Picketlink SVN: r448 - picketlink-seam.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-10-11 14:44:52 -0400 (Mon, 11 Oct 2010)
New Revision: 448
Added:
picketlink-seam/trunk/
Log:
PLFED-107: make seam module a tlp
13 years, 6 months
Picketlink SVN: r447 - /.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2010-10-11 14:42:31 -0400 (Mon, 11 Oct 2010)
New Revision: 447
Added:
picketlink-seam/
Log:
PLFED-107: make seam module a tlp
13 years, 6 months
Picketlink SVN: r446 - in trust/trunk: parent and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-08 16:05:00 -0400 (Fri, 08 Oct 2010)
New Revision: 446
Modified:
trust/trunk/jbossws-native/pom.xml
trust/trunk/parent/pom.xml
Log:
fixing version
Modified: trust/trunk/jbossws-native/pom.xml
===================================================================
--- trust/trunk/jbossws-native/pom.xml 2010-10-08 20:00:45 UTC (rev 445)
+++ trust/trunk/jbossws-native/pom.xml 2010-10-08 20:05:00 UTC (rev 446)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink</groupId>
<artifactId>picketlink-trust-parent</artifactId>
- <version>1.0.0-SNAPSHOT</version>
+ <version>1.0.0.CR1</version>
<relativePath>../parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: trust/trunk/parent/pom.xml
===================================================================
--- trust/trunk/parent/pom.xml 2010-10-08 20:00:45 UTC (rev 445)
+++ trust/trunk/parent/pom.xml 2010-10-08 20:05:00 UTC (rev 446)
@@ -8,7 +8,7 @@
<groupId>org.picketlink</groupId>
<artifactId>picketlink-trust-parent</artifactId>
<packaging>pom</packaging>
- <version>1.0.0-CR1</version>
+ <version>1.0.0.CR1</version>
<name>PicketLink Trust - Parent</name>
<url>http://labs.jboss.org/portal/picketlink/</url>
<description>PicketLink Trust integrates PicketLink with external projects</description>
13 years, 6 months
Picketlink SVN: r445 - trust/tags/1.0.0.CR1/parent.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-08 16:00:45 -0400 (Fri, 08 Oct 2010)
New Revision: 445
Modified:
trust/tags/1.0.0.CR1/parent/pom.xml
Log:
fixing version
Modified: trust/tags/1.0.0.CR1/parent/pom.xml
===================================================================
--- trust/tags/1.0.0.CR1/parent/pom.xml 2010-10-08 19:28:11 UTC (rev 444)
+++ trust/tags/1.0.0.CR1/parent/pom.xml 2010-10-08 20:00:45 UTC (rev 445)
@@ -8,7 +8,7 @@
<groupId>org.picketlink</groupId>
<artifactId>picketlink-trust-parent</artifactId>
<packaging>pom</packaging>
- <version>1.0.0-CR1</version>
+ <version>1.0.0.CR1</version>
<name>PicketLink Trust - Parent</name>
<url>http://labs.jboss.org/portal/picketlink/</url>
<description>PicketLink Trust integrates PicketLink with external projects</description>
13 years, 6 months
Picketlink SVN: r444 - trust/tags.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-08 15:28:11 -0400 (Fri, 08 Oct 2010)
New Revision: 444
Added:
trust/tags/1.0.0.CR1/
Log:
creating CR1 tag
Copied: trust/tags/1.0.0.CR1 (from rev 443, trust/trunk)
13 years, 6 months
Picketlink SVN: r443 - in trust/trunk: parent and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-08 15:26:00 -0400 (Fri, 08 Oct 2010)
New Revision: 443
Modified:
trust/trunk/parent/pom.xml
trust/trunk/pom.xml
Log:
preparing for CR1 tag
Modified: trust/trunk/parent/pom.xml
===================================================================
--- trust/trunk/parent/pom.xml 2010-10-08 19:12:18 UTC (rev 442)
+++ trust/trunk/parent/pom.xml 2010-10-08 19:26:00 UTC (rev 443)
@@ -8,7 +8,7 @@
<groupId>org.picketlink</groupId>
<artifactId>picketlink-trust-parent</artifactId>
<packaging>pom</packaging>
- <version>1.0.0-SNAPSHOT</version>
+ <version>1.0.0-CR1</version>
<name>PicketLink Trust - Parent</name>
<url>http://labs.jboss.org/portal/picketlink/</url>
<description>PicketLink Trust integrates PicketLink with external projects</description>
Modified: trust/trunk/pom.xml
===================================================================
--- trust/trunk/pom.xml 2010-10-08 19:12:18 UTC (rev 442)
+++ trust/trunk/pom.xml 2010-10-08 19:26:00 UTC (rev 443)
@@ -2,7 +2,7 @@
<parent>
<groupId>org.picketlink</groupId>
<artifactId>picketlink-trust-parent</artifactId>
- <version>1.0.0-SNAPSHOT</version>
+ <version>1.0.0.CR1</version>
<relativePath>parent</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
13 years, 6 months
Picketlink SVN: r442 - trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-08 15:12:18 -0400 (Fri, 08 Oct 2010)
New Revision: 442
Added:
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
Modified:
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java
Log:
Preparing CR
