Author: anil.saldhana(a)jboss.com Date: 2011-04-11 20:55:10 -0400 (Mon, 11 Apr 2011) New Revision: 872 Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java trust/trunk/jbossws/src/test/ trust/trunk/jbossws/src/test/java/ trust/trunk/jbossws/src/test/java/org/ trust/trunk/jbossws/src/test/java/org/picketlink/ trust/trunk/jbossws/src/test/java/org/picketlink/test/ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java trust/trunk/jbossws/src/test/resources/ trust/trunk/jbossws/src/test/resources/jbossws/ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml Modified: trust/trunk/jbossws/.classpath trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java Log: PLFED-167: handlers for auth/authz for POJO WS Modified: trust/trunk/jbossws/.classpath =================================================================== --- trust/trunk/jbossws/.classpath 2011-04-12 00:53:50 UTC (rev 871) +++ trust/trunk/jbossws/.classpath 2011-04-12 00:55:10 UTC (rev 872) @@ -1,39 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> <classpath> - <classpathentry kind="src" path="src/main/java" including="**/*.java"/> - <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/> - <classpathentry kind="output" path="target/classes"/> - <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar" sourcepath="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar"/> - <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.jar" sourcepath="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar"/> - <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar" sourcepath="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/> - <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar" sourcepath="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/gnu-getopt/getopt/1.0.13/getopt-1.0.13.jar"/> - <classpathentry kind="var" path="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA.jar" sourcepath="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final.jar" sourcepath="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar" sourcepath="M2_REPO/junit/junit/3.8.2/junit-3.8.2-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/openid4java/openid4java-nodeps/0.9.5/openid4java-nodeps-0.9.5.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar" sourcepath="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.3/xmlsec-1.4.3.jar"/> - <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> -</classpath> \ No newline at end of file + <classpathentry including="**/*.java" kind="src" output="target/test-classes" path="src/test/java"/> + <classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/> + <classpathentry including="**/*.java" kind="src" path="src/main/java"/> + <classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/> + <classpathentry kind="var" path="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar" sourcepath="M2_REPO/javax/persistence/persistence-api/1.0/persistence-api-1.0-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar" sourcepath="M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar"/> + <classpathentry kind="var" path="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0.jar" sourcepath="M2_REPO/commons-beanutils/commons-beanutils/1.8.0/commons-beanutils-1.8.0-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar"/> + <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1.jar" sourcepath="M2_REPO/commons-httpclient/commons-httpclient/3.0.1/commons-httpclient-3.0.1-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/> + <classpathentry kind="var" path="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar" sourcepath="M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/gnu-getopt/getopt/1.0.13/getopt-1.0.13.jar"/> + <classpathentry kind="var" path="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA.jar" sourcepath="M2_REPO/jboss/jaxbintros/jboss-jaxb-intros/1.0.2.GA/jboss-jaxb-intros-1.0.2.GA-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final.jar" sourcepath="M2_REPO/org/jboss/spec/javax/xml/ws/jboss-jaxws-api_2.2_spec/1.0.0.Final/jboss-jaxws-api_2.2_spec-1.0.0.Final-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.1.0.GA/jboss-logging-spi-2.1.0.GA-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jboss-security-spi/3.0.0.Final/jboss-security-spi-3.0.0.Final-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final.jar" sourcepath="M2_REPO/org/picketbox/jbosssx/3.0.0.Final/jbosssx-3.0.0.Final-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-common/1.4.1.GA/jbossws-common-1.4.1.GA-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA.jar" sourcepath="M2_REPO/org/jboss/ws/jbossws-spi/1.4.1.GA/jbossws-spi-1.4.1.GA-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.4/jbossxacml-2.0.4-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.2/junit-3.8.2.jar" sourcepath="M2_REPO/junit/junit/3.8.2/junit-3.8.2-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/openid4java/openid4java-nodeps/0.9.5/openid4java-nodeps-0.9.5.