[picketlink-commits] Picketlink SVN: r319 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust and 1 other directory.

Author: sguilhen(a)redhat.com Date: 2010-06-27 16:57:26 -0400 (Sun, 27 Jun 2010) New Revision: 319 Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java Log: PLFED-79: Added methods that support OnBehalfOf scenarios in STSClient and WSTrustClient Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-24 04:47:35 UTC (rev 318) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-06-27 20:57:26 UTC (rev 319) @@ -21,6 +21,8 @@ */ package org.picketlink.identity.federation.api.wstrust; +import java.security.Principal; + import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.wstrust.STSClient; import org.picketlink.identity.federation.core.wstrust.STSClientConfig; @@ -64,7 +66,8 @@ public WSTrustClient(String serviceName, String port, String endpointURI, SecurityInfo secInfo) throws ParsingException { - this(serviceName, port, new String[]{endpointURI}, secInfo); + this(serviceName, port, new String[] + {endpointURI}, secInfo); } public WSTrustClient(String serviceName, String port, String[] endpointURIs, SecurityInfo secInfo) @@ -102,7 +105,7 @@ */ public Element issueToken(String tokenType) throws WSTrustException { - return this.issueInternal(null, tokenType, 0); + return this.issueInternal(null, tokenType, null, 0); } /** @@ -116,7 +119,7 @@ */ public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException { - return this.issueInternal(endpointURI, null, 0); + return this.issueInternal(endpointURI, null, null, 0); } /** @@ -133,9 +136,15 @@ */ public Element issueToken(String endpointURI, String tokenType) throws WSTrustException { - return this.issueInternal(endpointURI, tokenType, 0); + return this.issueInternal(endpointURI, tokenType, null, 0); } + public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal) + throws WSTrustException + { + return this.issueInternal(endpointURI, tokenType, principal, 0); + } + /** * This method will send a RequestSecurityToken with a RequestType of renew * and the passed-in tokenType identifies the type of token to be renewed by @@ -175,7 +184,7 @@ { return this.cancelInternal(token, 0); } - + /** * <p> * This method issues a token of the specified type for the specified service endpoint and has failover support when @@ -187,24 +196,26 @@ * @param serviceEndpointURI a {@code String} representing the endpoint URI of the service that will be the ultimate * recipient of the security token. * @param tokenType a {@code String} representing the type of token to be issued. + * @param principal the {@code Principal} on behalf of whom the token will be issued. * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to perform * the request. * @return an {@code Element} representing the security token that has been issued. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ - private Element issueInternal(String serviceEndpointURI, String tokenType, int clientIndex) throws WSTrustException + private Element issueInternal(String serviceEndpointURI, String tokenType, Principal principal, int clientIndex) + throws WSTrustException { STSClient client = this.clients[clientIndex]; try { - return client.issueToken(serviceEndpointURI, tokenType); + return client.issueTokenOnBehalfOf(serviceEndpointURI, tokenType, principal); } catch (RuntimeException e) { // if this was a connection refused exception and we still have clients to try, call the next client. if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) { - return this.issueInternal(serviceEndpointURI, tokenType, ++clientIndex); + return this.issueInternal(serviceEndpointURI, tokenType, principal, ++clientIndex); } throw e; } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-24 04:47:35 UTC (rev 318) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-06-27 20:57:26 UTC (rev 319) @@ -22,6 +22,7 @@ package org.picketlink.identity.federation.core.wstrust; import java.net.URI; +import java.security.Principal; import java.util.Map; import javax.xml.namespace.QName; @@ -81,6 +82,15 @@ dispatchLocal.set(dispatch); } + public Element issueToken(String tokenType) throws WSTrustException + { + // create a custom token request message. + RequestSecurityToken request = new RequestSecurityToken(); + setTokenType(tokenType, request); + // send the token request to JBoss STS and get the response. + return issueToken(request); + } + /** * Issues a Security Token for the ultimate recipient of the token. * @@ -120,12 +130,29 @@ return issueToken(request); } - public Element issueToken(String tokenType) throws WSTrustException + /** + * <p> + * Issues a security token on behalf of the specified principal. + * </p> + * + * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for + * the RequestSecurityToken which is an optional element so it may be null. + * @param tokenType the type of the token to be issued. + * @param principal the {@code Principal} to whom the token will be issued. + * @return an {@code Element} representing the issued security token. + * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified. + * @throws WSTrustException if an error occurs while issuing the security token. + */ + public Element issueTokenOnBehalfOf(String endpointURI, String tokenType, Principal principal) + throws WSTrustException { - // create a custom token request message. + if (endpointURI == null && tokenType == null) + throw new IllegalArgumentException("One of endpointURI or tokenType must be provided."); + RequestSecurityToken request = new RequestSecurityToken(); + setAppliesTo(endpointURI, request); setTokenType(tokenType, request); - // send the token request to JBoss STS and get the response. + setOnBehalfOf(principal, request); return issueToken(request); } @@ -142,6 +169,13 @@ rst.setTokenType(URI.create(tokenType)); return rst; } + + private RequestSecurityToken setOnBehalfOf(Principal principal, RequestSecurityToken request) + { + if (principal != null) + request.setOnBehalfOf(WSTrustUtil.createOnBehalfOfWithUsername(principal.getName(), null)); + return request; + } private Element issueToken(RequestSecurityToken request) throws WSTrustException {