Author: sguilhen(a)redhat.com Date: 2010-09-09 18:20:46 -0400 (Thu, 09 Sep 2010) New Revision: 394 Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java Log: PLFED-17: added batch support to WSTrustClient and STSClient Modified: federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/wstrust/WSTrustClient.java 2010-09-09 22:20:46 UTC (rev 394) @@ -19,6 +19,7 @@ import java.net.URI; import java.security.Principal; +import java.util.List; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.wstrust.STSClient; @@ -28,6 +29,7 @@ import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; import org.w3c.dom.Element; /** @@ -142,7 +144,7 @@ { if (endpointURI == null && tokenType == null) throw new IllegalArgumentException("Either the token type or endpoint URI must be specified"); - + RequestSecurityToken request = new RequestSecurityToken(); if (tokenType != null) request.setTokenType(URI.create(tokenType)); @@ -170,7 +172,7 @@ throw new IllegalArgumentException("Either the token type or endpoint URI must be specified"); if (principal == null) throw new IllegalArgumentException("The on-behalf-of principal cannot be null"); - + RequestSecurityToken request = new RequestSecurityToken(); if (tokenType != null) request.setTokenType(URI.create(tokenType)); @@ -198,19 +200,73 @@ } /** + * <p> + * Issues a collection of security tokens. This is a batch operation, so all tokens will be issued using a single + * WS-Trust request message. This message contains all requests encapsulated in a {@code + * RequestSecurityTokenCollection} instance. + * </p> + * + * @param requestCollection the object that contains all the issue requests. + * @return a {@code List<Element>} containing all issued security tokens. The list respects the order of the request + * collection. In other words, each token in the list will have the same index of the request that was used + * to generate that token. + * @throws WSTrustException if an error occurs while issuing the tokens. + */ + public List<Element> issueTokens(RequestSecurityTokenCollection requestCollection) throws WSTrustException + { + if (requestCollection == null || requestCollection.getRequestSecurityTokens().size() == 0) + throw new IllegalArgumentException("The specified request collection must contain at least one request."); + return this.issueInternal(requestCollection, 0); + } + + /** * This method will send a RequestSecurityToken with a RequestType of renew and the passed-in tokenType identifies * the type of token to be renewed by the STS. * * @param tokenType - The type of token to be renewed. * @param token - The security token to be renewed. * @return Element - The Security Token element. Will be of the tokenType specified. + * @deprecated the tokenType argument is unnecessary as the type can be derived from the token. Use + * {@link #renewToken(Element)} instead. */ public Element renewToken(String tokenType, Element token) throws WSTrustException { - return this.renewInternal(tokenType, token, 0); + return this.renewInternal(token, 0); } /** + * <p> + * Renews the specified security token by sending a WS-Trust renew request to the STS. + * </p> + * + * @param token the security token to be renewed. + * @return an {@code Element} representing the renewed token. + * @throws WSTrustException if an error occurs while renewing the security token. + */ + public Element renewToken(Element token) throws WSTrustException + { + return this.renewInternal(token, 0); + } + + /** + * <p> + * Renews all the specified security tokens. This is a batch operation, so all tokens will be renewed using a single + * WS-Trust renew message. + * </p> + * + * @param tokens a list that contains all the security tokens that must be renewed. + * @return a list containing all the renewed tokens. The list preserves the position of the tokens. + * @throws WSTrustException if an error occurs while renewing the tokens. + */ + public List<Element> renewTokens(List<Element> tokens) throws WSTrustException + { + if (tokens == null || tokens.size() == 0) + throw new IllegalArgumentException("The specified list must contain at least one token for renewal"); + + return this.renewInternal(tokens, 0); + } + + /** * This method will send a RequestSecurityToken with a RequestType of validated by the STS. * * @param token - The security token to be validated. @@ -223,6 +279,25 @@ /** * <p> + * Validates all the specified security tokens. This is a batch operation, so all tokens will be validated using a + * single WS-Trust validate message. + * </p> + * + * @param tokens a list that contains all the security tokens that must be validated. + * @return a list containing the result of the validation. Each boolean in the list indicates if the respective + * security token was considered valid or not. + * @throws WSTrustException if an error occurs while validating the tokens. + */ + public List<Boolean> validateTokens(List<Element> tokens) throws WSTrustException + { + if (tokens == null || tokens.size() == 0) + throw new IllegalArgumentException("The specified list must contain at least one token for validation"); + + return this.validateInternal(tokens, 0); + } + + /** + * <p> * This method sends a WS-Trust cancel message