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings/2.0.0-SNAPSHOT/picketlink-bindings-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-bindings-jboss/2.0.0-SNAPSHOT/picketlink-bindings-jboss-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-api/2.0.0-SNAPSHOT/picketlink-fed-api-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-core/2.0.0-SNAPSHOT/picketlink-fed-core-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-fed-model/2.0.0-SNAPSHOT/picketlink-fed-model-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-web/2.0.0-SNAPSHOT/picketlink-web-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/picketlink/picketlink-xmlsec-model/2.0.0-SNAPSHOT/picketlink-xmlsec-model-2.0.0-SNAPSHOT-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar" sourcepath="M2_REPO/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.3/xmlsec-1.4.3.jar"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> + <classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/> + <classpathentry kind="output" path="target/classes"/> +</classpath> Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/AbstractPicketLinkTrustHandler.java 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,196 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.handler; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import javax.naming.Context; +import javax.naming.InitialContext; +import javax.naming.NamingException; +import javax.security.auth.Subject; +import javax.xml.namespace.QName; + +import org.jboss.logging.Logger; +import org.jboss.security.AuthenticationManager; +import org.jboss.security.AuthorizationManager; +import org.jboss.wsf.common.handler.GenericSOAPHandler; +import org.jboss.wsf.spi.SPIProvider; +import org.jboss.wsf.spi.SPIProviderResolver; +import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.trust.jbossws.Constants; +import org.picketlink.trust.jbossws.Util; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * Abstract base class for the PicketLink Trust Handlers + * @author Anil.Saldhana(a)redhat.com + * @since Apr 11, 2011 + */ +@SuppressWarnings("rawtypes") +public abstract class AbstractPicketLinkTrustHandler extends GenericSOAPHandler +{ + protected Logger log = Logger.getLogger(this.getClass()); + protected boolean trace = log.isTraceEnabled(); + + protected static Set<QName> headers; + + protected static final String SEC_MGR_LOOKUP = "java:comp/env/security/securityMgr"; + protected static final String AUTHZ_MGR_LOOKUP = "java:comp/env/security/authorizationMgr"; + + protected SecurityAdaptorFactory secAdapterfactory; + + static + { + HashSet<QName> set = new HashSet<QName>(); + set.add(Constants.WSSE_HEADER_QNAME); + headers = Collections.unmodifiableSet(set); + } + + public Set<QName> getHeaders() + { + //return a collection with just the wsse:Security header to pass the MustUnderstand check on it + return headers; + } + + /** + * Get the JBoss Authentication Manager {@link AuthenticationManager} from JNDI + * @return + * @throws NamingException + */ + protected AuthenticationManager getAuthenticationManager() + { + if( secAdapterfactory == null) + { + SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider(); + secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class); + } + return (AuthenticationManager) lookupJNDI(SEC_MGR_LOOKUP); + } + + /** + * Get the JBoss Authorization Manager {@link AuthorizationManager} from JNDI + * @return + * @throws NamingException + */ + protected AuthorizationManager getAuthorizationManager() + { + if( secAdapterfactory == null) + { + SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider(); + secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class); + } + return (AuthorizationManager)lookupJNDI(AUTHZ_MGR_LOOKUP); + } + + /** + * Given a {@link Document}, create the WSSE element + * @param document + * @return + */ + protected Element getSecurityHeaderElement(Document document) + { + Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER); + Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS); + Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS); + Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS); + return