Added: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java (rev 0)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2010-10-08 19:12:18 UTC (rev 442)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+import javax.xml.ws.handler.MessageContext;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.ws.core.CommonMessageContext;
+import org.jboss.ws.core.soap.SOAPMessageImpl;
+import org.jboss.ws.extensions.security.Util;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer;
+import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.trust.jbossws.SAML2Constants;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * A SAMLv2 WS handler.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class SAML2Handler extends WSSecurityHandlerServer
+{
+
+ protected Logger log = Logger.getLogger(this.getClass());
+
+ /**
+ * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation.
+ */
+ protected boolean handleInbound(MessageContext msgContext)
+ {
+ CommonMessageContext ctx = (CommonMessageContext) msgContext;
+ SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage();
+
+ // retrieve the assertion
+ Document document = soapMessage.getSOAPPart();
+ Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
+ Element assertion = Util.findElement(soapHeader, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion"));
+ if (assertion != null)
+ {
+ SamlCredential credential = new SamlCredential(assertion);
+ Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject"));
+ Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID"));
+ String username = nameID.getNodeValue();
+ // set SecurityContext
+ Subject s = new Subject();
+ SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s);
+ SecurityActions.setSecurityContext(sc);
+ }
+
+ return true;
+ }
+
+ /**
+ * It expects a {@link Element} assertion as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property.
+ * This assertion is then included in the SOAP payload.
+ */
+ protected boolean handleOutbound(MessageContext msgContext)
+ {
+ CommonMessageContext ctx = (CommonMessageContext) msgContext;
+ SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage();
+
+ // retrieve assertion
+ Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
+
+ // add wsse header
+ Document document = soapMessage.getSOAPPart();
+ Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
+ SecurityHeader secHeader = new SecurityHeader(document);
+ try
+ {
+ Element wsse = secHeader.getElement();
+ wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1");
+ if (assertion != null)
+ {
+ // add the assertion as a child of the wsse header
+ wsse.appendChild(assertion);
+ }
+ soapHeader.insertBefore(wsse, soapHeader.getFirstChild());
+ }
+ catch (Exception e)
+ {
+ log.error(e);
+ return false;
+ }
+
+ return true;
+ }
+
+}
Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 18:00:50 UTC (rev 441)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-08 19:12:18 UTC (rev 442)
@@ -23,13 +23,7 @@
import javax.xml.ws.handler.MessageContext;
-import org.jboss.ws.core.CommonMessageContext;
-import org.jboss.ws.core.soap.SOAPMessageImpl;
-import org.jboss.ws.extensions.security.Util;
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer;
import org.picketlink.trust.jbossws.SAML2Constants;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
@@ -40,42 +34,17 @@
* @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
* @version $Revision: 1 $
*/
-public class SAML2HandlerClient extends WSSecurityHandlerServer
+public class SAML2HandlerClient extends SAML2Handler
{
protected boolean handleInbound(MessageContext msgContext)
{
- // FIXME handleInbound
return super.handleInbound(msgContext);
}
protected boolean handleOutbound(MessageContext msgContext)
{
- CommonMessageContext ctx = (CommonMessageContext) msgContext;
- SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage();
-
- // retrieve assertion
- Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
-
- // add wsse header
- Document document = soapMessage.getSOAPPart();
- Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
- SecurityHeader secHeader = new SecurityHeader(document);
- try
- {
- Element wsse = secHeader.getElement();
- wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1");
- // add the assertion as a child of the wsse header
- wsse.appendChild(assertion);
- soapHeader.insertBefore(wsse, soapHeader.getFirstChild());
- }
- catch (Exception e)
- {
- e.printStackTrace();
- return false;
- }
-
- return true;
+ return super.handleOutbound(msgContext);
}
}
Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-07 18:00:50 UTC (rev 441)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-08 19:12:18 UTC (rev 442)
@@ -21,21 +21,8 @@
*/
package org.picketlink.trust.jbossws.handler;
-import javax.security.auth.Subject;
-import javax.xml.namespace.QName;
import javax.xml.ws.handler.MessageContext;