to the STS in order to cancel (revoke) the specified security token. * </p> * @@ -237,6 +312,25 @@ /** * <p> + * Cancels all the specified security tokens. This is a batch operation, so all tokens will be canceled using a + * single WS-Trust cancel message. + * </p> + * + * @param tokens a list that contains all the security tokens that must be canceled. + * @return a list containing the result of the cancel request. Each boolean in the list indicates if the respective + * security token was successfully canceled or not. + * @throws WSTrustException if an error occurs while renewing the tokens. + */ + public List<Boolean> cancelTokens(List<Element> tokens) throws WSTrustException + { + if (tokens == null || tokens.size() == 0) + throw new IllegalArgumentException("The specified list must contain at least one token"); + + return this.cancelInternal(tokens, 0); + } + + /** + * <p> * This method issues a token using the specified request and has failover support when more than one endpoint URI * has been provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to * one endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all @@ -269,31 +363,62 @@ /** * <p> + * This method issues a collection of tokens using the specified request and has failover support when more than one + * endpoint URI has been provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust + * request to one endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance + * or all URIs have been tried. + * </p> + * + * @param request a {@code RequestSecurityTokenCollection} instance that contains the WS-Trust requests. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Element>} representing the security token that has been issued. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Element> issueInternal(RequestSecurityTokenCollection request, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.issueTokens(request); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.issueInternal(request, ++clientIndex); + } + throw e; + } + } + + /** + * <p> * This method renews the specified token and has failover support when more than one endpoint URI has been provided * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. * </p> * - * @param tokenType the type of the token being renewed. * @param token an {@code Element} representing the security token being renewed. * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to * perform the request. * @return an {@code Element} representing the security token that has been renewed. * @throws WSTrustException if a WS-Trust exception is thrown by the STS. */ - private Element renewInternal(String tokenType, Element token, int clientIndex) throws WSTrustException + private Element renewInternal(Element token, int clientIndex) throws WSTrustException { STSClient client = this.clients[clientIndex]; try { - return client.renewToken(tokenType, token); + return client.renewToken(token); } catch (RuntimeException e) { // if this was a connection refused exception and we still have clients to try, call the next client. if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) { - return this.renewInternal(tokenType, token, ++clientIndex); + return this.renewInternal(token, ++clientIndex); } throw e; } @@ -301,13 +426,44 @@ /** * <p> + * This method renews the specified tokens and has failover support when more than one endpoint URI has been provided + * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the + * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. + * </p> + * + * @param tokens a {@code List<Element>} containing the security tokens to be renewed. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Element>} representing the security tokens that have been renewed. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Element> renewInternal(List<Element> tokens, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.renewTokens(tokens); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.renewInternal(tokens, ++clientIndex); + } + throw e; + } + } + + /** + * <p> * This method validates the specified token and has failover support when more than one endpoint URI has been * provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one * endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all URIs * have been tried. * </p> * - * @param token an {@code Element} representing the security token being validated. + * @param tokens an {@code Element} representing the security token being validated. * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to * perform the request. * @return {@code true} if the token was considered valid; {@code false} otherwise. @@ -333,6 +489,39 @@ /** * <p> + * This method validates the specified tokens and has failover support when more than one endpoint URI has been + * provided in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one + * endpoint, the code makes a new attempt using the next URI until the request reaches an STS instance or all URIs + * have been tried. + * </p> + * + * @param tokens a {@code Element} representing the security tokens being validated. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Boolean>}. Each position in the list indicates if the respective security token was + * considered valid or not. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Boolean> validateInternal(List<Element> tokens, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.validateTokens(tokens); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.validateInternal(tokens, ++clientIndex); + } + throw e; + } + } + + /** + * <p> * This method cancels the specified token and has failover support when more than one endpoint URI has been provided * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. @@ -364,6 +553,38 @@ /** * <p> + * This method cancels the specified tokens and has failover support when more than one endpoint URI has been provided + * in the constructor. If a {@code ConnectException} occurs when sending the WS-Trust request to one endpoint, the + * code makes a new attempt using the next URI until the request reaches an STS instance or all URIs have been tried. + * </p> + * + * @param tokens a {@code List<Element>} containing all tokens to be canceled. + * @param clientIndex an {@code int} that indicates which of the {@code STSClient} instances should be used to + * perform the request. + * @return a {@code List<Boolean>}. Each position in the list indicates if the respective security token was + * successfully canceled or not. + * @throws WSTrustException if a WS-Trust exception is thrown by the STS. + */ + private List<Boolean> cancelInternal(List<Element> tokens, int clientIndex) throws WSTrustException + { + STSClient client = this.clients[clientIndex]; + try + { + return client.cancelTokens(tokens); + } + catch (RuntimeException e) + { + // if this was a connection refused exception and we still have clients to try, call the next client. + if (this.isCausedByConnectException(e) && clientIndex < this.clients.length - 1) + { + return this.cancelInternal(tokens, ++clientIndex); + } + throw e; + } + } + + /** + * <p> * Checks if the root of the specified {@code Throwable} is an instance of {@code java.net.ConnectException}. * </p> * Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/STSClient.java 2010-09-09 22:20:46 UTC (rev 394) @@ -1,28 +1,26 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.core.wstrust; import java.net.URI; import java.security.Principal; +import java.util.ArrayList; +import java.util.List; import java.util.Map; import javax.xml.namespace.QName; @@ -39,6 +37,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; import org.picketlink.identity.federation.ws.trust.CancelTargetType; @@ -94,10 +93,10 @@ /** * Issues a Security Token for the ultimate recipient of the token. * - * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. - * @return Element - The Security Token Element which will be of the TokenType configured - * for the endpointURI passed in. + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. + * @return Element - The Security Token Element which will be of the TokenType configured for the endpointURI passed + * in. * @throws WSTrustException */ public Element issueTokenForEndpoint(String endpointURI) throws WSTrustException @@ -108,12 +107,11 @@ } /** - * Issues a Security Token from the STS. This methods has the option of - * specifying one or both of endpointURI/tokenType but at least one must - * specified. + * Issues a Security Token from the STS. This methods has the option of specifying one or both of + * endpointURI/tokenType but at least one must specified. * - * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. + * @param endpointURI - The ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. * @param tokenType - The type of security token to be issued. * @return Element - The Security Token Element issued. * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified. @@ -135,11 +133,11 @@ * Issues a security token on behalf of the specified principal. * </p> * - * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for - * the RequestSecurityToken which is an optional element so it may be null. - * @param tokenType the type of the token to be issued. - * @param principal the {@code Principal} to whom the token will be issued. - * @return an {@code Element} representing the issued security token. + * @param endpointURI the ultimate recipient of the token. This will be set at the AppliesTo for the + * RequestSecurityToken which is an optional element so it may be null. + * @param tokenType the type of the token to be issued. + * @param principal the {@code Principal} to whom the token will be issued. + * @return an {@code Element} representing the issued security token. * @throws IllegalArgumentException If neither endpointURI nor tokenType was specified. * @throws WSTrustException if an error occurs while issuing the security token. */ @@ -169,7 +167,7 @@ rst.setTokenType(URI.create(tokenType)); return rst; } - + private RequestSecurityToken setOnBehalfOf(Principal principal, RequestSecurityToken request) { if (principal != null) @@ -179,14 +177,34 @@ public Element issueToken(RequestSecurityToken request) throws WSTrustException { - if (request.getRequestType() == null) - request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST)); - if (request.getContext() == null) - request.setContext("default-context"); + // convert