element; + } + + /** + * Given the NameID {@link Element}, return the user name + * @param nameID + * @return + */ + protected String getUsername(final Element nameID) + { + String username = nameID.getNodeValue(); + if (username == null) { + final NodeList childNodes = nameID.getChildNodes(); + final int size = childNodes.getLength(); + for (int i = 0; i < size; i++) { + final Node childNode = childNodes.item(i); + if (childNode.getNodeType() == Node.TEXT_NODE) { + username = childNode.getNodeValue(); + } + } + } + return username; + } + + /** + * Get the SAML Assertion from the subject + * @return + */ + protected Element getAssertionFromSubject() + { + Element assertion = null; + Subject subject = SecurityActions.getAuthenticatedSubject(); + + if(subject == null) + { + log.error("null subject, cannot extract SAML token required for WS-TRUST"); + return assertion; + } + + Set<Object> creds = subject.getPublicCredentials(); + if( creds != null ) + { + for( Object cred: creds) + { + if( cred instanceof SamlCredential) + { + SamlCredential samlCredential = (SamlCredential) cred; + try + { + assertion = samlCredential.getAssertionAsElement(); + } + catch (ProcessingException e) + { + log.error("failed to process SAML credential", e); + } + break; + } + } + } + return assertion; + } + + private Object lookupJNDI( String str) + { + try + { + Context context = new InitialContext(); + return context.lookup(str); + } + catch (NamingException e) + { + throw new RuntimeException(e); + } + } +} \ No newline at end of file Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java 2011-04-12 00:53:50 UTC (rev 871) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/BinaryTokenHandler.java 2011-04-12 00:55:10 UTC (rev 872) @@ -21,10 +21,6 @@ */ package org.picketlink.trust.jbossws.handler; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.xml.namespace.QName; @@ -37,8 +33,6 @@ import javax.xml.ws.handler.MessageContext; import javax.xml.ws.handler.soap.SOAPMessageContext; -import org.apache.log4j.Logger; -import org.jboss.wsf.common.handler.GenericSOAPHandler; import org.picketlink.trust.jbossws.Constants; import org.picketlink.trust.jbossws.Util; @@ -76,14 +70,8 @@ * @author Anil.Saldhana(a)redhat.com * @since Apr 5, 2011 */ -@SuppressWarnings("rawtypes") -public class BinaryTokenHandler extends GenericSOAPHandler +public class BinaryTokenHandler extends AbstractPicketLinkTrustHandler { - protected static Logger log = Logger.getLogger(BinaryTokenHandler.class); - protected boolean trace = log.isTraceEnabled(); - - private static Set<QName> headers; - /** * The HTTP header name that this token looks for. Either this or the httpCookieName should be set. */ @@ -121,13 +109,6 @@ private boolean cleanToken = Boolean.parseBoolean(SecurityActions.getSystemProperty("binary.http.cleanToken", "false")); private SOAPFactory factory = null; - - static - { - HashSet<QName> set = new HashSet<QName>(); - set.add(Constants.WSSE_HEADER_QNAME); - headers = Collections.unmodifiableSet(set); - } /** * <p> Set the EncodingType value.</p> @@ -173,12 +154,6 @@ this.valueTypePrefix = binaryValuePrefix; } - public Set<QName> getHeaders() - { - //return a collection with just the wsse:Security header to pass the MustUnderstand check on it - return headers; - } - /** * <p> * Set the Http Header Name @@ -226,7 +201,12 @@ @Override protected boolean handleOutbound(MessageContext msgContext) - { + { + if(trace) + { + log.trace("Handling Outbound Message"); + } + if( httpHeaderName == null && httpCookieName == null ) throw new RuntimeException("Either httpHeaderName or httpCookieName should be set" ); Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-12 00:53:50 UTC (rev 871) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2011-04-12 00:55:10 UTC (rev 872) @@ -21,30 +21,20 @@ */ package org.picketlink.trust.jbossws.handler; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - import javax.security.auth.Subject; import javax.xml.namespace.QName; import javax.xml.soap.SOAPMessage; import javax.xml.ws.handler.MessageContext; import javax.xml.ws.handler.soap.SOAPMessageContext; -import org.jboss.logging.Logger; import org.jboss.security.SecurityContext; -import org.jboss.wsf.common.handler.GenericSOAPHandler; import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; -import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.wstrust.SamlCredential; -import org.picketlink.trust.jbossws.Constants; import org.picketlink.trust.jbossws.SAML2Constants; import org.picketlink.trust.jbossws.Util; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; /** * A