-import org.jboss.security.SecurityContext;
-import org.jboss.ws.core.CommonMessageContext;
-import org.jboss.ws.core.soap.SOAPMessageImpl;
-import org.jboss.ws.extensions.security.Util;
-import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer;
-import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
-import org.picketlink.identity.federation.core.wstrust.SamlCredential;
-import org.picketlink.trust.jbossws.SAML2Constants;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
/**
* A server side WS handler.
* Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation.
@@ -43,39 +30,17 @@
* @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
* @version $Revision: 1 $
*/
-public class SAML2HandlerServer extends WSSecurityHandlerServer
+public class SAML2HandlerServer extends SAML2Handler
{
protected boolean handleInbound(MessageContext msgContext)
{
- CommonMessageContext ctx = (CommonMessageContext) msgContext;
- SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage();
-
- // retrieve the assertion
- Document document = soapMessage.getSOAPPart();
- Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement());
- Element assertion = Util.findElement(soapHeader, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion"));
- if (assertion != null)
- {
- SamlCredential credential = new SamlCredential(assertion);
- Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject"));
- Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID"));
- String username = nameID.getNodeValue();
- // set SecurityContext
- Subject s = new Subject();
- SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s);
- SecurityActions.setSecurityContext(sc);
- }
-
- return true;
+ return super.handleInbound(msgContext);
}
protected boolean handleOutbound(MessageContext msgContext)
{
- // FIXME handleOutbound
return super.handleOutbound(msgContext);
}
-
-
}
13 years, 6 months
Picketlink SVN: r441 - trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-07 14:00:50 -0400 (Thu, 07 Oct 2010)
New Revision: 441
Modified:
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java
Log:
includind the assertion in the context map instead of the saml credential
Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 15:14:24 UTC (rev 440)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 18:00:50 UTC (rev 441)
@@ -28,15 +28,14 @@
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer;
-import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.trust.jbossws.SAML2Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
* A client side WS handler.
- * It expects a {@link SamlCredential} as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property.
- * The assertion contained in the credential is then included in the SOAP payload.
+ * It expects a {@link Element} assertion as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property.
+ * This assertion is then included in the SOAP payload.
*
* @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
* @version $Revision: 1 $
@@ -56,7 +55,7 @@
SOAPMessageImpl soapMessage = (SOAPMessageImpl) ctx.getSOAPMessage();
// retrieve assertion
- SamlCredential credential = (SamlCredential) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
+ Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY);
// add wsse header
Document document = soapMessage.getSOAPPart();
@@ -64,7 +63,6 @@
SecurityHeader secHeader = new SecurityHeader(document);
try
{
- Element assertion = credential.getAssertionAsElement();
Element wsse = secHeader.getElement();
wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1");
// add the assertion as a child of the wsse header
13 years, 6 months
Picketlink SVN: r440 - trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-07 11:14:24 -0400 (Thu, 07 Oct 2010)
New Revision: 440
Added:
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
Log:
Added: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java (rev 0)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2010-10-07 15:14:24 UTC (rev 440)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.trust.jbossws.handler;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * Privileged actions.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+class SecurityActions
+{
+
+ static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject subject)
+ {
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ SecurityContext sc = null;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(p, cred, subject, "SAML2_HANDLER");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return sc;
+ }
+ });
+ }
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+}
13 years, 6 months
Picketlink SVN: r439 - in trust/trunk: jbossws-native and 2 other directories.
