.TrustType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; + +/** + * A properties file based {@link SAMLConfigurationProvider}. + * For the IDP configuration, a idp_config.properties is expected. + * For the SP configuration, a sp_config.properties is expected. + * + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public class PropertiesConfigurationProvider implements SAMLConfigurationProvider +{ + public static final String IDP_FILE = "idp_config.properties"; + + public static final String SP_FILE = "sp_config.properties"; + + public IDPType getIDPConfiguration() throws ProcessingException + { + InputStream is = SecurityActions.loadStream(getClass(), IDP_FILE); + if (is == null) + throw new IllegalStateException(ErrorCodes.NULL_VALUE + IDP_FILE); + Properties props = new Properties(); + try + { + props.load(is); + } + catch (IOException e) + { + throw new ProcessingException(e); + } + IDPType idp = new IDPType(); + idp.setIdentityURL(props.getProperty("idp.url")); + String domains = props.getProperty("domains"); + if (StringUtil.isNotNull(domains)) + { + TrustType trustType = new TrustType(); + trustType.setDomains(domains); + idp.setTrust(trustType); + } + + return idp; + } + + public SPType getSPConfiguration() throws ProcessingException + { + InputStream is = SecurityActions.loadStream(getClass(), SP_FILE); + if (is == null) + throw new IllegalStateException(ErrorCodes.NULL_VALUE + SP_FILE); + Properties props = new Properties(); + try + { + props.load(is); + } + catch (IOException e) + { + throw new ProcessingException(e); + } + SPType sp = new SPType(); + sp.setIdentityURL(props.getProperty("idp.url")); + sp.setServiceURL("service.url"); + String domains = props.getProperty("domains"); + if (StringUtil.isNotNull(domains)) + { + TrustType trustType = new TrustType(); + trustType.setDomains(domains); + sp.setTrust(trustType); + } + + return sp; + } +} \ No newline at end of file Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java (rev 0) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -0,0 +1,88 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.config; + +import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * Privileged Blocks + * @author Anil.Saldhana(a)redhat.com + * @since Dec 9, 2008 + */ +class SecurityActions +{ + static InputStream loadStream(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<InputStream>() + { + public InputStream run() + { + ClassLoader classLoader = theClass.getClassLoader(); + InputStream is = classLoader.getResourceAsStream(fqn); + if (is == null) + { + is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fqn); + } + return is; + } + }); + } + + static Class<?> loadClass(final Class<?> theClass, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + ClassLoader classLoader = theClass.getClassLoader(); + + Class<?> clazz = loadClass(classLoader, fqn); + if (clazz == null) + { + classLoader = Thread.currentThread().getContextClassLoader(); + clazz = loadClass(classLoader, fqn); + } + return clazz; + } + }); + } + + static Class<?> loadClass(final ClassLoader cl, final String fqn) + { + return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + try + { + return cl.loadClass(fqn); + } + catch (ClassNotFoundException e) + { + } + return null; + } + }); + } +} \ No newline at end of file Property changes on: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/config/SecurityActions.java ___________________________________________________________________ Added: svn:executable + * Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -48,6 +48,8 @@ String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml"; + String CONFIG_PROVIDER = "CONFIG_PROVIDER"; + String LOCAL_LOGOUT = "LLO"; String GLOBAL_LOGOUT = "GLO"; Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-09 16:16:04 UTC (rev 1165) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -91,6 +91,7 @@ import org.picketlink.identity.federation.web.util.IDPWebRequestUtil; import org.picketlink.identity.federation.web.util.IDPWebRequestUtil.WebRequestUtilHolder; import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil; +import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider; import org.w3c.dom.Document; /** @@ -147,18 +148,44 @@ super.init(config); String configFile = GeneralConstants.CONFIG_FILE_LOCATION; + String configProviderStr = config.getInitParameter(GeneralConstants.CONFIG_PROVIDER); + if (StringUtil.isNotNull(configProviderStr)) + { + Class<?