SAMLv2 WS handler. @@ -54,32 +44,17 @@ * @author Anil Saldhana * @version $Revision: 1 $ */ -@SuppressWarnings("rawtypes") -public class SAML2Handler extends GenericSOAPHandler -{ - - protected Logger log = Logger.getLogger(this.getClass()); - - private static Set<QName> headers; - - static - { - HashSet<QName> set = new HashSet<QName>(); - set.add(Constants.WSSE_HEADER_QNAME); - headers = Collections.unmodifiableSet(set); - } - - public Set<QName> getHeaders() - { - //return a collection with just the wsse:Security header to pass the MustUnderstand check on it - return headers; - } - +public class SAML2Handler extends AbstractPicketLinkTrustHandler +{ /** * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation. */ protected boolean handleInbound(MessageContext msgContext) - { + { + if(trace) + { + log.trace("Handling Inbound Message"); + } String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get(); SOAPMessageContext ctx = (SOAPMessageContext) msgContext; SOAPMessage soapMessage = ctx.getMessage(); @@ -104,6 +79,10 @@ SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s); SecurityActions.setSecurityContext(sc); } + else + { + log.warn("We did not find any assertion"); + } return true; } @@ -113,7 +92,11 @@ * This assertion is then included in the SOAP payload. */ protected boolean handleOutbound(MessageContext msgContext) - { + { + if(trace) + { + log.trace("Handling Outbound Message"); + } SOAPMessageContext ctx = (SOAPMessageContext) msgContext; SOAPMessage soapMessage = ctx.getMessage(); @@ -155,63 +138,5 @@ } return true; - } - - private Element getSecurityHeaderElement(Document document) - { - Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER); - Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS); - Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS); - Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS); - return element; - } - - private String getUsername(final Element nameID) { - String username = nameID.getNodeValue(); - if (username == null) { - final NodeList childNodes = nameID.getChildNodes(); - final int size = childNodes.getLength(); - for (int i = 0; i < size; i++) { - final Node childNode = childNodes.item(i); - if (childNode.getNodeType() == Node.TEXT_NODE) { - username = childNode.getNodeValue(); - } - } - } - return username; - } - - private Element getAssertionFromSubject() - { - Element assertion = null; - Subject subject = SecurityActions.getAuthenticatedSubject(); - - if(subject == null) - { - log.error("null subject, cannot extract SAML token required for WS-TRUST"); - return assertion; - } - - Set<Object> creds = subject.getPublicCredentials(); - if( creds != null ) - { - for( Object cred: creds) - { - if( cred instanceof SamlCredential) - { - SamlCredential samlCredential = (SamlCredential) cred; - try - { - assertion = samlCredential.getAssertionAsElement(); - } - catch (ProcessingException e) - { - log.error("failed to process SAML credential", e); - } - break; - } - } - } - return assertion; - } + } } \ No newline at end of file Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-12 00:53:50 UTC (rev 871) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2011-04-12 00:55:10 UTC (rev 872) @@ -105,4 +105,26 @@ } }); } + + static ClassLoader getClassLoader( final Class<?> clazz) + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return clazz.getClassLoader(); + } + }); + } + + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } } \ No newline at end of file Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthenticationHandler.java 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,72 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.handler; + +import java.security.Principal; + +import javax.security.auth.Subject; +import javax.xml.ws.handler.MessageContext; + +import org.jboss.security.AuthenticationManager; +import org.jboss.wsf.spi.invocation.SecurityAdaptor; + +/** + * Perform Authentication for POJO Web Services + * + * Based on the Authorize Operation on the JBossWS Native stack + * + * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> + * @author Anil.Saldhana(a)redhat.com + * @since Apr 11, 2011 + */ +public class WSAuthenticationHandler extends AbstractPicketLinkTrustHandler +{ + @Override + protected boolean handleInbound(MessageContext msgContext) + { + if(trace) + { + log.trace("Handling Inbound Message"); + } + AuthenticationManager authenticationManager = getAuthenticationManager(); + SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter(); + Principal