by picketlink-commits@lists.jboss.org
Author: mmoyses
Date: 2010-10-07 11:13:03 -0400 (Thu, 07 Oct 2010)
New Revision: 439
Added:
trust/trunk/README.txt
Modified:
trust/trunk/jbossws-native/pom.xml
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java
trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java
Log:
adding README
Added: trust/trunk/README.txt
===================================================================
--- trust/trunk/README.txt (rev 0)
+++ trust/trunk/README.txt 2010-10-07 15:13:03 UTC (rev 439)
@@ -0,0 +1,5 @@
+PicketLink Trust was created to house modules that deal with trust among external projects, especially using tokens provided by PicketLink STS.
+
+Modules:
+
+- jbossws-native: Provides handlers for integration of JBoss WS Native stack with SAML v2 tokens.
Modified: trust/trunk/jbossws-native/pom.xml
===================================================================
--- trust/trunk/jbossws-native/pom.xml 2010-10-07 12:21:45 UTC (rev 438)
+++ trust/trunk/jbossws-native/pom.xml 2010-10-07 15:13:03 UTC (rev 439)
@@ -57,7 +57,27 @@
<groupId>org.picketlink</groupId>
<artifactId>picketlink-bindings-jboss</artifactId>
<version>2.0.0-SNAPSHOT</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>jboss-security-spi</artifactId>
+ <groupId>org.jboss.security</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jbosssx</artifactId>
+ <groupId>org.jboss.security</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
+ <dependency>
+ <groupId>org.picketbox</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ <version>3.0.0.CR2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.picketbox</groupId>
+ <artifactId>jbosssx</artifactId>
+ <version>3.0.0.CR2</version>
+ </dependency>
</dependencies>
<reporting>
Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java 2010-10-07 12:21:45 UTC (rev 438)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java 2010-10-07 15:13:03 UTC (rev 439)
@@ -21,6 +21,12 @@
*/
package org.picketlink.trust.jbossws;
+/**
+ * Constants for the SAML2 profile.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
public interface SAML2Constants
{
Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 12:21:45 UTC (rev 438)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerClient.java 2010-10-07 15:13:03 UTC (rev 439)
@@ -33,6 +33,14 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+/**
+ * A client side WS handler.
+ * It expects a {@link SamlCredential} as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property.
+ * The assertion contained in the credential is then included in the SOAP payload.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
public class SAML2HandlerClient extends WSSecurityHandlerServer
{
Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java
===================================================================
--- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-07 12:21:45 UTC (rev 438)
+++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2HandlerServer.java 2010-10-07 15:13:03 UTC (rev 439)
@@ -21,23 +21,28 @@
*/
package org.picketlink.trust.jbossws.handler;
+import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.ws.handler.MessageContext;
+import org.jboss.security.SecurityContext;
import org.jboss.ws.core.CommonMessageContext;
import org.jboss.ws.core.soap.SOAPMessageImpl;
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer;
-import org.jboss.wsf.spi.SPIProvider;
-import org.jboss.wsf.spi.SPIProviderResolver;
-import org.jboss.wsf.spi.invocation.SecurityAdaptor;
-import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.trust.jbossws.SAML2Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+/**
+ * A server side WS handler.
+ * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation.
+ *
+ * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
public class SAML2HandlerServer extends WSSecurityHandlerServer
{
@@ -56,10 +61,10 @@
Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject"));
Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID"));
String username = nameID.getNodeValue();
- SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
- SecurityAdaptor securityAdaptor = spiProvider.getSPI(SecurityAdaptorFactory.class).newSecurityAdapter();
- securityAdaptor.setPrincipal(new PicketLinkPrincipal(username));
- securityAdaptor.setCredential(credential);
+ // set SecurityContext
+ Subject s = new Subject();
+ SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s);
+ SecurityActions.setSecurityContext(sc);
}
return true;
13 years, 6 months