the request type to BatchIssue before dispatching the batch request. + request.setRequestType(URI.create(WSTrustConstants.BATCH_ISSUE_REQUEST)); + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + requestCollection.addRequestSecurityToken(request); + return this.issueTokens(requestCollection).get(0); + } + + public List<Element> issueTokens(RequestSecurityTokenCollection requestCollection) throws WSTrustException + { + // check if all requests are of type BatchIssue. + for (RequestSecurityToken request : requestCollection.getRequestSecurityTokens()) + { + // if null or type: assume BatchIssue. + if (request.getRequestType() == null) + request.setRequestType(URI.create(WSTrustConstants.BATCH_ISSUE_REQUEST)); + // non-null type: check if type equals BatchIssue. + else if (!request.getRequestType().toString().equals(WSTrustConstants.BATCH_ISSUE_REQUEST)) + throw new IllegalArgumentException("The request type must be of type BatchIssue"); + } + + // use the JAXB factory to marshal the batch request. WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); + + // invoke the STS. Source response = dispatchLocal.get().invoke(requestSource); + // parse the response and extract all nodes that contain the security tokens. NodeList nodes; try { @@ -216,31 +234,58 @@ { throw new WSTrustException("Exception in issuing token:", e); } - if (nodes == null) throw new WSTrustException("NodeList is null"); + else + { + List<Element> tokens = new ArrayList<Element>(); + for (int i = 0; i < nodes.getLength(); i++) + { + Node node = nodes.item(i); + tokens.add((Element) node.getFirstChild()); + } + return tokens; + } + } - Node rstr = nodes.item(0); + /** + * @deprecated tokenType parameter is unnecessary as the type can be derived from the token. Use + * {@link #renewToken(Element)} instead. + */ + public Element renewToken(String tokenType, Element token) throws WSTrustException + { + return this.renewToken(token); + } - return (Element) rstr.getFirstChild(); + public Element renewToken(Element token) throws WSTrustException + { + List<Element> tokens = new ArrayList<Element>(); + tokens.add(token); + return this.renewTokens(tokens).get(0); } - public Element renewToken(String tokenType, Element token) throws WSTrustException + public List<Element> renewTokens(List<Element> tokens) throws WSTrustException { - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("context"); + // create a request collection containing all tokens to be renewed. + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + for (Element token : tokens) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setRequestType(URI.create(WSTrustConstants.BATCH_RENEW_REQUEST)); + RenewTargetType renewTarget = new RenewTargetType(); + renewTarget.setAny(token); + request.setRenewTarget(renewTarget); + requestCollection.addRequestSecurityToken(request); + } - request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - request.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST)); - RenewTargetType renewTarget = new RenewTargetType(); - renewTarget.setAny(token); - request.setRenewTarget(renewTarget); + // use the JAXB factory to marshal the batch request. + WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); - // send the token request to JBoss STS and get the response. - WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + // invoke the STS. Source response = dispatchLocal.get().invoke(requestSource); + // parse the response and extract all nodes that contain the security tokens. NodeList nodes; try { @@ -268,45 +313,67 @@ } catch (Exception e) { - throw new WSTrustException("Exception in renewing token:", e); + throw new WSTrustException("Exception in issuing token:", e); } - if (nodes == null) throw new WSTrustException("NodeList is null"); - - Node rstr = nodes.item(0); - - return (Element) rstr.getFirstChild(); - + else + { + List<Element> renewedTokens = new ArrayList<Element>(); + for (int i = 0; i < nodes.getLength(); i++) + { + Node node = nodes.item(i); + renewedTokens.add((Element) node.getFirstChild()); + } + return renewedTokens; + } } public boolean validateToken(Element token) throws WSTrustException { - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("context"); + List<Element> tokens = new ArrayList<Element>(); + tokens.add(token); + return this.validateTokens(tokens).get(0); + } - request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST)); - ValidateTargetType validateTarget = new ValidateTargetType(); - validateTarget.setAny(token); - request.setValidateTarget(validateTarget); + public List<Boolean> validateTokens(List<Element> tokens) throws WSTrustException + { + // create a request collection containing all tokens to be validated. + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + for (Element token : tokens) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); + request.setRequestType(URI.create(WSTrustConstants.BATCH_VALIDATE_REQUEST)); + ValidateTargetType validateTarget = new ValidateTargetType(); + validateTarget.setAny(token); + request.setValidateTarget(validateTarget); + requestCollection.addRequestSecurityToken(request); + } + // use the JAXB factory to marshal the batch request. WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + // invoke the STS. + Source response = dispatchLocal.get().invoke(requestSource); - Source response = dispatchLocal.get().invoke(requestSource); + // parse the response and check the validation status of each security token. RequestSecurityTokenResponseCollection responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory .parseRequestSecurityTokenResponse(response); - RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0); - StatusType status = tokenResponse.getStatus(); - if (status != null) + List<Boolean> result = new ArrayList<Boolean>(); + for (RequestSecurityTokenResponse tokenResponse : responseCollection.getRequestSecurityTokenResponses()) { - String code = status.getCode(); - return WSTrustConstants.STATUS_CODE_VALID.equals(code); + StatusType status = tokenResponse.getStatus(); + if (status != null) + { + String code = status.getCode(); + result.add(WSTrustConstants.STATUS_CODE_VALID.equals(code)); + } + result.add(Boolean.FALSE); } - return false; + return result; } /** @@ -320,25 +387,43 @@ */ public boolean cancelToken(Element securityToken) throws WSTrustException { - // create a WS-Trust cancel request containing the specified token. - RequestSecurityToken request = new RequestSecurityToken(); - request.setRequestType(URI.create(WSTrustConstants.CANCEL_REQUEST)); - CancelTargetType cancelTarget = new CancelTargetType(); - cancelTarget.setAny(securityToken); - request.setCancelTarget(cancelTarget); + List<Element> tokens = new ArrayList<Element>(); + tokens.add(securityToken); + return this.cancelTokens(tokens).get(0); + } + public List<Boolean> cancelTokens(List<Element> tokens) throws WSTrustException + { + // create a request collection containing all tokens to be canceled. + RequestSecurityTokenCollection requestCollection = new RequestSecurityTokenCollection(); + for (Element token : tokens) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setRequestType(URI.create(WSTrustConstants.BATCH_CANCEL_REQUEST)); + CancelTargetType cancelTarget = new CancelTargetType(); + cancelTarget.setAny(token); + request.setCancelTarget(cancelTarget); + requestCollection.addRequestSecurityToken(request); + } + // marshal the request and send it to the STS. WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance(); - DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request); + DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityTokenCollection(requestCollection); Source response = dispatchLocal.get().invoke(requestSource); // get the WS-Trust response and check for presence of the RequestTokenCanceled element. RequestSecurityTokenResponseCollection responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory .parseRequestSecurityTokenResponse(response); - RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0); - if (tokenResponse.getRequestedTokenCancelled() != null) - return true; - return false; + + List<Boolean> result = new ArrayList<Boolean>(); + for (RequestSecurityTokenResponse tokenResponse : responseCollection.getRequestSecurityTokenResponses()) + { + if (tokenResponse.getRequestedTokenCancelled() != null) + result.add(Boolean.TRUE); + result.add(Boolean.FALSE); + } + + return result; } public Dispatch<Source> getDispatch() Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-09-09 22:20:46 UTC (rev 394) @@ -377,7 +377,8 @@ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); if (request.getContext() != null) response.setContext(request.getContext()); - response.setTokenType(request.getTokenType()); + if (request.getTokenType() != null) + response.setTokenType(request.getTokenType()); response.setLifetime(request.getLifetime()); response.setRequestedSecurityToken(requestedSecurityToken); if (context.getAttachedReference() != null) Modified: federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-09-08 20:28:12 UTC (rev 393) +++ federation/branches/Branch_1_x/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2010-09-09 22:20:46 UTC (rev 394) @@ -1,23 +1,19 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. */ package org.picketlink.identity.federation.core.wstrust.plugins.saml; @@ -167,8 +163,8 @@ this.attributeProvider.setProperties(this.properties); } else - logger.warn("Attribute provider not installed: " + attributeProviderClassName + - "is not an instance of SAML20TokenAttributeProvider"); + logger.warn("Attribute provider not installed: " + attributeProviderClassName + + "is not an instance of SAML20TokenAttributeProvider"); } catch (PrivilegedActionException pae) { @@ -348,8 +344,7 @@ { throw new WSTrustException("Failed to marshall SAMLV2 assertion", e); } - SecurityToken securityToken = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType() - .toString(), assertionElement, assertionID); + SecurityToken securityToken = new StandardSecurityToken(SAMLUtil.SAML2_TOKEN_TYPE, assertionElement, assertionID); context.setSecurityToken(securityToken); // set the SAML assertion attached reference. @@ -431,7 +426,7 @@ * <p> * Checks whether the specified element is a SAMLV2.0 assertion or not. * </p> - * + * * @param element the {@code Element} being verified. * @return {@code true} if the element is a SAMLV2.0 assertion; {@code false} otherwise. */