> clazz = SecurityActions.loadClass(getClass(), configProviderStr); + if (clazz == null) + throw new RuntimeException(ErrorCodes.CLASS_NOT_LOADED + configProviderStr); + try + { + idpConfiguration = ((SAMLConfigurationProvider) clazz.newInstance()).getIDPConfiguration(); + } + catch (Exception e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } context = config.getServletContext(); - InputStream is = context.getResourceAsStream(configFile); - if (is == null) - throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing"); + if (idpConfiguration == null) + { + InputStream is = context.getResourceAsStream(configFile); + if (is == null) + throw new RuntimeException(ErrorCodes.RESOURCE_NOT_FOUND + configFile + " missing"); + try + { + idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); + } + catch (ParsingException e) + { + throw new RuntimeException(ErrorCodes.PROCESSING_EXCEPTION, e); + } + } + //Get the chain from config chain = new DefaultSAML2HandlerChain(); try { - idpConfiguration = ConfigurationUtil.getIDPConfiguration(is); this.identityURL = idpConfiguration.getIdentityURL(); log.trace("Identity Provider URL=" + this.identityURL); this.assertionValidity = idpConfiguration.getAssertionValidity(); Added: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java (rev 0) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/SAMLConfigurationProvider.java 2011-08-09 21:39:34 UTC (rev 1166) @@ -0,0 +1,48 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.web.util; + +import org.picketlink.identity.federation.core.config.IDPType; +import org.picketlink.identity.federation.core.config.SPType; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; + +/** + * Returns configuration for an IDP or SP + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public interface SAMLConfigurationProvider +{ + /** + * Get the {@link IDPType} configuration + * @return + * @throws ProcessingException + */ + IDPType getIDPConfiguration() throws ProcessingException; + + /** + * Get the {@l SPType} configuration + * @return + * @throws ProcessingException + */ + SPType getSPConfiguration() throws ProcessingException; +} \ No newline at end of file

13 years, 4 months

1
0
0 / 0

Picketlink SVN: r1165 - in integration-tests/trunk: picketlink-saml-jbas51 and 4 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-08-09 12:16:04 -0400 (Tue, 09 Aug 2011) New Revision: 1165 Added: integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/StandaloneSAMLUnitTestCase.java Modified: integration-tests/trunk/picketlink-saml-jbas51/pom.xml integration-tests/trunk/picketlink-saml-jbas6/pom.xml integration-tests/trunk/picketlink-saml-standalone/pom.xml integration-tests/trunk/picketlink-saml-tomcat6/pom.xml integration-tests/trunk/pom.xml Log: standalone test Modified: integration-tests/trunk/picketlink-saml-jbas51/pom.xml =================================================================== --- integration-tests/trunk/picketlink-saml-jbas51/pom.xml 2011-08-09 15:44:11 UTC (rev 1164) +++ integration-tests/trunk/picketlink-saml-jbas51/pom.xml 2011-08-09 16:16:04 UTC (rev 1165) @@ -39,6 +39,9 @@ <testClassesDirectory>${basedir}/../picketlink-saml-tests/target/test-classes</testClassesDirectory> <printSummary>true</printSummary> <disableXmlReport>false</disableXmlReport> + <excludes> + <exclude>**/Standalone**TestCase.java</exclude> + </excludes> <includes> <include>**/**TestCase.java</include> </includes> Modified: integration-tests/trunk/picketlink-saml-jbas6/pom.xml =================================================================== --- integration-tests/trunk/picketlink-saml-jbas6/pom.xml 2011-08-09 15:44:11 UTC (rev 1164) +++ integration-tests/trunk/picketlink-saml-jbas6/pom.xml 2011-08-09 16:16:04 UTC (rev 1165) @@ -39,6 +39,9 @@ <testClassesDirectory>${basedir}/../picketlink-saml-tests/target/test-classes</testClassesDirectory> <printSummary>true</printSummary> <disableXmlReport>false</disableXmlReport> + <excludes> + <exclude>**/Standalone**TestCase.java</exclude> + </excludes> <includes> <include>**/**TestCase.java</include> </includes> Modified: integration-tests/trunk/picketlink-saml-standalone/pom.xml =================================================================== --- integration-tests/trunk/picketlink-saml-standalone/pom.xml 2011-08-09 15:44:11 UTC (rev 1164) +++ integration-tests/trunk/picketlink-saml-standalone/pom.xml 2011-08-09 16:16:04 UTC (rev 1165) @@ -37,8 +37,9 @@ <phase>test</phase> <printSummary>true</printSummary> <disableXmlReport>false</disableXmlReport> + <testClassesDirectory>${basedir}/../picketlink-saml-tests/target/test-classes</testClassesDirectory> <includes> - <include>**/**TestCase.java</include> + <include>**/Standalone**TestCase.java</include> </includes> <forkMode>pertest</forkMode> <argLine>-Djava.endorsed.dirs=${basedir}/../picketlink-saml-tests/src/test/resources/endorsed</argLine> Added: integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/StandaloneSAMLUnitTestCase.java =================================================================== --- integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/StandaloneSAMLUnitTestCase.java (rev 0) +++ integration-tests/trunk/picketlink-saml-tests/src/test/java/org/picketlink/test/integration/saml2/StandaloneSAMLUnitTestCase.java 2011-08-09 16:16:04 UTC (rev 1165) @@ -0,0 +1,95 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.integration.saml2; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +import com.meterware.httpunit.GetMethodWebRequest; +import com.meterware.httpunit.SubmitButton; +import com.meterware.httpunit.WebConversation; +import com.meterware.httpunit.WebForm; +import com.meterware.httpunit.WebRequest; +import com.meterware.httpunit.WebResponse; + +/** + * SAML Test for Standalone Web Containers + * @author Anil.Saldhana(a)redhat.com + * @since Aug 9, 2011 + */ +public class StandaloneSAMLUnitTestCase +{ + String SERVICE_1_URL = System.getProperty( "SERVICE_1_URL", "http://localhost:8080/sales-standalone/" ); + String SERVICE_2_URL = System.getProperty( "SERVICE_2_URL", "http://localhost:8080/employee-standalone/" ); + String LOGOUT_URL = "?GLO=true"; + + + public String getService1URL() + { + return SERVICE_1_URL; + } + public String getService2URL() + { + return SERVICE_2_URL; + } + + @Test + public void testSAMLStandalone() throws Exception + { + //Sales Application Login + System.out.println("Trying "+ getService1URL()); + WebRequest serviceRequest1 = new GetMethodWebRequest( getService1URL() ); + WebConversation webConversation = new WebConversation(); + + WebResponse webResponse = webConversation.getResponse( serviceRequest1 ); + WebForm loginForm = webResponse.getForms()[0]; + loginForm.setParameter("JBID_USERNAME", "manager" ); + loginForm.setParameter("JBID_PASSWORD", "tomcat" ); + SubmitButton submitButton = loginForm.getSubmitButtons()[0]; + submitButton.click(); + + webResponse = webConversation.getCurrentPage(); + assertTrue( " Reached the sales index page ", webResponse.getText().contains( "SalesTool" )); + + //Employee Application Login + System.out.println("Trying "+ getService2URL()); + webResponse = webConversation.getResponse( getService2URL() ); + assertTrue( " Reached the employee index page ", webResponse.getText().contains( "EmployeeDashboard" )); + + //Logout from sales + + System.out.println("Trying "+ getService1URL() + LOGOUT_URL); + webResponse = webConversation.getResponse( getService1URL() + LOGOUT_URL ); + assertTrue( "Reached logged out page", webResponse.getText().contains( "logged" ) ); + + //Hit the Sales App again + System.out.println("Trying "+ getService1URL()); + webResponse = webConversation.getResponse( getService1URL() ); + assertTrue( " Reached the Login page ", webResponse.getText().contains( "Login" )); + + //Hit the Employee App again + System.out.println("Trying "+ getService2URL()); + webResponse = webConversation.getResponse( getService2URL() ); + assertTrue( " Reached the Login page ", webResponse.getText().contains( "Login" )); + } +} \ No newline at end of file Modified: integration-tests/trunk/picketlink-saml-tomcat6/pom.xml =================================================================== --- integration-tests/trunk/picketlink-saml-tomcat6/pom.xml 2011-08-09 15:44:11 UTC (rev 1164) +++ integration-tests/trunk/picketlink-saml-tomcat6/pom.xml 2011-08-09 16:16:04 UTC (rev 1165) @@ -39,6 +39,9 @@ <testClassesDirectory>${basedir}/../picketlink-saml-tests/target/test-classes</testClassesDirectory> <printSummary>true</printSummary> <disableXmlReport>false</disableXmlReport> + <excludes> + <exclude>**/Standalone**TestCase.java</exclude> + </excludes> <includes> <include>**/**TestCase.java</include> </includes> Modified: integration-tests/trunk/pom.xml =================================================================== --- integration-tests/trunk/pom.xml 2011-08-09 15:44:11 UTC (rev 1164) +++ integration-tests/trunk/pom.xml 2011-08-09 16:16:04 UTC (rev 1165) @@ -20,6 +20,7 @@ <module>picketlink-saml-jbas51</module> <module>picketlink-saml-jbas6</module> <module>picketlink-saml-tomcat6</module> + <module>picketlink-saml-standalone</module> <module>picketlink-sts-tests</module> <module>picketlink-sts-jbas51-native</module> <module>picketlink-sts-jbas51-cxf</module>

13 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits August 2011