principal = securityAdaptor.getPrincipal(); + Object credential = securityAdaptor.getCredential(); + + Subject subject = new Subject(); + + if (authenticationManager.isValid(principal, credential, subject) == false) + { + String msg = "Authentication failed, principal=" + principal; + log.error(msg); + SecurityException e = new SecurityException(msg); + throw new RuntimeException(e); + } + if(trace) + { + log.trace("Successfully Authenticated:Principal="+principal + "::subject="+subject); + } + securityAdaptor.pushSubjectContext(subject, principal, credential); + + return true; + } +} \ No newline at end of file Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/WSAuthorizationHandler.java 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,123 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.handler; + +import java.io.InputStream; +import java.security.Principal; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.servlet.ServletContext; +import javax.xml.namespace.QName; +import javax.xml.ws.handler.MessageContext; + +import org.jboss.security.AuthorizationManager; +import org.jboss.security.SimplePrincipal; +import org.jboss.wsf.spi.invocation.SecurityAdaptor; +import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor; + +/** + * An authorization handler for the POJO Web services + * Based on the Authorize Operation on the JBossWS Native stack + * + * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> + * @author Anil.Saldhana(a)redhat.com + * @since Apr 11, 2011 + */ +public class WSAuthorizationHandler extends AbstractPicketLinkTrustHandler +{ + @Override + protected boolean handleInbound(MessageContext msgContext) + { + if(trace) + { + log.trace("Handling Inbound Message"); + } + ServletContext context = (ServletContext) msgContext.get(MessageContext.SERVLET_CONTEXT); + //Read the jboss-wsse.xml file + InputStream is = getWSSE(context); + if( is == null ) + throw new RuntimeException( "unable to load jboss-wsse.xml"); + + QName portName = (QName) msgContext.get(MessageContext.WSDL_PORT); + QName opName = (QName) msgContext.get(MessageContext.WSDL_OPERATION); + List<String> roles = JBossWSSERoleExtractor.getRoles(is, portName.getLocalPart(), opName.toString()); + if( !roles.contains("unchecked")) + { + AuthorizationManager authorizationManager = getAuthorizationManager(); + + SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter(); + Principal principal = securityAdaptor.getPrincipal(); + Subject subject = SecurityActions.getAuthenticatedSubject(); + + Set<Principal> expectedRoles = rolesSet(roles); + if(!authorizationManager.doesUserHaveRole(principal, expectedRoles )) + { + StringBuilder builder = new StringBuilder("Authorization Failed:Principal="); + builder.append(principal).append(":Expected Roles=").append(expectedRoles); + builder.append("::Actual Roles=").append(authorizationManager.getSubjectRoles(subject,null)); + log.error(builder.toString() ); + + throw new RuntimeException("Authorization Failed"); + } + } + return true; + } + + protected Set<Principal> rolesSet(List<String> roles) + { + Set<Principal> principals = new HashSet<Principal>(); + for( String role: roles) + { + principals.add(new SimplePrincipal(role)); + } + return principals; + } + + protected InputStream getWSSE(ServletContext context) + { + if( context == null ) + throw new RuntimeException("Servlet Context is null"); + + InputStream is = context.getResourceAsStream("/WEB-INF/jboss-wsse.xml"); + /*InputStream is = null; + ClassLoader cl = SecurityActions.getClassLoader(getClass()); + is = load(cl); + if( is == null) + { + cl = SecurityActions.getContextClassLoader(); + is = load(cl); + }*/ + return is; + } + + protected InputStream load( ClassLoader cl) + { + InputStream is = null; + is = cl.getResourceAsStream("WEB-INF/jboss-wsse.xml"); + if( is == null) + is = cl.getResourceAsStream("/WEB-INF/jboss-wsse.xml"); + return is; + } +} \ No newline at end of file Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/util/JBossWSSERoleExtractor.java 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,176 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.util; + +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * Given a jboss-wsse.xml file, extract the roles + * @author Anil.Saldhana(a)redhat.com + * @since Apr 11, 2011 + */ +public class JBossWSSERoleExtractor +{ + /** + * <p> + * Given the jboss-wsse.xml inputstream, return the configured roles + * </p> + * <p> + * Note that the <unchecked/> setting will yield a role of unchecked. + * So special handling needs to be done by the caller. + * </p> + * @param is + * @param portName optionally pass in a portName + * @return a {@link List} of role names + */ + public static List<String> getRoles(InputStream is, String portName, String operationName) + { + List<String> roles = new ArrayList<String>(); + try + { + Document doc = DocumentUtil.getDocument(is); + NodeList nl = doc.getElementsByTagName("port"); + if( nl != null ) + { + int len = nl.getLength(); + if( len > 0) + { + Node portNode = getNamedNode(nl, portName); + if( portNode != null) + { + roles.addAll( getRoles(portNode, operationName)); + return roles; + } + } + return getDefaultRoles(doc.getDocumentElement()); + } + } + catch (Exception e) + { + throw new RuntimeException(e); + } + return roles; + } + + private static Node getNamedNode( NodeList nl, String portName) + { + int len = nl.getLength(); + for( int i = 0; i < len; i++) + { + Node n = nl.item(i); + if( n.getNodeType() == Node.ELEMENT_NODE) + { + Node name = n.getAttributes().getNamedItem("name"); + if( portName.equals(name.getNodeValue())) + return n; + } + } + return null; + } + + private static List<String> getRoles(Node node, String operationName) throws ProcessingException + { + List<String> roles = new ArrayList<String>(); + + Element elem = (Element) node; + //First check for operations + NodeList ops = elem.getElementsByTagName("operation"); + if(ops.getLength() > 0 ) + { + Node opNode = getNamedNode( ops, operationName); + if( opNode != null) + return getDefaultRoles((Element) opNode); + return roles; + } + NodeList nl = elem.getElementsByTagName("authorize"); + if( nl != null ) + { + int len = nl.getLength(); + + if( len > 1 ) + throw new ProcessingException( "More than one authorize element"); + Node authorize = nl.item(0); + roles.addAll(getRolesFromAuthorize((Element) authorize)); + } + return roles; + } + + private static List<String> getDefaultRoles(Element root) throws ProcessingException + { + List<String> roles = new ArrayList<String>(); + NodeList children = root.getChildNodes(); + if( children != null ) + { + int len = children.getLength(); + //Go down tree and if you hit port, return + for( int i = 0 ; i <len ; i++ ) + { + Node n = children.item(i); + if(n.getNodeType() == Node.ELEMENT_NODE) + { + Element newNode = (Element) n; + if( newNode.getNodeName().equals("port")) + return roles; + else if( newNode.getNodeName().equals("authorize")) + return getRolesFromAuthorize(newNode); + else + roles = getDefaultRoles(newNode); + } + } + } + return roles; + } + + private static List<String> getRolesFromAuthorize( Element authorize) + { + List<String> roles = new ArrayList<String>(); + NodeList children = authorize.getChildNodes(); + + int len = children.getLength(); + for( int i = 0 ; i < len; i++ ) + { + Node child = children.item(i); + if( child instanceof Element) + { + String nodeName = child.getNodeName(); + if( "unchecked".equals( nodeName) ) + { + roles.add(nodeName); + } + else if("role".equals(nodeName)) + { + roles.add(child.getChildNodes().item(0).getNodeValue()); + } + } + } + return roles; + } +} \ No newline at end of file Added: trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java =================================================================== --- trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java (rev 0) +++ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/xml/JBossWSSEFileParseTestCase.java 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,125 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.trust.jbossws.xml; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.InputStream; +import java.util.List; + +import org.junit.Test; +import org.picketlink.trust.jbossws.util.JBossWSSERoleExtractor; + +/** + * Unit test the parsing of the jboss-wsse.xml for the roles + * + * @author Anil.Saldhana(a)redhat.com + * @since Apr 11, 2011 + */ +public class JBossWSSEFileParseTestCase +{ + @Test + public void testUnchecked() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-unchecked.xml"); + assertNotNull(is); + + List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null); + assertNotNull(roles); + assertEquals( 1, roles.size()); + assertEquals( "unchecked", roles.get(0)); + } + + @Test + public void testRoles() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-roles.xml"); + assertNotNull(is); + + List<String> roles = JBossWSSERoleExtractor.getRoles(is, null, null); + assertNotNull(roles); + assertEquals( 2, roles.size()); + assertTrue( roles.contains("friend")); + assertTrue( roles.contains("family")); + } + + @Test + public void testRolesForPort() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml"); + assertNotNull(is); + + List<String> roles = JBossWSSERoleExtractor.getRoles(is, "TestPort", null); + assertNotNull(roles); + assertEquals( 1, roles.size()); + assertTrue( roles.contains("Trader")); + + is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml"); + assertNotNull(is); + roles = JBossWSSERoleExtractor.getRoles(is, "MaxiPort", null); + assertNotNull(roles); + assertEquals( 3, roles.size()); + assertTrue( roles.contains("Trader")); + assertTrue( roles.contains("friend")); + assertTrue( roles.contains("family")); + + is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-role.xml"); + assertNotNull(is); + roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null); + assertNotNull(roles); + assertEquals( 1, roles.size()); + assertTrue( roles.contains("Trader")); + } + + @Test + public void testRolesForPortOps() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml"); + assertNotNull(is); + + List<String> roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echoUnchecked"); + assertNotNull(roles); + assertEquals( 1, roles.size()); + assertTrue( roles.contains("unchecked")); + + is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml"); + assertNotNull(is); + roles = JBossWSSERoleExtractor.getRoles(is, "POJOBeanPort", "{http://ws.trust.test.picketlink.org/}echo"); + assertNotNull(roles); + assertEquals( 1, roles.size()); + assertTrue( roles.contains("JBossAdmin")); + + is = tcl.getResourceAsStream("jbossws/jboss-wsse/jboss-wsse-port-ops.xml"); + assertNotNull(is); + roles = JBossWSSERoleExtractor.getRoles(is, "NonExistingPort", null); + assertNotNull(roles); + assertEquals( 2, roles.size()); + assertTrue( roles.contains("friend")); + assertTrue( roles.contains("family")); + } +} \ No newline at end of file Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml =================================================================== --- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml (rev 0) +++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-ops.xml 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,30 @@ +<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.jboss.com/ws-security/config + http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> + + <config> + <authorize> + <role>friend</role> + <role>family</role> + </authorize> + </config> + + <port name="POJOBeanPort"> + <operation name="{http://ws.trust.test.picketlink.org/}echoUnchecked"> + <config> + <authorize> + <unchecked/> + </authorize> + </config> + </operation> + + <operation name="{http://ws.trust.test.picketlink.org/}echo"> + <config> + <authorize> + <role>JBossAdmin</role> + </authorize> + </config> + </operation> + </port> +</jboss-ws-security> \ No newline at end of file Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml =================================================================== --- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml (rev 0) +++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-port-role.xml 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,29 @@ +<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'> + + <config> + <authorize> + <role>Trader</role> + </authorize> + </config> + + <port name="TestPort"> + <config> + <authorize> + <role>Trader</role> + </authorize> + </config> + </port> + + <port name="MaxiPort"> + <config> + <authorize> + <role>Trader</role> + <role>friend</role> + <role>family</role> + </authorize> + </config> + </port> + +</jboss-ws-security> \ No newline at end of file Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml =================================================================== --- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml (rev 0) +++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-roles.xml 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,10 @@ +<jboss-ws-security> + + <config> + <authorize> + <role>friend</role> + <role>family</role> + </authorize> + </config> + +</jboss-ws-security> \ No newline at end of file Added: trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml =================================================================== --- trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml (rev 0) +++ trust/trunk/jbossws/src/test/resources/jbossws/jboss-wsse/jboss-wsse-unchecked.xml 2011-04-12 00:55:10 UTC (rev 872) @@ -0,0 +1,9 @@ +<jboss-ws-security> + + <config> + <authorize> + <unchecked/> + </authorize> + </config> + +</jboss-ws-security> \ No newline at end of file